Automic Workload Automation

Expand all | Collapse all

LdapSync

Anon Anon

Anon AnonFeb 29, 2016 09:27 AM

Larry Halseth

Larry HalsethMay 14, 2019 03:06 PM

  • 1.  LdapSync

    Posted Feb 26, 2016 12:49 PM
    We just started syncing our users with LDAP using the LDAP sync, but we have run into an issue where it works on some clients, but not others. Client 20 for instance works, but client 10 hosted by the same server does not.

    2016-02-26 11:33:20.033 [main] c.a.s.l.s.AESynchronizationStep          INFO   Start synchronizing users to AE client 10
    2016-02-26 11:33:20.048 [main] c.a.s.l.LDAPSynchronizer                 ERROR  Could not able to get data from ldap server, this ldap connection may not have authorization on target BaseDn com.automic.sara.ldapsync.exceptions.SynchronizationException: Could not able to get data from ldap server, this ldap connection may not have authorization on target BaseDn
            at com.automic.sara.ldapsync.steps.AESynchronizationStep.init(AESynchronizationStep.java:60) ~[ldapsync.jar:1.0]
            at com.automic.sara.ldapsync.steps.BaseSynchronizationStep.execute(BaseSynchronizationStep.java:98) ~[ldapsync.jar:1.0]
            at com.automic.sara.ldapsync.SynchronizationStepChain.execute(SynchronizationStepChain.java:31) ~[ldapsync.jar:1.0]
            at com.automic.sara.ldapsync.LDAPSynchronizer.run(LDAPSynchronizer.java:59) [ldapsync.jar:1.0]
            at com.automic.sara.ldapsync.LDAPSynchronizer.main(LDAPSynchronizer.java:28) [ldapsync.jar:1.0]
    2016-02-26 11:33:20.048 [down] c.a.s.l.s.FinalizeStep                   INFO   ==================
    2016-02-26 11:33:20.048 [down] c.a.s.l.s.FinalizeStep                   INFO   LDAP SYNC finished (FAIL)
    2016-02-26 11:33:20.048 [down] c.a.s.l.s.FinalizeStep                   INFO   TOTAL TIME: 2128 miliseconds



  • 2.  LdapSync

    Posted Feb 26, 2016 01:33 PM
    Hard to say, but we saw issues with LDAP because of F5 issues.  Depending on which F5 server the LDAP query hit - it would work sometimes, but not others.  It was a security thing, although I don't know the specifics.  

    That's weird that it is only 1 client.  That could just be coincidence though.  One way to tell for sure is to limit your system to a single CP and single WP.  Then you could confirm that it never gets into client 20.  I am unaware of anything that would prevent a single client from not being able to use LDAP since the UC_LDAP_* entry is in client 0 - it should work for all clients.

    I'm not really an LDAP person - just throwing out some ideas.


  • 3.  LdapSync

    Posted Feb 26, 2016 01:42 PM
    It is not the LDAP setting on the individual user it is the command line utility that takes users from AD and places them in groups and Automic clients. Once an ID is created in AD it automatically gets created in Automic. I'm not sure we are talking about the same thing. :)


  • 4.  LdapSync

    Posted Feb 26, 2016 03:15 PM
    No, we're not.  But that sounds very cool!  I'd like to get that working on my system!  Less maintenance!  


  • 5.  LdapSync

    Posted Feb 29, 2016 09:27 AM
    It is fantastic when it works  :D


  • 6.  LdapSync

    Posted Feb 29, 2016 09:51 PM
    With the Ldapsync; it normally come with a "default.xml" file and a "Client_10.xml" file.  The issue with this was that all the other client was using the default.xml file but since the sample "Client_10.xml" file was still in the Clients folder, it was cause of FBIV issue.


  • 7.  LdapSync

    Posted Mar 01, 2016 09:04 AM
    It works great for us Laura. Happy to send you the xml files etc if you are interested.


  • 8.  LdapSync

    Posted Mar 11, 2016 05:41 PM
    Hello FBIV,

    It would be nice if you could send the specifics of how to setup and the sample XML document, that would be great.  Like @Laura Albrecht said it would eliminate maintenance for us.  


  • 9.  LdapSync

    Posted Mar 11, 2016 05:42 PM
    Hello FBIV,

    Can you share the specifics of how to setup and a sample XML document, which would help us?



  • 10.  LdapSync

    Posted Mar 16, 2016 01:22 AM
    Ramanujam_Paravastu_6362 

    The setup instruction on how to setup can be found here.  For this, it is pretty thorough with example within the doc and in my opinion does a pretty decent job outline each step - and what to configure for each of the require configuration XML.

    The LDAPSync.xml, defaults.xml  are the two main xml that you will use for your configuration.
    The client_[client number].xml will be optional, if you want a particular client have different setting (and don't want to use the setting that was set within the defaults.xml.

    This link to the Integration Guide is a great place to start, and I would recommend taking a look and the example of all the configuration it have within it, and let us know if you have any questions regarding it.


  • 11.  Re: LdapSync

    Posted May 14, 2019 03:06 PM

    Did you ever get an answer about this error?



  • 12.  Re: LdapSync

    Posted May 14, 2019 04:23 PM

    No, but I was able to rectify the issue.

     

    On Tue, May 14, 2019, 2:07 PM LarryHalseth607387 <



  • 13.  Re: LdapSync

    Posted May 15, 2019 06:25 AM

    Hi, just wondering what was the resolution? We had a similar issue when testing that the wrong LDAP group name was specified in the group mapping section of the client xml causing a connection error with LDAP. Once we updated using the correct LDAP group name it worked fine. 

    Thanks

    Tony



  • 14.  Re: LdapSync

    Posted May 15, 2019 09:25 AM

    I had an incorrect baseDN, by working with my security/identity team  I was able to correct this.

     

    Larry Halseth

    SE2, Prod Support Analyst IV

    (o)785.438.3212 (m)785.380.4272