Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-1472

LDAP Connector: Data not synced from AD to IDM via livesync on __ALL__ object

    XMLWordPrintable

Details

    Description

      This was found failing in our Pyforge tests since the changes for OPENICF-1466 were merged https://stash.forgerock.org/projects/OPENICF/repos/connectors/commits/e51506e279a0abdc24fd4f1c9b03aa3183677a0b

      It is currently affecting the latest LDAP connector 1.5.20.0-SNAPSHOT.

      The latest release version of LDAP connector 1.5.19.1 is not affected and works as expected.

      The problem I see in the IDM log is that sync action cannot find a User and Group objects to synchronize:

      [230] Nov 30, 2020 11:58:13.325 AM org.slf4j.impl.JDK14LoggerAdapter fillCallerData
      FINE: Enter: sync(ObjectClass: __ALL__, SyncToken: 35495586, org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$LiveSyncResultsHandler@79891de3, OperationOptions: {ATTRS_TO_GET:[],CAUD_TRANSACTION_ID:abc2bf3f-2b93-49da-ae49-84ab64ec4340-1722/2})%09Method: sync
      [325] Nov 30, 2020 11:58:13.396 AM org.identityconnectors.ldap.search.LdapInternalSearch execute
      FINE: Searching in [OU=RobotTests2020_11_30_11_56_58,DC=ad,DC=idm-robot-windows,DC=com] with filter (&(uSNChanged>=35495587)(&(objectClass=user)(objectClass=group))) and SearchControls: {returningAttributes=[*, msDS-User-Account-Control-Computed], scope=SUBTREE}%09Method: doSearch
      [230] Nov 30, 2020 11:58:13.599 AM org.slf4j.impl.JDK14LoggerAdapter fillCallerData
      FINE: Return: SyncToken: 35495612%09Method: sync
      

      Where with the previous working LDAP connector the same action in IDM log displays:

      [229] Nov 30, 2020 12:04:38.656 PM org.slf4j.impl.JDK14LoggerAdapter fillCallerData
      FINE: Enter: sync(ObjectClass: __ALL__, SyncToken: 35495633, org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$LiveSyncResultsHandler@21edce46, OperationOptions: {ATTRS_TO_GET:[],CAUD_TRANSACTION_ID:ab03214a-4699-4866-af6c-e5120d7cf2d3-1702/2})%09Method: sync
      [325] Nov 30, 2020 12:04:38.723 PM org.identityconnectors.ldap.search.LdapInternalSearch execute
      FINE: Searching in [OU=RobotTests2020_11_30_12_03_29,DC=ad,DC=idm-robot-windows,DC=com] with filter (&(uSNChanged>=35495634)(|(objectClass=user)(objectClass=group))) and SearchControls: {returningAttributes=[*, msDS-User-Account-Control-Computed], scope=SUBTREE}%09Method: doSearch
      [325] Nov 30, 2020 12:04:38.789 PM org.identityconnectors.ldap.sync.activedirectory.ActiveDirectoryChangeLogSyncStrategy$1 handle
      INFO: Account ObjectClass found based on objectClass attribute value: user%09Method: guessObjectClass
      [325] Nov 30, 2020 12:04:38.794 PM org.identityconnectors.ldap.sync.activedirectory.ActiveDirectoryChangeLogSyncStrategy$1 handle
      INFO: Group ObjectClass found based on objectClass attribute value: group%09Method: guessObjectClass
      ...
      [229] Nov 30, 2020 12:04:39.502 PM org.slf4j.impl.JDK14LoggerAdapter fillCallerData
      FINE: Return: SyncToken: 35495658%09Method: sync
      

      Attachments

        1. openidm0-failed.log.0
          296 kB
        2. openidm0-passed.log.0
          328 kB
        3. provisioner.openicf-ldap.json
          22 kB
        4. sync.json
          8 kB

        Issue Links

          Activity

            People

              gael Gael Allioux
              son.nguyen Son Nguyen
              Son Nguyen Son Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: