Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-6922

AD Sync not working when using adDirSync strategy

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 4.2
    • 4.5
    • Connectors
    • None
    • No subscription (community)

    Description

      When using the adDirSync synchronisation strategy, changes are not being propagated to midpoint. In the log, we can see that the changes are picked up by the connector:

       

      2021-03-08 17:11:50,199 [] [Thread-242949] TRACE (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Converting identifier to ICF: objectGUID (syntax 2.5.5.10, value class org.apache.directory.api.ldap.model.entry.Value): explicit binary
2021-03-08 17:11:50,201 [] [Thread-242949] TRACE (com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy): method: null msg:Got target entry based on dirSync, targetUid=c6093106-71a8-4f92-985e-d099f477effd:
null
2021-03-08 17:11:50,201 [] [Thread-242949] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://dmu04.rsint.net/ Search(DirSync) RES Entry
 dn: CN=SXXX_F,OU=XXXX,OU=XX,OU=XXXX,DC=XXXX,DC=net
objectGUID: 0xE0 0x6A 0x1F 0x58 0x0C 0xF5 0xE5 0x40 0x80 0xAE 0xC2 0x53 0x6B 0xCA 0x85 0x8D
 instanceType: 4
 lastLogonTimestamp: 132596932934045600
2021-03-08 17:11:50,201 [] [Thread-242949] TRACE (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Converting identifier to ICF: objectGUID (syntax 2.5.5.10, value class org.apache.directory.api.ldap.model.entry.Value): explicit binary

       

       

      The value null above corresponds to targetEntry. Which causes the entry to be ignored:

      deltaBuilder.setDeltaType(SyncDeltaType.CREATE_OR_UPDATE);
                        Entry targetEntry = LdapUtil.fetchEntryByUid(connection, targetUid, ldapObjectClass, options, getConfiguration(), getSchemaTranslator(), getErrorHandler());
                        LOG.ok("Got target entry based on dirSync, targetUid={0}:\n{1}", targetUid, targetEntry);
                        if (targetEntry == null) {
                            // The entry may not exist any more. Maybe it was already deleted.
                            // Then it may be OK to just ignore this event. The related DELETE event
                            // should be detected separately.
                            continue;
                        }

      Unfortunately, there is no logging in LdapUtil.fetchEntryByUid to see where it's going wrong. The entry is not deleted (which is assumed according to the comment lines). 

      Please let me know if this is just a configuration issue. However, some logging would be helpful. 

      Chris.

      Attachments

        Activity

          People

            chris83527 Chris Woods
            chris83527 Chris Woods
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: