It's all about the answers!

Ask a question

LDAP nightly sync task is not synchronizing user from LDAP to JTS and it was working fine before from last 1 year.


Raj Kapoor (2741930) | asked May 22 '13, 2:24 a.m.
edited May 22 '13, 2:28 a.m.
CLM version-3.0.1

 LDAP sync is not synchronizing user from LDAP to JTS.
.                                                                       
Problem description                                                     
LDAP sync is not synchronizing user from LDAP to JTS.                   
2.Users are present in LDAP and I can import them through JTS GUI.      
3.After running script, it says                                         
User synchronization has been successfully requested and is running in  
the background. Progress can be tracked using the feed at 'https://www. 
pd-dv.jlrint.com/jts/events?provider=ldapnightlysync'.                  
                                                                        
4. After running https://www.pd-dv.jlrint.com/jts/events?               
provider=ldapnightlysync, I am getting following messages-              
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.       
org/2005/Atom" xmlns:syndication="http://www.ibm.com/jazz/0.1.0         
/syndication"><id>urn:uuid:_UpGqEWnEEeGaX6SweNS8wQ</id><title type="    
html">User records changed by LDAP nightly sync                         
task</title><updated>2013-05-22T06:08:49Z</updated><entry><id>urn:uuid: 
__FBUcbonEeKRduv9pxCsvg</id><title type="html">CRJAZ1329E The user      
&quot;CN=S-1-5-21-996065124-1290041856-3981285745-102416,               
CN=ForeignSecurityPrincipals,O=ford,C=US&quot; does not exist in LDAP   
directory.</title><updated>2013-05-11T11:46:                            
07Z</updated><author><name>ADMIN</name><email>ADMIN</email></author><sum
mary type="html">CRJAZ1330E The user &quot;CN=S-1-5-21-996065124-       
1290041856-3981285745-102416,CN=ForeignSecurityPrincipals,O=ford,       
C=US&quot; is a member of one of the Jazz groups in the LDAP directory  
but the LDAP person record does not exist.</summary><link href="/       
{unknown}" /><category term="LDAPNightlySync" /><syndication:           
repositoryId type="text">_UpGqEWnEEeGaX6SweNS8wQ</syndication:          
repositoryId><syndication:Action type="text">Dangling</syndication:     
Action><syndication:modified type="text">2013-05-11T11:46:              
07Z</syndication:modified><syndication:publicUri type="text">https:     
//www.pd-dv.jlrint.com/jts/</syndication:publicUri><syndication:        
repositoryURL type="text">https://www.pd-dv.jlrint.                     
com/jts/</syndication:repositoryURL></entry><entry>            
	
	

Comments
1
Karl Weinert commented May 22 '13, 12:38 p.m.
JAZZ DEVELOPER

That looks like a user from a trusted domain has been added to one of the Jazz Groups. I'm not sure how RTC works with domain trusts so I'll make this as a comment and maybe someone else can follow up with the correct procedure if there is one.

I found a post that suggests it may not work but it is a bit old so may be out of date.
https://jazz.net/forum/questions/43427/ldap-configuration-with-trusted-domains

4 answers



permanent link
Josh Crawford (984615) | answered May 22 '13, 9:12 a.m.
 Hi Raj,  that user ID cannot be resolved for some reason.  If you notice the Ldap sync is pulling the SID of the user and not an actual user ID.  You may need to work with your AD administrator to determine why this might be.  I'd suggest using a command like:
wmic useraccount get name,sid | findstr <sid of user> to see if the ldap registry can even resolve the user. 

You can also get more verbose information from the nightly ldap sync task using the log4j debugging options in the jts log4j.properties file.  



Comments
Kot T. commented May 22 '13, 11:09 a.m.
JAZZ DEVELOPER

Is "CN=S-1-5-21-996065124-1290041856-3981285745-102416,CN=ForeignSecurityPrincipals,O=ford,C=US" a valid distinguish name of a user in LDAP?

The message indicates this user is a member of the jazz group which means it is listed as a value of the 'member' attribute of one of the jazz groups (assuming this is AD), but when searching for this user, it cannot find it. The LDAP settings in JTS advanced properties page to be reviewed are..
  ==> Base User DN
  ==> Find Users by User Id Qeury
  ==> User Search Object class filter


permanent link
Raj Kapoor (2741930) | answered May 28 '13, 10:00 a.m.
 Hi,

I got an answer in an end.
When users are many then LDAP sync starts failing as it can sync 1500 users at a time, so enable range retrieval as true and things will work fine.

permanent link
VK L (8177154159) | answered May 22 '13, 5:59 a.m.
 Hi Raj,
              Are there missing users between LDAP and JTS? This posted error message is just for the ADMIN User - as it would have been removed on JTS during installation.

Thanks.

Comments
Raj Kapoor commented May 22 '13, 8:02 a.m.

 Hi,


But why users are not getting Sync with JTS as users are present in LDAP under right group.

I can import users but importing each and every users is not possible.
manually running script doesn't throw any error but it also doesn't perform the job of syncing user


Gayathri Vikraman commented Feb 17 '14, 3:26 a.m.

User sync between LDAP and JTS is not occurring all at ones. There is a huge difference between the LDAP count and that of JTS. Each day JTS is updating only 5 to 10 users and then it stops.

How to solve this behavior? Please help...


permanent link
Canberk Akduygu (99237371) | answered Feb 17 '14, 4:24 a.m.
We have a similar problem where JTS and other applications were synched with LDAP for the first days of the configuration. Then it stopped working and right now only JTS is synch with LDAP. The other applications are not synched. We need to import them manually.

We have some help from IBM Support and we able to import some of the users bu using POST command but we couldnt solve the main problem

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.