LDAP nightly sync task is not synchronizing user from LDAP to JTS and it was working fine before from last 1 year.
CLM version-3.0.1
LDAP sync is not synchronizing user from LDAP to JTS.
.
Problem description
LDAP sync is not synchronizing user from LDAP to JTS.
2.Users are present in LDAP and I can import them through JTS GUI.
3.After running script, it says
User synchronization has been successfully requested and is running in
the background. Progress can be tracked using the feed at 'https://www.
pd-dv.jlrint.com/jts/events?provider=ldapnightlysync'.
4. After running https://www.pd-dv.jlrint.com/jts/events?
provider=ldapnightlysync, I am getting following messages-
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.
org/2005/Atom" xmlns:syndication="http://www.ibm.com/jazz/0.1.0
/syndication"><id>urn:uuid:_UpGqEWnEEeGaX6SweNS8wQ</id><title type="
html">User records changed by LDAP nightly sync
task</title><updated>2013-05-22T06:08:49Z</updated><entry><id>urn:uuid:
__FBUcbonEeKRduv9pxCsvg</id><title type="html">CRJAZ1329E The user
"CN=S-1-5-21-996065124-1290041856-3981285745-102416,
CN=ForeignSecurityPrincipals,O=ford,C=US" does not exist in LDAP
directory.</title><updated>2013-05-11T11:46:
07Z</updated><author><name>ADMIN</name><email>ADMIN</email></author><sum
mary type="html">CRJAZ1330E The user "CN=S-1-5-21-996065124-
1290041856-3981285745-102416,CN=ForeignSecurityPrincipals,O=ford,
C=US" is a member of one of the Jazz groups in the LDAP directory
but the LDAP person record does not exist.</summary><link href="/
{unknown}" /><category term="LDAPNightlySync" /><syndication:
repositoryId type="text">_UpGqEWnEEeGaX6SweNS8wQ</syndication:
repositoryId><syndication:Action type="text">Dangling</syndication:
Action><syndication:modified type="text">2013-05-11T11:46:
07Z</syndication:modified><syndication:publicUri type="text">https:
//www.pd-dv.jlrint.com/jts/</syndication:publicUri><syndication:
repositoryURL type="text">https://www.pd-dv.jlrint.
com/jts/</syndication:repositoryURL></entry><entry>
4 answers
Hi Raj, that user ID cannot be resolved for some reason. If you notice the Ldap sync is pulling the SID of the user and not an actual user ID. You may need to work with your AD administrator to determine why this might be. I'd suggest using a command like:
wmic useraccount get name,sid | findstr <sid of user> to see if the ldap registry can even resolve the user.
wmic useraccount get name,sid | findstr <sid of user> to see if the ldap registry can even resolve the user.
You can also get more verbose information from the nightly ldap sync task using the log4j debugging options in the jts log4j.properties file.
Comments
Is "CN=S-1-5-21-996065124-1290041856-3981285745-102416,CN=ForeignSecurityPrincipals,O=ford,C=US" a valid distinguish name of a user in LDAP?
The message indicates this user is a member of the jazz group which means it is listed as a value of the 'member' attribute of one of the jazz groups (assuming this is AD), but when searching for this user, it cannot find it. The LDAP settings in JTS advanced properties page to be reviewed are..
==> Base User DN
==> Find Users by User Id Qeury
==> User Search Object class filter
Hi Raj,
Are there missing users between LDAP and JTS? This posted error message is just for the ADMIN User - as it would have been removed on JTS during installation.
Thanks.
Comments
Hi,
But why users are not getting Sync with JTS as users are present in LDAP under right group.
I can import users but importing each and every users is not possible.
manually running script doesn't throw any error but it also doesn't perform the job of syncing user
User sync between LDAP and JTS is not occurring all at ones. There is a huge difference between the LDAP count and that of JTS. Each day JTS is updating only 5 to 10 users and then it stops.
How to solve this behavior? Please help...
We have a similar problem where JTS and other applications were synched with LDAP for the first days of the configuration. Then it stopped working and right now only JTS is synch with LDAP. The other applications are not synched. We need to import them manually.
We have some help from IBM Support and we able to import some of the users bu using POST command but we couldnt solve the main problem
We have some help from IBM Support and we able to import some of the users bu using POST command but we couldnt solve the main problem
Comments
Karl Weinert
JAZZ DEVELOPER May 22 '13, 12:38 p.m.That looks like a user from a trusted domain has been added to one of the Jazz Groups. I'm not sure how RTC works with domain trusts so I'll make this as a comment and maybe someone else can follow up with the correct procedure if there is one.
I found a post that suggests it may not work but it is a bit old so may be out of date.
https://jazz.net/forum/questions/43427/ldap-configuration-with-trusted-domains
1 vote