Home › Forums › Identity Governance › Problem buiding Primary Principal in LDAP Connector
- This topic has 3 replies, 2 voices, and was last updated 1 year, 8 months ago by
Francisco Fernández.
-
AuthorPosts
-
August 28, 2020 at 7:26 am #1545
Francisco Fernández
ParticipantHello Forum!
I am evaluating OpenIAM but I am struggling trying to provision a user to OpenLDAP and/or Active Directory (have both). I have followed all the steps in the docs and have my both directories connected succesfully.
When I assign AD or LDAP resource to a user the process always fails in the same point:
2020-08-28 09:14:11.226 ERROR 26171 — [TaskExecutor-15] o.o.i.p.s.u.UpdateUserProvisionOperation : Can’t create login for target System=AD Managed System
org.openiam.exception.BasicDataServiceException: null
at org.openiam.idm.provisioning.builder.PrimaryPrincipalBuilder.buildLogin(PrimaryPrincipalBuilder.java:55) ~[classes!/:na]
at org.openiam.idm.provisioning.service.user.AbstractUserProvisionOperation.processIdentities(AbstractUserProvisionOperation.java:356) ~[classes!/:na]
(…continues)I tried to read that class decompiling it and it seems that the login field for the user was null… but I am not sure about this.
Can anyone throw a bit of light here?
Thanks in advaced,
Xisco.
August 31, 2020 at 3:21 am #1546suneet_shah
KeymasterHi Xisco,
The problem is most like in the policy map or one of the groovy scripts. Can you post your managed system configuration and policy map for either one of these and we can help you troubleshoot.
August 31, 2020 at 7:08 am #1547Francisco Fernández
ParticipantHi Suneet,
Thanks for your response. This is the status of the Managed System:
AD Managed System ACTIVE ldaps://vs01dc01.joopbox.local 23494@127.0.0.1 Last Date:08/31/2020 09:03:32
Here is the config for the Managed System:
Managed System Name: AD Managed System
Description:Active Directory Managed System
Active
URL: ldaps://vs01dc01.testnet.local
Port: 636
Password Policy: Defult Pwd Policy
Communication Protocol: SSL
Login Id: CN=adminiam,CN=Users,DC=testnet,DC=local
Password: ••••••
Object Primary Key for User: sAMAccountName
Base DN for User: OU=Usuarios,DC=testnet,DC=local
Search Base DN for User: OU=Usuarios,DC=testnet,DC=local
Search Filter for User: (&(objectclass=user)(sAMAccountName=?))
Object Primary Key for Group: cn
Base DN for Group: OU=Grupos,DC=testnet,DC=local
Search Base DN for Group: OU=Grupos,DC=testnet,DC=local
Search Filter for Group: (&(objectclass=user)(cn=?))
Search Scope: Subtree
Target System Type: ACTIVE DIRECTORY
Category: DIRECTORIESAttributes
Attribute Name MetaData Element Attribute Value Actions
MANAGER_FIELD_NAME manager
PASSWORD_FIELD_NAME unicodePwd
GROUP_MEMBERSHIP_ENABLED Y
INCLUDE_IN_PASSWORD_SYNC Y
ON_DELETE DELETE
MEMBER_FIELD_NAME memberAuthentication Providers
No Authentication Providers foundThe policy Map associated with this managed system is this one (the one comming with the default connector):
PRINCIPAL sAMAccountName POLICY ad-sAMAccountName STRING
USER accountExpires POLICY ad-accountExpires STRING
USER c POLICY ad-c STRING
USER cn POLICY ad-cn STRING
USER co POLICY ad-co STRING
USER company POLICY ad-company STRING
USER department POLICY ad-department STRING
USER displayName POLICY ad-displayName STRING
USER division POLICY ad-division STRING
USER employeeID POLICY ad-employeeId STRING
USER employeeNumber POLICY ad-employeeNumber STRING
USER employeeType POLICY ad-employeeType STRING
USER givenName POLICY ad-givenName STRING
USER homeDirectory POLICY ad-homeDirectory STRING
USER homeDrive POLICY ad-homeDrive STRING
USER initials POLICY ad-initials STRING
USER l POLICY ad-l STRING
USER mail POLICY ad-mail STRING
USER manager POLICY ad-manager STRING
USER memberOf POLICY ad-memberOf STRING
USER mobile POLICY ad-mobile STRING
USER objectClass POLICY ad-objectClass STRING
USER ou POLICY ad-ou STRING
USER postalCode POLICY ad-postalCode STRING
USER sn POLICY ad-sn STRING
USER st POLICY ad-st STRING
USER streetAddress POLICY ad-streetAddress STRING
USER telephoneNumber POLICY ad-telephoneNumber STRING
USER thumbnailPhoto POLICY ad-thumbnailPhoto STRING
USER title POLICY ad-title STRING
USER userPrincipalName POLICY ad-userPrincipalName STRING
PASSWORD unicodePwd POLICY ad-unicodePwd STRING
USER userAccountControl POLICY ad-userAccountControl STRINGI have not customized any of these mappings nor any groovy script.
If you need any other info I’ll be pleased to send it.
Thanks in advanced,
Xisco.
September 1, 2020 at 8:59 am #1551Francisco Fernández
ParticipantI have been doing a lot of testing, I we are going to let OpenIAM apart, it seems like community edition has no community at all, and it becomes some kind of useless.
Getting a look at the logs I see messages like:
idm.out:
2020-09-01 10:36:45.998 WARN 7866 — [cTaskExecutor-1] m.g.i.ConnectorRequestServiceGatewayImpl : LDAP_Connector_1.SEARCH API Response is not received from connector!/var/log/messages (error related to elasticsearch)
Sep 1 10:53:04 vs01iam01 elasticsearch: [2020-09-01 10:53:04,715][DEBUG][action.search ] [Boomslang] [2318] Failed to execute query phase
Sep 1 10:53:04 vs01iam01 elasticsearch: RemoteTransportException[[Boomslang][127.0.0.1:9300][indices:data/read/search[phase/scan/scroll]]]; nested: SearchContextMissingException[No search context found for id [2318]];
Sep 1 10:53:04 vs01iam01 elasticsearch: Caused by: SearchContextMissingException[No search context found for id [2318]]
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.search.SearchService.findContext(SearchService.java:626)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.search.SearchService.executeScan(SearchService.java:318)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.search.action.SearchServiceTransportAction$SearchScanScrollTransportHandler.messageReceived(SearchServiceTransportAction.java:433)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.search.action.SearchServiceTransportAction$SearchScanScrollTransportHandler.messageReceived(SearchServiceTransportAction.java:430)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:77)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:378)
Sep 1 10:53:04 vs01iam01 elasticsearch: at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
Sep 1 10:53:04 vs01iam01 elasticsearch: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Sep 1 10:53:04 vs01iam01 elasticsearch: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Sep 1 10:53:04 vs01iam01 elasticsearch: at java.lang.Thread.run(Thread.java:748)Can’t find sources of information regarding these errors… this is getting a little frustrating, so I give up till next version (crossing my fingers…)
-
AuthorPosts
- You must be logged in to reply to this topic.