You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by alireza ranjbaran <ra...@gmail.com> on 2018/09/05 16:58:34 UTC
Active Directory INCREMENTAL pull task (sync) does not work
Hi,
I have an AD connector that works fine with FULL_RECONCILIATION pull
tasks. But it does not works with INCREMENTAL pull task. I did below steps:
- Created AD incremental pull task (allow update)
- Run the pull task
- modified some attributes in Active Directory directly (the attributes
that mapped to one of internal sachems)
- run the pull task again after some times but it does not sync any think
I added my user to "Evant Log Readers" but it did not work again. Have I
done something wrong?
Re: Active Directory INCREMENTAL pull task (sync) does not work
Posted by Alireza Ranjbaran <ra...@gmail.com>.
Hi dears,
Here is the log of connid:
------------------------------------------------------------------------------------------------
[2018-09-14T15:50:24.719]
org.identityconnectors.framework.api.operations.ValidateApiOp
Return: null Method: validate
[2018-09-14T15:50:24.719]
org.identityconnectors.framework.api.operations.TestApiOp
Enter: test() Method: test
[2018-09-14T15:50:24.722]
org.identityconnectors.framework.spi.operations.TestOp
Enter: test() Method: test
[2018-09-14T15:50:24.723]
org.identityconnectors.framework.spi.operations.TestOp
Return Method: test
[2018-09-14T15:50:24.723]
org.identityconnectors.framework.api.operations.TestApiOp
Return: null Method: test
[2018-09-14T15:50:33.025]
org.identityconnectors.framework.api.operations.SyncApiOp
Enter: sync(ObjectClass: __ACCOUNT__, null,
org.apache.syncope.core.provisioning.java.pushpull.DefaultUserPullResultHandler@54932a33,
OperationOptions:
{ATTRS_TO_GET:[__PASSWORD__,st,physicalDeliveryOfficeName,manager,mail,sAMAccountName,displayName,givenName,mobile,distinguishedName...]})
Method: sync
[2018-09-14T15:50:33.027]
org.identityconnectors.framework.spi.operations.SyncOp
Enter: sync(ObjectClass: __ACCOUNT__, null,
org.identityconnectors.framework.impl.api.local.operations.SyncImpl$1@1070dd50,
OperationOptions:
{ATTRS_TO_GET:[__PASSWORD__,st,physicalDeliveryOfficeName,manager,mail,sAMAccountName,displayName,givenName,mobile,distinguishedName...]})
Method: sync
[2018-09-14T15:50:33.027] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Synchronization with empty token. Method: sync
[2018-09-14T15:50:33.239] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Searching from DC=internaldomain,DC=ir Method: search
[2018-09-14T15:50:37.667] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Response Controls: 1 Method: search
[2018-09-14T15:50:37.667] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Latest sync token set to SyncToken: [B@1eb7312e Method: search
[2018-09-14T15:50:37.667]
org.identityconnectors.framework.spi.operations.SyncOp
Return Method: sync
[2018-09-14T15:50:37.667]
org.identityconnectors.framework.api.operations.SyncApiOp
Return: null Method: sync
[2018-09-14T15:50:37.672]
org.identityconnectors.framework.api.operations.ValidateApiOp
Enter: validate() Method: validate
[2018-09-14T15:50:37.674]
org.identityconnectors.framework.api.operations.ValidateApiOp
Return: null Method: validate
[2018-09-14T15:50:37.675]
org.identityconnectors.framework.api.operations.SyncApiOp
Enter: sync(ObjectClass: __GROUP__, null,
org.apache.syncope.core.provisioning.java.pushpull.DefaultGroupPullResultHandler@45187308,
OperationOptions:
{ATTRS_TO_GET:[sAMAccountName,member,distinguishedName,__NAME__,__UID__,__ENABLE__]})
Method: sync
[2018-09-14T15:50:37.679]
org.identityconnectors.framework.spi.operations.SyncOp
Enter: sync(ObjectClass: __GROUP__, null,
org.identityconnectors.framework.impl.api.local.operations.SyncImpl$1@131a96c,
OperationOptions:
{ATTRS_TO_GET:[sAMAccountName,member,distinguishedName,__NAME__,__UID__,__ENABLE__]})
Method: sync
[2018-09-14T15:50:37.679] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Synchronization with empty token. Method: sync
[2018-09-14T15:50:37.886] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Searching from DC=internaldomain,DC=ir Method: search
[2018-09-14T15:50:42.236] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Response Controls: 1 Method: search
[2018-09-14T15:50:42.237] net.tirasa.connid.bundles.ad.sync.ADSyncStrategy
Latest sync token set to SyncToken: [B@ff6573a Method: search
[2018-09-14T15:50:42.237]
org.identityconnectors.framework.spi.operations.SyncOp
Return Method: sync
[2018-09-14T15:50:42.237]
org.identityconnectors.framework.api.operations.SyncApiOp
Return: null Method: sync
[2018-09-14T15:50:42.242]
org.identityconnectors.framework.api.operations.ValidateApiOp
Enter: validate() Method: validate
[2018-09-14T15:50:42.243]
org.identityconnectors.framework.api.operations.ValidateApiOp
Return: null Method: validate
---------------------------------------------------------------------------------------------
is it normal validate method of ValidateApiOp returns null?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Active Directory INCREMENTAL pull task (sync) does not work
Posted by Alireza Ranjbaran <ra...@gmail.com>.
Dear Fabio,
Please have below info:
1. what is the version of your AD?
47
2. did you provide filters (custom/membership) in AD connector
configuration?
No filter.
3.did you see something strange into the log files?
In INCREMENTAL pull No.
But I see something strange: when I run FULL_RECONCILIATION pull task, after
finish the task, Syncope tries to overwrite users' attributes in Active
Directory. So after finishing FULL_RECONCILIATION pull task we see a lot of
propagation task that has been run.
4. are you using the connector from an IdM? In case, which one?
ConnID AD 1.3.4
5. what do you mean with "I added my user to "Evant Log Readers" but it
did not work again"?
My Principal user is not Active Directory admin. I assume that may connector
reads Event Logs to detect which users/groups has modified and may I have
some permission issues...
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Active Directory INCREMENTAL pull task (sync) does not work
Posted by Fabio Martelli <fa...@gmail.com>.
Il 05/09/2018 18:58, alireza ranjbaran ha scritto:
> Hi,
>
> I have an AD connector that works fine with FULL_RECONCILIATION pull
> tasks. But it does not works with INCREMENTAL pull task. I did below
> steps:
>
> * Created AD incremental pull task (allow update)
> * Run the pull task
> * modified some attributes in Active Directory directly (the
> attributes that mapped to one of internal sachems)
> * run the pull task again after some times but it does not sync any
> think
>
>
> I added my user to "Evant Log Readers" but it did not work again. Have
> I done something wrong?
> /
>
> /
Hi Alireza, few questions:
1. what is the version of your AD?
2. did you provide filters (custom/membership) in AD connector
configuration?
3. did you see something strange into the log files?
4. are you using the connector from an IdM? In case, which one?
5. what do you mean with "I added my user to "Evant Log Readers" but it
did not work again"?
Regards,
F.
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm
Apache Syncope PMC
http://people.apache.org/~fmartelli/