Return to Jive Software

Up to Discussions in Support
881 Views 17 Replies Last post: Oct 17, 2008 11:59 AM by Sean Moran RSS
Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated

Oct 2, 2008 11:15 AM

Re-synch with LDAP

When we originally installed CS, it loaded in all the users from our Active Directory.

 

A number of new users, have been added, new starters etc.

 

How do I re-synch, or update the CS DB with the new users?

 

Thanks,

Will French Jive Employee
Will French
3,867 posts since
Nov 2, 2004
Currently Being Moderated
Oct 2, 2008 4:29 PM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

Which version are you running?

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 3, 2008 12:28 AM in response to: Will French
Re: Re-synch with LDAP

Clearspace 2.5.1

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 3, 2008 8:21 AM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

You can run the LDAP Sync task from the admin console by navigating to 'People'->'Settings'->'User Data Synchronization Settings'. This page holds the settings for the ldap sync, and allows you to manually run the sync.

 

If this isn't accomplishing what you're after please let me know and we'll get to the bottom of the issue.

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 6, 2008 3:00 AM in response to: Sean Moran
Re: Re-synch with LDAP

Hi,

 

I've tried this.

 

It doesn't do anything. It thinks for a while, then comes back and says everything was 0.

 

Martin

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 6, 2008 9:37 AM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

Could you try rerunning the sync again. Once that completes could you attach the contents of your jiveHome/logs directory? I'm curious to see if there are any errors that are preventing the sync from performing correctly.

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 6, 2008 9:51 AM in response to: Sean Moran
Re: Re-synch with LDAP

Here's what it says when I run the re-synch

 

"Synchronization is complete. 0 names synced, 0 profiles synced, 0 relationships synced, 0 users disabled, out of 0 users total."

 

This is in the Audit lo viewer:

 

Details: public void com.jivesoftware.community.action.admin.UserDataSyncSettingsAction.runTask() called

Node: 10.11.18.200

 

It doesn't appear to have put anything in the error log.  I deleted it before I started, and now it's empty after the re-run.

 

Although trying to view it through the admin interface gives an error. Maybe that's because the file isn't there anymore?

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 6, 2008 2:46 PM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hey Martin,

 

What's the error you're seeing in the admin console? Does the actual file in jiveHome/logs exist? Does it have any data in it? When you cleared the logs, did you actually remove clearspace.log?

 

Also could you tell me what app server you're running? We may be able to retrieve the errors by getting the app server's standard output logs.

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 8, 2008 4:03 AM in response to: Sean Moran
Re: Re-synch with LDAP

I replaced the log with an empty file, although it still doesn't write anything to the log.

 

Which tomcat log is the relevant one?  I looked at catalina.out it had a mark in it which i'd added from the log page on clearspace admin. I then ran the re-synch.

 

Still nothing happened and there was nothing in any of the logs.

 

What should I expect from the re-synch? I'm expecting it to bring in new users, and to update the mapped fields like job description.

 

Martin

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 8, 2008 3:40 PM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

The sync should be searching under your defined baseDN and within the user and group search filters you've provided to locate new users or groups. This will also update any changed attributes for existing users.

 

I'll set this up locally to make sure everything is working as it should out of the box. There are a couple of things I could think of off the top of my head that might cause issues. Could you confirm that your users in ldap have a username, email address, and password? These three fields are required for an LDAP entry to be used in clearspace.

 

The other thing to check is to make sure the new users fall within the specified baseDN and user search filter.

 

I'll test this locally and get back to you tomorrow.

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 8, 2008 3:43 PM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hey Martin,

 

Another thing I thought might be helpful is to set the logging level to 'TRACE' and re-running sync yet again. This should produce quite a large amount of output data for me to look at. After you've run the sync I'd suggest setting the logging level back to error, as a logging level that fine can potentially cause performance issues. If setting the logging level to trace produces some output, could you attach that info here?

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 13, 2008 8:18 AM in response to: Sean Moran
Re: Re-synch with LDAP

Right ok, I've managed to find where it's logging stuff.

 

I renamed the origianl clearspace.log file, with the intention of clearing it. I assumed the Clearspace would see the file wasn't there and just start a new log..... Clearly not.  Somehow it's actually managing to still write to the original file, which is now called clearspace_log.old2.

 

Anyway, managed to find the trace for the re-synch - see attached.

 

Thanks, and sorry about the delay finding this stuff.

 

Martin

Attachments:
Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 13, 2008 9:52 AM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

From the logs it looks like Spring is having a problem parsing your baseDN. Could you post your baseDN and user filter ( if you're using one ) ?

Martin Rowbory Beginner
Martin Rowbory
278 posts since
Sep 4, 2008
Currently Being Moderated
Oct 13, 2008 10:08 AM in response to: Sean Moran
Re: Re-synch with LDAP

Where do I find that...?

 

Thanks

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 13, 2008 10:35 AM in response to: Martin Rowbory
Re: Re-synch with LDAP

In the admin console under 'System'->'Management'->'System Properties' the baseDN will be stored in a property called 'ldap.baseDN', and the user search filter will be stored under 'ldap.searchFilter'.

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 16, 2008 5:25 PM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

From the error logs you gave me, and the baseDN information you sent over it looks like there's a portion of the LDAP stack within our app that is unable to handle your baseDN. I find this odd since your baseDN is as simple as it gets, no special characters, no spaces in the name. I'm going to pull in our Core Engineer that worked on all of our LDAP implementation and see what insight he can give me.

 

Once I've had a chance to talk to our engineer I'll update you with my findings.

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 17, 2008 11:59 AM in response to: Sean Moran
Re: Re-synch with LDAP

Hi Martin,

 

I've spoken with our Core Engineer and he thinks the issue could be with the spaces in your adminDN. Could you attempt escaping the spaces so we can properly bind?

 

For example:

CN=Sean Moran,OU=Jive Support,DC=jivesoftware,DC=com

Should be changed to:

CN=Sean\20Moran,OU=Jive\20Support,DC=jivesoftware,DC=com

Here, '\20' is used to escape the spaces in the adminDN. You can change this value by modifying the system property from the admin console. Unfortunately, this change will require a restart to take effect. Also if you have a staging/dev environment you can test this on first, I'd highly recommend that route instead of chaging production settings.

 

If you have any other questions please let me know.

Sean Moran Jive Employee
Sean Moran
6,145 posts since
Dec 10, 2007
Currently Being Moderated
Oct 9, 2008 11:23 AM in response to: Martin Rowbory
Re: Re-synch with LDAP

Hi Martin,

 

I've setup a local instance of Clearspace 2.5.1 pointed to our test Active Directory and I'm able to pull in new users and update changed fields without issue. I was also able to modify my baseDN and disable users that were no longer under the new DN. Were you able to change the logging level and re-run the sync? When I did this locally there didn't seem to be that much information, just an info message when a user is added or disabled.

 

The relevant tomcat log would be catalina.out, this should be catching all output from clearspace.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Case Product Issues

Loading Jira issues

Loading related product issues for this case
To better serve our customers we have included functionality to automatically follow up on a case after it has been idle for more than 5 days, and then auto close after an additional 3 days of inactivity. Choose No to acknowledge that this case will remain idle for longer than 5 days.
Making cases public allows other customers to learn from the solution of the case. It can also be used to gain feedback from others in the community. Ask our Support Engineers for more info, but we encourage you to make your cases public.