Cache Refresh in version 2.4.3

By: Michael Whittlestone user 22 Jun 2016 at 2:43 a.m. CDT

29 Responses
Michael Whittlestone gravatar
I am having problems getting cache refresh to Work. I am trying between two instances of gluu installations. When I click on Update and Validate Script I get a good result and can see the same in the oxtrust_cache_refresh.log and I can use ldapsearch from the one server to the other with good results - but I am not seeing anything else in the logs or in vds_snapshots or seeing any data in any of the fields "Last run" "Updates at last run" "Poblems at the last run". It is like I have not found the enable button (drop Down at the bottom of the Cache Refresh page). I have tried with and without enabling the script.
U1404
closed

Answers

By Mohib Zico staff 22 Jun 2016 at 4:27 a.m. CDT

Copy
Mohib Zico gravatar
Hello Michael, Would you mind to take a look at other Cache Refresh related tickets, our docs and video tutorial ( in our youtube channel )? Hopefully you will be able to get some light on this issue.

By Michael Whittlestone user 22 Jun 2016 at 4:48 a.m. CDT

Copy
Michael Whittlestone gravatar
Will do (Again!). Do you have anything that is 2.4.3 specific. At least one enable button has gone from what I have seen in 2.4.2

By Mohib Zico staff 22 Jun 2016 at 4:52 a.m. CDT

Copy
Mohib Zico gravatar
Nothing crucial removed from newer version but if you can share one screenshot of that button which is absent in 2.4.3, it will be helpful to answer; if it can make your life easier we will return it back.

By Aliaksandr Samuseu staff 22 Jun 2016 at 5:19 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Michael. Have you put ip address of the box in corresponding field of the first CR page's tab (the one that has '255.255.255.255' in it from the beginning)? You need to change for CR to work.

By Michael Whittlestone user 22 Jun 2016 at 6:39 a.m. CDT

Copy
Michael Whittlestone gravatar
I have now seen your three excellant youtube videos - really nice to have examples based on gluu rather than Active Directory. However, still exactly the same. In the ip address box on first page I have tried the url the ip address and the ip address plus :1636 but none of these three possibilities has helped. If you e-mail me I can send you the url and admin password so you can have a look yourself (if you want). Otherwise I will send a screen shot.

By Mohib Zico staff 22 Jun 2016 at 7:03 a.m. CDT

Copy
Mohib Zico gravatar
Ok... now it's time to see logs. Enable your CR and tail oxtrust_cache_refresh.log ( /opt/tomcat/logs/ )

By Michael Whittlestone user 22 Jun 2016 at 7:06 a.m. CDT

Copy
Michael Whittlestone gravatar
Sample result entry is: 'dn: 'inum=@!DD7B.F72B.F9A2.D6D0!0001!D4FC.7669!0000!4A3F.7ED4,ou=people,o=@!DD7B.F72B.F9A2.D6D0!0001!D4FC.7669,o=gluu' inum: '@!DD7B.F72B.F9A2.D6D0!0001!D4FC.7669!0000!4A3F.7ED4', gluuStatus: 'active' inum: '@!DD7B.F72B.F9A2.D6D0!0001!D4FC.7669!0000!4A3F.7ED4' gluuStatus: 'active' mail: 'Test value' sn: 'Test value' cn: 'Test value' givenName: 'Test value (updated)' dn: 'Test value' displayName: 'Test value' preferredLanguage: 'en-us' userPassword: 'test'' 2016-06-22 06:17:28,741 INFO [org.gluu.oxtrust.action.ConfigureCacheRefreshAction] (ajp-bio-127.0.0.1-8009-exec-17) Script has been executed successfully. Sample source entry is: ' mail: 'Test value' sn: 'Test value' cn: 'Test value' givenName: 'Test value (updated)' "oxtrust_cache_refresh.log" 214L, 6253C

By Michael Whittlestone user 22 Jun 2016 at 7:07 a.m. CDT

Copy
Michael Whittlestone gravatar
So, clicking on the test button works fine (when the script is enabled) but can't see anything real happening

By Mohib Zico staff 22 Jun 2016 at 7:20 a.m. CDT

Copy
Mohib Zico gravatar
>> when the script is enabled What kind of script you are using? Generally user do not need any script to run their CR. >> but can't see anything real happening Keep tailing, check logs after 15 mins or 20 mins ( depends on your pooling interval ).

By Michael Whittlestone user 22 Jun 2016 at 7:22 a.m. CDT

Copy
Michael Whittlestone gravatar
Will turn of the script that came with the ce. Am pooling every 1 minute (but have tried longer periods)

By Michael Whittlestone user 22 Jun 2016 at 7:25 a.m. CDT

Copy
Michael Whittlestone gravatar
With the script disabled I see the following in the log: 2016-06-22 11:04:47,488 ERROR [org.gluu.oxtrust.action.ConfigureCacheRefreshAction] (ajp-bio-127.0.0.1-8009-exec-2) Can't load Cache Refresh scripts. Using default script

By Michael Whittlestone user 22 Jun 2016 at 7:42 a.m. CDT

Copy
Michael Whittlestone gravatar
Screen dumps at https://www.dropbox.com/sh/hed0z2jo8zbzmyk/AAANM_9dyPlzEwwYh2ce1wita?dl=0 No further items in oxtrust_cache_refresh_log since 11:04:47 still tail -f (ing)
Video or screenshot link

By Michael Schwartz Account Admin 22 Jun 2016 at 8:41 a.m. CDT

Copy
Michael Schwartz gravatar
1. You only need the attribute mapping if the name is different. 1. In your connection settings, the ou DN has to be your target server.

By Michael Whittlestone user 22 Jun 2016 at 9:20 a.m. CDT

Copy
Michael Whittlestone gravatar
Thanks Mike, will give it a try

By Michael Whittlestone user 22 Jun 2016 at 9:40 a.m. CDT

Copy
Michael Whittlestone gravatar
No luck with ip address (40.87.147.179). Trying with login.oneidentity.dk...

By Michael Whittlestone user 22 Jun 2016 at 9:52 a.m. CDT

Copy
Michael Whittlestone gravatar
Still no joy:-(

By Mohib Zico staff 22 Jun 2016 at 12:34 p.m. CDT

Copy
Mohib Zico gravatar
Michael, Let's start from scratch.... - Stop tomcat - Clean all logs inside /opt/tomcat/logs/ - Start tomcat - Go to CR page in oxTrust ( GUI ) and - CR polling interval: 5 mins - 'Update' it - Please send us the full 'oxtrust_cache_refresh.log' after 30 mins of starting Cache Refresh. We will move forward from there.

By Michael Whittlestone user 23 Jun 2016 at 1:32 a.m. CDT

Copy
Michael Whittlestone gravatar
Followed the instructions above and added logs folder to dropbox so you should have access The only entry that appeared in cacherefresh log was this one: 2016-06-23 05:34:14,472 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (localhost-startStop-1) Initializing CacheRefreshTimer...
Video or screenshot link

By Mohib Zico staff 23 Jun 2016 at 3:17 a.m. CDT

Copy
Mohib Zico gravatar
Thanks. Nothing interesting in logs. Can you please dump 'o=gluu' and share the ldif?

By Michael Whittlestone user 23 Jun 2016 at 3:52 a.m. CDT

Copy
Michael Whittlestone gravatar
Done added to drop box as gluudump.ldif

By Mohib Zico staff 23 Jun 2016 at 5:27 a.m. CDT

Copy
Mohib Zico gravatar
Couple of things: - I can see '13.74.187.147' in screenshot for 'Server IP Address' and inside ldap, it's saying 'oxTrustCacheRefreshServerIpAddress: 40.87.147.179'. - 'Source Backend LDAP Server' - 'login.oneidentity.dk': is that your 'remote' backend AD/LDAP server? - The baseDN what you are using is really unknown to me; '....c=inum=@DA....' ... that cannot be the tree of any LDAP.

By Michael Whittlestone user 23 Jun 2016 at 5:44 a.m. CDT

Copy
Michael Whittlestone gravatar
Client Gluu Server (oxAuth/oxTrust): ubuntugluu.northeurope.cloudapp.azure.com ip address changes every day but today it is 13.69.245.174 Source Backend Gluu Server (LDAP): login.oneidentity.dk fixed ip address: 40.87.147.179 baseDN I agree looks wrong - will try with ou=people,o=@!B8FE.5386.76FC.2978!0001!2A62.F29C,o=gluu I have tried with the value in your video too previously...

By Mohib Zico staff 23 Jun 2016 at 5:46 a.m. CDT

Copy
Mohib Zico gravatar
>> Client Gluu Server (oxAuth/oxTrust): ubuntugluu.northeurope.cloudapp.azure.com ip address changes every day but today it is 13.69.245.174 That is a big obstacle for Gluu Server installation. IP address must have to be static and unique. >> baseDN I agree looks wrong - will try with ou=people,o=@!B8FE.5386.76FC.2978!0001!2A62.F29C,o=gluu I have tried with the value in your video too previously... Is this the baseDN of your own Gluu Server??

By Michael Whittlestone user 23 Jun 2016 at 5:47 a.m. CDT

Copy
Michael Whittlestone gravatar
Server IP address is currently set to: 40.87.147.179 ie to login.oneidentity.dk - is that correct?

By Michael Whittlestone user 23 Jun 2016 at 5:59 a.m. CDT

Copy
Michael Whittlestone gravatar
Static IP address needed. Could this be the cause of the problem?

By Michael Whittlestone user 23 Jun 2016 at 6:02 a.m. CDT

Copy
Michael Whittlestone gravatar
baseDN: the gluu server I am trying to use as the source is a standard gluu server intsallation (opendj). The three users have been created through the gluu GUI o=gluu o=the id that was created at the time of installation ou=people inum - long id sn, mail, name, displayName etc inum - long id inum - long id

By Mohib Zico staff 23 Jun 2016 at 8:28 a.m. CDT

Copy
Mohib Zico gravatar
>> Server IP address is currently set to: 40.87.147.179 ie to login.oneidentity.dk - is that correct? >> Static IP address needed. Could this be the cause of the problem? Server IP Address is the IP address of your Gluu Server which must be a static one; it cannot change over time. >> baseDN: the gluu server I am trying to use as the source is a standard gluu server intsallation (opendj). That's wrong. 'Source' is remote AD/LDAP server from where you are going to pull user's information. _"This section allows the Gluu Server to connect to the backend Active Directory/LDAP server of the organization."_ from [documentation](https://gluu.org/docs/oxtrust/configuration/#source-backend-ldap-servers) >> The three users have been created through the gluu GUI o=gluu o=the id that was created at the time of installation ou=people inum - long id sn, mail, name, displayName etc inum - long id inum - long id If you create users in Gluu Server, why you need Cache Refresh? Users are already inside Gluu Server.. you don't need to pull any info from anywhere...

By Michael Whittlestone user 23 Jun 2016 at 8:31 a.m. CDT

Copy
Michael Whittlestone gravatar
Eventually I am going to be using a different backend but currently - as I have two Gluu instances I thought I could use one as the front end and the other as the back end

By Mohib Zico staff 23 Jun 2016 at 8:45 a.m. CDT

Copy
Mohib Zico gravatar
In this case my suggestion is: - Use CR separately for both servers; 'source' would be your backend AD/LDAP. - Combine both Gluu Servers into one cluster and you can move forward.

Post an answer