By: Tan Mientras user 28 Sep 2022 at 5:21 a.m. CDT

1 Response

Newbie here trying to setup AD sync as explained in https://gluu.org/docs/gluu-server/4.4/user-management/ldap-sync/ So far, achieved to get a "LDAP Connection Test succeeded!" but Cache Refresh is not working at all. JSON Configuration>OxTrust Configuration> loggingLevel=TRACE doesnt show any ERROR Searching for user just dumps: ``` 2022-09-28 10:18:35,934 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'organization_oxtrust' 2022-09-28 10:18:35,934 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key 'organization_oxtrust': 'Entry [dn=o=gluu]' 2022-09-28 10:18:35,935 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:58) - Loaded from cache, key: 'organization_oxtrust' 2022-09-28 10:18:35,936 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'organization_oxtrust' 2022-09-28 10:18:35,936 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key 'organization_oxtrust': 'Entry [dn=o=gluu]' 2022-09-28 10:18:35,936 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:58) - Loaded from cache, key: 'organization_oxtrust' 2022-09-28 10:18:35,937 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,937 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'organization_oxtrust' 2022-09-28 10:18:35,937 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key 'organization_oxtrust': 'Entry [dn=o=gluu]' 2022-09-28 10:18:35,937 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:58) - Loaded from cache, key: 'organization_oxtrust' 2022-09-28 10:18:35,938 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,938 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,949 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'organization_oxtrust' 2022-09-28 10:18:35,949 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:39) - Loaded data, key 'organization_oxtrust': 'Entry [dn=o=gluu]' 2022-09-28 10:18:35,949 TRACE [qtp112797691-21] [org.gluu.service.BaseCacheService] (BaseCacheService.java:58) - Loaded from cache, key: 'organization_oxtrust' 2022-09-28 10:18:35,950 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,950 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,951 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,951 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,952 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,952 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access 2022-09-28 10:18:35,954 TRACE [qtp112797691-21] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:72) - Checking permissions for target 'person' an 'action'. Identity: access ``` Previous trace also shows (redacted): ``` attributesFromLdap: START oxTrustConfCacheRefresh [{"sourceConfigs":[{"configId":"LDAP","bindDN":"CN=user,OU=department,OU=tree,DC=domain,DC=com","bindPassword":"****","servers":["server:389"],"maxConnections":10,"useSSL":false,"baseDNs":["OU=tree,DC=domain,DC=com"],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":false,"version":0,"level":0}],"inumConfig":{"configId":"local_inum","bindDN":"cn=directory manager","bindPassword":"Ow2MDJYtP0VwqVNUt5llNA==","servers":["ldap:1636"],"maxConnections":10,"useSSL":true,"baseDNs":["ou=cache-refresh,o=site"],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":true,"version":0,"level":0},"targetConfig":{"configId":null,"bindDN":null,"bindPassword":null,"servers":[],"maxConnections":2,"useSSL":false,"baseDNs":[],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":false,"version":0,"level":0},"ldapSearchSizeLimit":5000,"keyAttributes":["samaccountname"],"keyObjectClasses":["person"],"sourceAttributes":["sn","mail"],"customLdapFilter":"","updateMethod":"copy","defaultInumServer":false,"keepExternalPerson":true,"useSearchLimit":false,"attributeMapping":[{"source":"samaccountname","destination":"uid"},{"source":"sn","destination":"sn"},{"source":"mail","destination":"mail"}],"snapshotFolder":"/var/gluu/identity/cr-snapshots","snapshotMaxCount":10}] false oxTrustConfImportPerson [{"mappings":[{"ldapName":"uid","displayName":"Username","dataType":"string","required":true},{"ldapName":"givenName","displayName":"First Name","dataType":"string","required":true},{"ldapName":"sn","displayName":"Last Name","dataType":"string","required":true},{"ldapName":"mail","displayName":"Email","dataType":"string","required":true},{"ldapName":"userPassword","displayName":"Password","dataType":"string","required":false},{"ldapName":"gluuStatus","displayName":"User Status","dataType":"string","required":false}]}] false oxTrustConfApplication [{"baseDN":"o=gluu","orgSupportEmail":"mail@domain.com","applicationUrl":"https://gluu.domain.com","baseEndpoint":"https://gluu.domain.com/identity/restv1","personObjectClassTypes":["gluuCustomPerson","gluuPerson","eduPerson"],"personCustomObjectClass":"gluuCustomPerson","personObjectClassDisplayNames":["gluuCustomPerson","gluuPerson","eduPerson"],"contactObjectClassTypes":[],"contactObjectClassDisplayNames":[],"ldifStore":"/var/gluu/identity/removed","updateStatus":true,"keystorePath":"/etc/certs/shibIDP.jks","keystorePassword":"NNHFOlyfkE3v","allowPersonModification":true,"idpUrl":"https://gluu.domain.com","spMetadataPath":"","idpSecurityKey":"/etc/certs/shibIDP.key","idpSecurityKeyPassword":"3ihblUZOhdp1jBcwLj/R2Q==","idpSecurityCert":"/etc/certs/shibIDP.crt","gluuSpAttributes":[],"configGeneration":true,"idpLdapProtocol":"ldaps","idpLdapServer":"ldap:1636","idpBindDn":"cn=Directory Manager","idpBindPassword":"Ow2MDJYtP0VwqVNUt5llNA==","idpUserFields":"","gluuSpCert":"/etc/certs/shibIDP.crt","shibboleth3FederationRootDir":"/opt/shibboleth-federation","caCertsLocation":"/usr/java/latest/jre/lib/security/cacerts","caCertsPassphrase":"","tempCertDir":"/etc/certs/temp","certDir":"/etc/certs/","servicesRestartTrigger":"/opt/gluu/essential_files/trigger_restart_of_services_delete_me_to_do_so","oxAuthSectorIdentifierUrl":"https://gluu.domain.com/oxauth/sectoridentifier","oxAuthClientId":"1001.9649a5df-b808-4e8c-b52c-3fc7d9c82245","oxAuthClientPassword":"Upesh4wignXVU1vtS/10lA==","oxAuthClientScope":"openid+profile+email+user_name","loginRedirectUrl":"https://gluu.domain.com/identity/authcode.htm","logoutRedirectUrl":"https://gluu.domain.com/identity/finishlogout.htm","clientAssociationAttribute":"inum","oxAuthIssuer":"https://gluu.domain.com","ignoreValidation":false,"umaIssuer":"https://gluu.domain.com","scimUmaClientId":"1201.49cd6308-b80a-4368-b9f6-9bccf20c42a4","scimUmaClientKeyId":"b2c8a123-1d18-4480-b18d-b7e0e9188aee_sig_rs512","scimUmaResourceId":"1203.5c29aeef-5970-4b93-ba6b-1c0cf9e8de48","scimUmaScope":"https://gluu.domain.com/oxauth/restv1/uma/scopes/scim_access","scimUmaClientKeyStoreFile":"/etc/certs/scim-rs.jks","scimUmaClientKeyStorePassword":"G1hgzJB1PxVlqu5frRDOFQ==","passportUmaClientId":"1501.caeb6717-4858-4ce7-a943-af9b109f3670","passportUmaClientKeyId":"adc237ed-3205-4fe2-8acd-310ec052a3ec_sig_rs512","passportUmaResourceId":"1504.d837625a-15a9-4e0f-90e9-bee2adba3fa5","passportUmaScope":"https://gluu.domain.com/oxauth/restv1/uma/scopes/passport_access","passportUmaClientKeyStoreFile":"/etc/certs/passport-rs.jks","passportUmaClientKeyStorePassword":"dehpEjLwnx83H5WXOwaPnQ==","apiUmaClientId":"1401.d5698097-b6ee-44e0-a78b-958d0e64a8cd","apiUmaClientKeyId":"7be55619-66df-4b73-b69c-b7597fe71fe9_sig_rs512","apiUmaResourceId":"1403.b85a3419-42e2-4f35-b842-823061152887","apiUmaScopes":[],"apiUmaClientKeyStoreFile":"/etc/certs/api-rs.jks","apiUmaClientKeyStorePassword":"5Ne+nY2Jy+jKABX/bDtBow==","cssLocation":"","jsLocation":"","recaptchaSiteKey":"","recaptchaSecretKey":"","authenticationRecaptchaEnabled":false,"oxTrustApiTestMode":false,"enableUpdateNotification":false,"rptConnectionPoolUseConnectionPooling":true,"rptConnectionPoolMaxTotal":200,"rptConnectionPoolDefaultMaxPerRoute":20,"rptConnectionPoolValidateAfterInactivity":10,"rptConnectionPoolCustomKeepAliveTimeout":5,"oxIncommonFlag":false,"clientWhiteList":["*"],"clientBlackList":["*.attacker.com/*"],"supportedUserStatus":["active","inactive"],"loggingLevel":"TRACE","loggingLayout":"text","shibbolethVersion":"v3","shibboleth3IdpRootDir":"/opt/shibboleth-idp","shibboleth3SpConfDir":"/opt/shibboleth-idp/sp","organizationName":"Company","idp3SigningCert":"/etc/certs/idp-signing.crt","idp3EncryptionCert":"/etc/certs/idp-encryption.crt","metricReporterInterval":0,"metricReporterKeepDataDays":0,"metricReporterEnabled":false,"disableJdkLogger":false,"passwordResetRequestExpirationTime":600,"cleanServiceInterval":300,"enforceEmailUniqueness":true,"useLocalCache":true,"passIdTokenHintToLogoutRedirectUri":false,"ScimProperties":{"maxCount":200,"protectionMode":"OAUTH","userExtensionSchemaURI":"urn:ietf:params:scim:schemas:extension:gluu:2.0:User"}}] false oxRevision [22] false objectClass [top, oxTrustConfiguration] true attributesFromLdap: END ``` Previous dump: ``` 2022-09-27 11:09:04,079 INFO [main] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:152) - Initializing Cache Refresh Timer 2022-09-27 11:23:04,263 ERROR [qtp112797691-19] [org.gluu.oxtrust.action.ConfigureCacheRefreshAction] (ConfigureCacheRefreshAction.java:424) - Can't load Cache Refresh scripts. Using default script 2022-09-27 11:33:52,158 ERROR [qtp112797691-19] [org.gluu.oxtrust.action.ConfigureCacheRefreshAction] (ConfigureCacheRefreshAction.java:424) - Can't load Cache Refresh scripts. Using default script 2022-09-27 13:05:04,085 DEBUG [ForkJoinPool.commonPool-worker-3] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:253) - This server isn't master Cache Refresh server 2022-09-27 13:05:04,086 DEBUG [ForkJoinPool.commonPool-worker-3] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:197) - Starting conditions aren't reached 2022-09-27 13:05:04,086 DEBUG [ForkJoinPool.commonPool-worker-3] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:187) - Allowing to run new process exclusively ```

Gluu 4.4 Docker 20.1

closed

By Tan Mientras user 28 Sep 2022 at 6:40 a.m. CDT

Copy

Solution found here: https://support.gluu.org/cache-refresh/9432/cache-refresh-not-triggering/ Used 127.0.0.1 as Server IP Address on Cache Refresh tab

You need to Login in order to post an answer

Unable to sync with AD

By: Tan Mientras user 28 Sep 2022 at 5:21 a.m. CDT

Answers

By Tan Mientras user 28 Sep 2022 at 6:40 a.m. CDT

Post an answer