By: richard abbott user 11 Jun 2019 at 4:14 p.m. CDT

19 Responses
richard abbott gravatar
We have an LDAP data structure example; uid=123456789,ou=people,o=testdomain objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top personalTitle: Mrs uid: 123456789 userpassword: password initials: C givenName: melissa cn: Tolley Melissa MiddleNames: kate sn: Tolley displayName: Tolley Melissa dn: uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomanin objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: UKOrgPerson objectClass: top uid: 123456789 UKOrgCloseDate: 20120111 Country: England initials: K givenName: Melissa cn: Tolley Melissa uniqueIdentifier: 165472838045 sn: Tolley MiddleNames: Kate UKIDCode: hg41sd o: Yorkshire displayName: Tolley Melissa dn: uniqueIdentifier=777777777,uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomain objectClass: UKOrgPersonRole objectClass: top JobRole: "Administrator":"Support":"Secretary role" uniqueIdentifier: 777777777 UKOrgCloseDate: 20120111 JobRoleCode: xc123:yc123:yc123 BusinessFunctions: Administrator When I run this through the cache refresh process i get failed results 2019-06-11 20:14:28,854 ERROR [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-determini stic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000009438045], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-11 20:14:28,854 INFO [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:347) - Found '0' uniq ue entries in source server In the Cache Refresh section , I have UID as the key attribute and the objectclass as Top. I require the following attributes: sn , cn , givenname, UKOrgCloseDate , JobRoleCode along with email etc if present. My question is it possible to use this LDAP data structure or do I need to look at a custom script ?? Thanks

By Mohib Zico staff 13 Jun 2019 at 9:25 a.m. CDT

Mohib Zico gravatar
I am reposting your question with better mkdocs format: ---------------------------------------------------------------------------------------------------- We have an LDAP data structure example; ``` uid=123456789,ou=people,o=testdomain objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top personalTitle: Mrs uid: 123456789 userpassword: password initials: C givenName: melissa cn: Tolley Melissa MiddleNames: kate sn: Tolley displayName: Tolley Melissa ``` ``` dn: uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomanin objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: UKOrgPerson objectClass: top uid: 123456789 UKOrgCloseDate: 20120111 Country: England initials: K givenName: Melissa cn: Tolley Melissa uniqueIdentifier: 165472838045 sn: Tolley MiddleNames: Kate UKIDCode: hg41sd o: Yorkshire displayName: Tolley Melissa ``` ``` dn: uniqueIdentifier=777777777,uniqueIdentifier=965472838045,uid=123456789,ou=People,o=testdomain objectClass: UKOrgPersonRole objectClass: top JobRole: "Administrator":"Support":"Secretary role" uniqueIdentifier: 777777777 UKOrgCloseDate: 20120111 JobRoleCode: xc123:yc123:yc123 BusinessFunctions: Administrator ``` When I run this through the cache refresh process i get failed results ``` 2019-06-11 20:14:28,854 ERROR [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-determini stic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000009438045], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-11 20:14:28,854 INFO [Thread-16473] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:347) - Found '0' uniq ue entries in source server ``` In the Cache Refresh section , I have UID as the key attribute and the objectclass as Top. I require the following attributes: sn , cn , givenname, UKOrgCloseDate , JobRoleCode along with email etc if present. My question is it possible to use this LDAP data structure or do I need to look at a custom script ?? Thanks -----------------------------------------------------------------------------------------------------

By Mohib Zico staff 13 Jun 2019 at 9:29 a.m. CDT

Mohib Zico gravatar
>> I have UID as the key attribute and the objectclass as Top Check with some other OC then.. say `person`? Basically, Cache Refresh configuration highly dependent on backend Active directory or LDAP ( from where you are pulling user's information ). It varies from organization to organization.

By richard abbott user 13 Jun 2019 at 9:32 a.m. CDT

richard abbott gravatar
Yes this is being pulled form and exsisting LDAP service - 1m users

By Mohib Zico staff 14 Jun 2019 at 2:56 a.m. CDT

Mohib Zico gravatar
>> Yes this is being pulled form and exsisting LDAP service - 1m users Sorry, not sure I understand. Does that mean... your issue resolved or you just answered some question?

By richard abbott user 14 Jun 2019 at 3:34 a.m. CDT

richard abbott gravatar
No my question has still not been answered, Is it possible to load a Parent LDAP entry and its corresponding child entries. As per example above. Thanks

By Mohib Zico staff 14 Jun 2019 at 4:49 a.m. CDT

Mohib Zico gravatar
>> Is it possible to load a Parent LDAP entry and its corresponding child entries. As per example above. Yes... from above examples.. you need to pull entries from `ou=people,o=testdomain`. i.e. baseDN in Backend Cache Refresh will be `ou=people,o=testdomain`

By richard abbott user 14 Jun 2019 at 8:35 a.m. CDT

richard abbott gravatar
OK I have tried this on a few occassions now....to me the child entries are not added only the Parent entries. i get the following error: ``` 2019-06-14 13:25:28,129 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:343) - Found '6' entries in source server`` 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000000506048], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 ERROR [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1092) - Non-deterministic primary key. Skipping user with key: CacheCompoundKey [primaryKeyValues=[000000903039], secondaryKeyValues=null, tertiaryKeyValues=null] 2019-06-14 13:25:28,129 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:347) - Found '0' unique entries in source server 2019-06-14 13:25:28,203 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:368) - Found '2' entries in inum server 2019-06-14 13:25:28,203 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Found '0' changed entries 2019-06-14 13:25:28,263 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:418) - Updated '0' entries 2019-06-14 13:25:28,264 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:420) - Failed to update '0' entries 2019-06-14 13:25:28,264 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:463) - Removed '0' persons from target server 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:480) - There are '2' entries before updating inum list 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:484) - There are '2' entries after removal '0' entries 2019-06-14 13:25:28,265 INFO [Thread-5357] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:488) - There are '2' entries after adding '0' entries ``` So to be clear this is trying to add the Parent entry then the child entry.

By Mohib Zico staff 14 Jun 2019 at 8:49 a.m. CDT

Mohib Zico gravatar
Can you please share all your Cache Refresh config screenshots? Wanna see what's there in config.

By richard abbott user 14 Jun 2019 at 10:36 a.m. CDT

richard abbott gravatar
FYI

By Mohib Zico staff 14 Jun 2019 at 10:39 a.m. CDT

Mohib Zico gravatar
Thanks. Will check it!

By Mohib Zico staff 17 Jun 2019 at 11:32 a.m. CDT

Mohib Zico gravatar
Seems like your `Server:Port` information is not correct.... Attaching two screenshots: - Under `Cache Refresh` tab: This is the "IP_address" only of your Gluu Server VM. - Under `Source Backend LDAP Servers` tab: This should be "IP_address:Port" of your Backend LDAP / AD server.

By richard abbott user 17 Jun 2019 at 2:15 p.m. CDT

richard abbott gravatar
Cache Refresh = 10636 Gluu LDAP Souce Backend LDAP = 10389 To me the issue is that cache refresh process does'nt seem to be able to add a Parent entry and its corresponding child entries. As the example data above.

By Mohib Zico staff 17 Jun 2019 at 2:33 p.m. CDT

Mohib Zico gravatar
Server and Ports are definitely wrong ( until and unless you modified something ).

By richard abbott user 17 Jun 2019 at 2:37 p.m. CDT

richard abbott gravatar
I do have my Local backend LDAp server sitting inside my Gluu VM so they both say localhost ....but I have one listening on 10636 (gluu ) and my Local Backend LDAP on 10389.

By Mohib Zico staff 17 Jun 2019 at 2:49 p.m. CDT

Mohib Zico gravatar
>> I do have my Local backend LDAp server sitting inside my Gluu VM so they both say localhost Don't do it. >> but I have one listening on 10636 (gluu ) and my Local Backend LDAP on 10389. Don't do it as well. - Prepare your ldap server in machine. Give it a hostname. - Keep your Gluu server running in default mode for now. - Keep your backend ldap server ( which is remote ldap ) in 1636 ( LDAPS ) or 1389 ( LDAP ). - Re-check Cache refresh doc and video. - Re-establish cache refresh. You shouldn't have any issue.

By richard abbott user 17 Jun 2019 at 3:17 p.m. CDT

richard abbott gravatar
OK this is only for a proof of concept but appreciate your points. However my question still remains. Can you add a Parent LDAP entry and all its child entries under it. Example o=testdomain dn: uid=123456,ou=people,o=testdomain dn: uniqueidentifier=654321,uid=123456,ou=people,o=testdomain I have added a snippet of test data. i appreciate you may not have a schema. Buts its an example of my Local LDAP data whereby I am adding a uid (parent) the its child entries.

By Mohib Zico staff 17 Jun 2019 at 3:24 p.m. CDT

Mohib Zico gravatar
>> Can you add a Parent LDAP entry and all its child entries under it. Yes, Cache Refresh doesn't care much about parent DN and/or Child DN. Whichever DN you use as `baseDN`, it will pull all entries + child entries of that DN. For example, in your case, I would pull `ou=people,o=testdomain` totally; that means, I will use `ou=people,o=testdomain` as BaseDN. Gluu Server will pull all entries of this DN.

By richard abbott user 17 Jun 2019 at 3:39 p.m. CDT

richard abbott gravatar
OK will test again with some more sample data. But in my previous response you can see errors in the cache refresh log ^^^^^^ "Non-deterministic primary key. Skipping user with key: CacheCompo" I have attached my example people LDAP structure. If you could take a look please.

By Mohib Zico staff 19 Jun 2019 at 12:49 p.m. CDT

Mohib Zico gravatar
I believe it means... some kind of duplication in primary key determination by Cache Refresh. [Here](https://github.com/GluuFederation/oxTrust/blob/master/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java#L1093) is code from Cache Refresh.