Hi Doug, It's really hard to read your comment ( can't understand which one is command, which one is log and which one is your statement ); can you please make it little bit clear?

Just installed gluu 3.1.1. Can generate user and group entry locally thru admin ui. I then went to Configuration->Cache Refresh to config to allow I sync with remote AD and I don't see the sync happening. All contents of CR's snapshot directory /var/ox/identity/cr-snapshots is empty when I started. After finish config, I actually stop and start whole thing ``` bash /sbin/gluu-serverd-3.1.1 stop ``` ``` bash /sbin/gluu-serverd-3.1.1 start ``` After 10 more minutes, snapshot directory still empty. I don't see good information in oxauth_persistence.log. ``` bash -bash-4.2# pwd /opt/gluu/jetty/oxauth/logs -bash-4.2# cat oxauth_persistence.log 2018-01-17 17:43:26,304 INFO [main] [org.gluu.site.ldap.LDAPConnectionProvider] (LDAPConnectionProvider.java:184) - Attempting to create connection pool: 1 2018-01-17 17:43:26,653 INFO [main] [org.gluu.site.ldap.LDAPConnectionProvider] (LDAPConnectionProvider.java:184) - Attempting to create connection pool: 1 2018-01-17 17:43:27,046 INFO [main] [org.gluu.site.ldap.LDAPConnectionProvider] (LDAPConnectionProvider.java:184) - Attempting to create connection pool: 1 2018-01-17 17:43:27,098 INFO [main] [org.gluu.site.ldap.LDAPConnectionProvider] (LDAPConnectionProvider.java:184) - Attempting to create connection pool: 1 -bash-4.2# ``` Here are information I can provide to help you understand how I config them. ``` bash -bash-4.2# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X -D 'cn=directory manager,o=gluu' -w 'MY_LDAP_PASS' -b 'o=gluu' -z 5 '(objectclass=oxtrustconfiguration)' oxTrustConfCacheRefresh ``` Response: ``` bash dn: ou=oxtrust,ou=configuration,inum=@!AF69.D089.AC59.7862!0002!FE1D.1EC7,ou=appliances,o=gluu oxTrustConfCacheRefresh: {"sourceConfigs":[{"configId":"source","bindDN":"cn=Gluu User,ou=Gluu,ou=Service Accounts,dc=catalystsolves,dc=com","bindPassword":"1lDXF01bAVVMwh8rIk3M4+M0PvYadxdk9YkjMkMxAoeWPlo6CfCDK+jOK4Os2qa9","servers":["192.168.0.47:389"],"maxConnections":3,"useSSL":true,"baseDNs":["dc=catalystsolves,dc=com"],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":false,"version":0,"level":0}],"inumConfig":{"configId":"local_inum","bindDN":"cn=directory manager,o=site","bindPassword":"k0E8MNYr5BprgAO8mpc2DA==","servers":["localhost:1636"],"maxConnections":10,"useSSL":true,"baseDNs":["o=site"],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":true,"version":0,"level":0},"targetConfig":{"configId":null,"bindDN":null,"bindPassword":null,"servers":[],"maxConnections":0,"useSSL":false,"baseDNs":[],"primaryKey":null,"localPrimaryKey":null,"useAnonymousBind":false,"enabled":false,"version":0,"level":0},"ldapSearchSizeLimit":1000,"keyAttributes":["SAMAccountname"],"keyObjectClasses":["inetOrgPerson"],"sourceAttributes":["mail","cn","sn"],"customLdapFilter":"","updateMethod":"copy","defaultInumServer":false,"keepExternalPerson":true,"useSearchLimit":false,"attributeMapping":[{"source":"SAMAccountname","destination":"uid"},{"source":"cn","destination":"cn"},{"source":"sn","destination":"sn"}],"snapshotFolder":"/var/ox/identity/cr-snapshots","snapshotMaxCount":10} ``` ``` bash -bash-4.2# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X -D 'cn=directory manager,o=gluu' -w 'MY_LDAP_PASS' -b 'o=gluu' -z 5 '(objectclass=gluuappliance)' gluuVdsCacheRefreshPollingInterval gluuVdsCacheRefreshEnabled gluuIpAddress ``` Response: ``` bash dn: inum=@!AF69.D089.AC59.7862!0002!FE1D.1EC7,ou=appliances,o=gluu gluuIpAddress: 172.31.9.235 gluuVdsCacheRefreshPollingInterval: 10 gluuVdsCacheRefreshEnabled: enabled ``` Please advise how do I troubleshoot the issue.

Thanks Doug. From log it's not clear. oxtrust_cache_refresh.log is the log which is logging cache refresh related operations. Try to enhance log level to DEBUG and see what's there showing. [Here](https://gluu.org/docs/ce/3.1.1/operation/logs/) is the doc on Gluu Server logs.

I use UI to change the log level to DEBUG. in /opt/gluu/jetty/identity/logs folder. ``` bash -bash-4.2# cat oxtrust_cache_refresh.log ``` ``` bash 2018-01-19 23:17:33,819 DEBUG [Thread-33765] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:17:33,821 DEBUG [Thread-33765] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:17:33,821 DEBUG [Thread-33765] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:18:33,818 DEBUG [Thread-33776] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:18:33,819 DEBUG [Thread-33776] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:18:33,819 DEBUG [Thread-33776] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:19:33,819 DEBUG [Thread-33786] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:19:33,819 DEBUG [Thread-33786] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:19:33,819 DEBUG [Thread-33786] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:20:33,818 DEBUG [Thread-33797] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:20:33,819 DEBUG [Thread-33797] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:20:33,819 DEBUG [Thread-33797] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:21:33,819 DEBUG [Thread-33807] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:21:33,819 DEBUG [Thread-33807] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:21:33,819 DEBUG [Thread-33807] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:22:33,818 DEBUG [Thread-33818] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:22:33,818 DEBUG [Thread-33818] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:22:33,818 DEBUG [Thread-33818] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:23:33,818 DEBUG [Thread-33828] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:23:33,818 DEBUG [Thread-33828] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:23:33,818 DEBUG [Thread-33828] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:24:33,818 DEBUG [Thread-33839] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:24:33,818 DEBUG [Thread-33839] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:24:33,818 DEBUG [Thread-33839] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:25:33,819 DEBUG [Thread-33849] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:25:33,819 DEBUG [Thread-33849] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:25:33,819 DEBUG [Thread-33849] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:26:33,818 DEBUG [Thread-33860] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:26:33,818 DEBUG [Thread-33860] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:26:33,818 DEBUG [Thread-33860] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-19 23:27:33,818 DEBUG [Thread-33870] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-19 23:27:33,818 DEBUG [Thread-33870] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-19 23:27:33,818 DEBUG [Thread-33870] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively ``` What does 'This server isn't master Cache Refresh server' message means. How do I resolve this issue.

>> 2018-01-19 23:18:33,818 DEBUG [Thread-33776] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server `Master Cache Refresh Server` means where your Gluu Server is installed. You need to use this server's IP address.

After I change the correct IP address, the This server isn't master Cache Refresh server message go away. However, I got different error message, "Failed to connect to LDAP server using configuration source". Heare are complete logs: ```bash 2018-01-20 16:01:33,818 DEBUG [Thread-44307] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-20 16:01:33,819 DEBUG [Thread-44307] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-20 16:01:33,819 DEBUG [Thread-44307] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-20 16:02:33,818 DEBUG [Thread-44318] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:241) - This server isn't master Cache Refresh server 2018-01-20 16:02:33,818 DEBUG [Thread-44318] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:190) - Starting conditions aren't reached 2018-01-20 16:02:33,818 DEBUG [Thread-44318] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:179) - Allowing to run new process exclusively 2018-01-20 16:04:12,388 INFO [main] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:141) - Initializing Cache Refresh Timer 2018-01-20 16:39:58,010 INFO [main] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:141) - Initializing Cache Refresh Timer 2018-01-20 16:51:43,037 ERROR [Thread-119] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1068) - Failed to connect to LDAP server using configuration source 2018-01-20 16:51:43,046 ERROR [Thread-119] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:281) - Skipping cache refresh due to invalid server configuration 2018-01-20 17:03:43,026 ERROR [Thread-247] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1068) - Failed to connect to LDAP server using configuration source 2018-01-20 17:03:43,034 ERROR [Thread-247] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:281) - Skipping cache refresh due to invalid server configuration 2018-01-20 17:15:43,026 ERROR [Thread-375] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1068) - Failed to connect to LDAP server using configuration source 2018-01-20 17:15:43,034 ERROR [Thread-375] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:281) - Skipping cache refresh due to invalid server configuration 2018-01-20 17:27:43,025 ERROR [Thread-503] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:1068) - Failed to connect to LDAP server using configuration source 2018-01-20 17:27:43,031 ERROR [Thread-503] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:281) - Skipping cache refresh due to invalid server configuration ``` If I perform ldapsearch outside the gluu server, I can get data like following: ```bash $ ldapsearch -h 192.168.0.47 -p 389 -D "cn=Gluu User,ou=Gluu,ou=Service Accounts,dc=catalystsolves,dc=com" -w "ldap_password" -b "uid=dhuang,dc=catalystsolves,dc=com" "givenname=Doug" -s sub "(objectclass=*)" ``` Howerver, if I perform ldapsearch inside gluu server container, I will get error> ```bash -bash-4.2# /opt/opendj/bin/ldapsearch -h 192.168.0.47 -p 389 -D "cn=Gluu User,ou=Gluu,ou=Service Accounts,dc=catalystsolves,dc=com" -w "ldap_password" -b "dc=catalystsolves,dc=com" "givenname=Doug" -s sub "(objectclass=*)" Connect Error Result Code: 91 (Connect Error) -bash-4.2# ``` Any idea, how to resolve the issue.

>> $ ldapsearch -h 192.168.0.47 -p 389 -D "cn=Gluu User,ou=Gluu,ou=Service Accounts,dc=catalystsolves,dc=com" -w "ldap_password" -b "uid=dhuang,dc=catalystsolves,dc=com" "givenname=Doug" -s sub "(objectclass=*)" This baseDN is kinda not exactly look like baseDN... `dc=xxx,dc=com` more looks like baseDN. Can you try this baseDN from outside Gluu-Server?

I performed ldapsearch outside of gluu-server. It is inside of our private network. ```bash Networks-MBP-4:~ dhuang$ ldapsearch -h 192.168.0.47 -p 389 -D "cn=Gluu User,ou=Gluu,ou=Service Accounts,dc=catalystsolves,dc=com" -w "ldap_password" -b "dc=catalystsolves,dc=com" "givenname=Doug" -s sub "(objectclass=*)" # extended LDIF # # LDAPv3 # base <dc=catalystsolves,dc=com> with scope subtree # filter: givenname=Doug # requesting: -s sub (objectclass=*) # # Doug Huang, OR, Application Development Staff, catalystsolves.com dn: CN=Doug Huang,OU=OR,OU=Application Development Staff,DC=catalystsolves,DC= com # search reference ref: ldap://ForestDnsZones.catalystsolves.com/DC=ForestDnsZones,DC=catalystsol ves,DC=com # search reference ref: ldap://DomainDnsZones.catalystsolves.com/DC=DomainDnsZones,DC=catalystsol ves,DC=com # search reference ref: ldap://catalystsolves.com/CN=Configuration,DC=catalystsolves,DC=com # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 1 # numReferences: 3 Networks-MBP-4:~ dhuang$ ```

Thanks. I believe it's some kind of network issue then. Can you please talk to your network admin on this? What kind of directory is this '192.168.0.47'? AD or LDAP?

Just checked with network admin. It is ActiveDirectory.

Ok. I have seen such attitude before for some customers... like from AD server there was firewall issue which prohibit to talk to backendAD:636 or 389.

Out AD is sitting in private network, so, that's why we have encounter connection issue. We will setup public facing AD later. Will close this ticket.