• State Not Answered
  • Replies 8 replies
  • Subscribers 18 subscribers
  • Views 1431 views
  • Users 0 members are here
Options
Related

LDAP Sync Job do nothing and quickly exits

Eugene Shulga (SE)

Issue description

LDAP Sync Job do nothing and quickly exits, domain user profile on this Verint stays empty

PS: The Active Directory is accessible through LDAP from the machine where Job Server is running, we had checked it from PowerShell Get-ADUser command


Job Server log output (no exceptions)
2021-09-22 19:50:05,634 - [STARTING] Ldap Sync (Id=e4d3b893-7f63-458c-9e04-6c5b6a67f8dd, JobId=875d3303-c73e-4a1e-a944-a3b6a4617b80)
2021-09-22 19:50:05,650 - [FINISHED] Ldap Sync (Id=e4d3b893-7f63-458c-9e04-6c5b6a67f8dd, JobId=875d3303-c73e-4a1e-a944-a3b6a4617b80) Elapsed: 00:00:00.0156004

Edited config files

communityserver_override.config

<?xml version="1.0" encoding="utf-8"?>
<Overrides>
	<Override xpath="/CommunityServer/Core/extensionModules"
		mode="change"
		name="enabled"
		value="true" />
	<!-- <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="allowAutoUserRegistration"
		value="false" /> -->
	<Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="adminWindowsGroupIsSystemAdministrator"
		value="false" />
	<!-- <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="adminWindowsGroup"
		value="MyAdministrativeGroup" /> -->
	<!-- <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="stripDomainName"
		value="false" /> -->
	<Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="emailDomain"
		value="@COMPANYNAME.COM" /> <!-- this value was replaced with dummy value -->
	<Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
		mode="change"
		name="profileRefreshInterval"
		value="1" />
</Overrides>

Telligent.Jobs.Server.exe.config

<?xml version="1.0" encoding="utf-8"?>
<!--
	Make sure to keep any changes to this file in sync between web.config and Telligent.Jobs.Server.exe.config
	(Except for the logging section which is unique to the Job Server)
-->
<configuration>
	<configSections>
		<sectionGroup name="common">
			<section name="logging" type="Common.Logging.ConfigurationSectionHandler, Common.Logging" />
		</sectionGroup>
		<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
		<section name="jobs" type="Telligent.Jobs.Configuration.JobsConfiguration, Telligent.Jobs" />
		<section name="TinyMCE" type="Moxiecode.TinyMCE.ConfigHandler,Moxiecode.TinyMCE" requirePermission="false" />
		<section name="LdapConnection" type="System.Configuration.NameValueSectionHandler" />
	</configSections>
    <LdapConnection>
      <add key="Server" value="LDAP://" />
      <add key="Port" value="389" />
      <add key="UserDN" value="CN=DOMAINUSER,CN=Users,DC=COMPANYNAME,DC=COM" /> <!-- this value was replaced with dummy value -->
      <add key="Password" value="SOMEPASSWORD" /> <!-- this value was replaced with dummy value -->
      <add key="Authentication" value="Secure" />
    </LdapConnection>
    <!-- .... -->
    <!-- skipped unchanged configuration -->
    <!-- .... -->
</configuration>

Parents
  • 0

    Here is sample of AD user account in Verint and corresponding user account acquired through PowerShell LDAP

    PS: All information was replaced by dummy values




    DistinguishedName : CN=FirstName LastName,OU=OrganizationalUnit3,OU=OrganizationalUnit2,OU=OrganizationalUnit1,DC=COMPANYNAME,DC=COM
Enabled           : True
GivenName         : GivenName
Name              : FirstName Surname
ObjectClass       : user
ObjectGUID        : f776b5f1-9401-4fa0-8265-0d7a21b38f1a
SamAccountName    : userlogin
SID               : S-1-5-21-21487600-10229659-371915043294140934-8674
Surname           : Surname
UserPrincipalName : userlogin@COMPANYNAME.COM

  • 0 in reply to Eugene Shulga (SE)

    Has the LDAP package been added to the Packages.config file in the web root and jobs folder?

    Also is there a specific reason you are using LDAP/Windows authentication versus another more modern method?   I would not necessarily advice using this in new installs, there is plan in the next version to obsolete both of these and then removal in the future.

  • 0 in reply to Patrick M.

    LDAP/Windows authentication versus another more modern method?

    Usage of exactly AD + Kerberos was a corporate policy from customer

  • 0 in reply to Patrick M.

    I would not necessarily advice using this in new installs,
    there is plan in the next version to obsolete both of these and then removal in the future.

    What should intranet communities with AD based IdP use then?

  • 0 in reply to Patrick M.

    Actually we missed to do it, Packages.config file was look like:

    <?xml version="1.0" encoding="utf-8" ?>
<!-- This file determines which packages have been added to Telligent Community -->
<Packages>
  <!--
  <Package Name="Ldap" Version="1.0" DateInstalled="2009-03-09" Id="4BF1091D-376C-42b2-B375-E2FE9480E845" />
  <Package Name="SharePoint" Version="1.0" DateInstalled="2009-03-09" Id="0D05BACA-B8EC-4233-B67D-6CAB7536A700" />
  -->
</Packages>


    We changed it content to:
    <?xml version="1.0" encoding="utf-8" ?>
<!-- This file determines which packages have been added to Telligent Community -->
<Packages>
  <Package Name="Ldap" Version="1.0" DateInstalled="2009-03-09" Id="4BF1091D-376C-42b2-B375-E2FE9480E845" />
  <!--
  <Package Name="SharePoint" Version="1.0" DateInstalled="2009-03-09" Id="0D05BACA-B8EC-4233-B67D-6CAB7536A700" />
  -->
</Packages>



    But nothing changes, the log output was
    2021-09-24 20:06:21,824 - [STARTING] Ldap Sync (Id=c3226dfc-9220-4c21-ac12-a33a785bdd28, JobId=875d3303-c73e-4a1e-a944-a3b6a4617b80)
    2021-09-24 20:06:21,824 - [FINISHED] Ldap Sync (Id=c3226dfc-9220-4c21-ac12-a33a785bdd28, JobId=875d3303-c73e-4a1e-a944-a3b6a4617b80)

    And users was not updated

  • 0 in reply to Eugene Shulga (SE)

    OpenID connect will be preferred, which will widely available in the next week or two in 12, but certified for Okta, though Azure AD should follow shortly.  There are services offerings for SAML as well.

Reply Children
No Data

About
Privacy Policy
Terms of use
Copyright 2024 Verint, Inc.
Powered by Verint Community