Jump to content

LDAP Import - Unable to set user status error


samwoo

Recommended Posts

Hello,

Last night the LDAP_Import has stopped importing new users from AD (strangely). I confirmed that the filters set against the LDAP_Import conf files can see the new users, yet the tool itself did import them.

I then went to run the LDAP_Import ad-hoc and I got this in the output (and this LDAP_Import has been untouched since I first set it up to import AD Profile Pictures).
59c22d499ff85_LDAP_Importerror0.png.c8e35b7dec916fee2b63194ebef0d49d.png

But there was a message at the top saying that I wasn't using the latest version of the LDAP_Import tool... so I proceeded to download it and make the necessary tweaks to the .conf files. When running it this time, I get the following message:
59c22d889c8c2_LDAP_Importerror.png.98128c466094be6d29f51ed1e5b751f4.png

The LDAP_Import tool and relevant files hasn't been modified in any way for a very long time so it's odd why this has happened now.

Please advise.

Samuel

Link to comment
Share on other sites

Hi @TrevorKillick - thanks

.BAT file

ldap_import.exe  -file=UsersWBC.json -workers 2 -logprefix=WBCUsers_

.CONF file
 

{
    "APIKey": "###################################",
    "InstanceId": "###############",
    "UpdateUserType": true,
    "UserRoleAction": "Both",
    "LDAPServerConf": {
        "Server": "###############################",
        "UserName": "################",
        "Password": "#########",
        "Port": ###,
        "ConnectionType": "",
        "InsecureSkipVerify": false,
        "Scope": 1,
        "DerefAliases": 1,
        "SizeLimit": 0,
        "TimeLimit": 0,
        "TypesOnly": false,
        "Filter": "(&(objectClass=user)(&(!(sAMAccountName=*test*))(givenName=*)(!(company=###))(!(company=####))))",
        "DSN": "OU=Users,OU=Users & Desktops,OU=####,DC=wokingham,DC=gov,DC=uk",
        "Debug": false
    },
    "UserMapping":{
       "UserId":"[sAMAccountName]",
       "UserType":"basic",
       "Name":"[cn]",
       "Password":"",
       "FirstName":"[givenName]",
       "LastName":"[sn]",
       "JobTitle":"[title]",
       "Site":"",
       "Phone":"[telephoneNumber]",
       "Email":"[mail]",
       "Mobile":"[mobile]",
       "AbsenceMessage":"",
       "TimeZone":"",
       "Language":"",
       "DateTimeFormat":"",
       "DateFormat":"",
       "TimeFormat":"",
       "CurrencySymbol":"",
       "CountryCode":"",
	  "UserDNCache":"[distinguishedName]"
    },
    "UserAccountStatus":{
        "Action":"Update",
        "Enabled": true,
        "Status":"active"
    },
    "UserProfileMapping":{
        "MiddleName":"",
        "JobDescription":"",
        "Manager":"[manager]",
        "WorkPhone":"",
        "Qualifications":"",
        "Interests":"",
        "Expertise":"",
        "Gender":"",
        "Dob":"",
        "Nationality":"",
        "Religion":"",
        "HomeTelephone":"",
        "SocialNetworkA":"",
        "SocialNetworkB":"",
        "SocialNetworkC":"",
        "SocialNetworkD":"",
        "SocialNetworkE":"",
        "SocialNetworkF":"",
        "SocialNetworkG":"",
        "SocialNetworkH":"",
        "PersonalInterests":"",
        "homeAddress":"",
        "PersonalBlog":"",
        "Attrib1":"",
        "Attrib2":"",
        "Attrib3":"",
        "Attrib4":"#################",
        "Attrib5":"",
        "Attrib6":"",
        "Attrib7":"#####",
        "Attrib8":""
    },
    "UserManagerMapping":{
        "Action":"Both",
        "Enabled":true,
        "Attribute":"[manager]",
        "GetIDFromName":true,
        "Regex":"CN=(.*?)(?:,[A-Z]+=|$)",
        "Reverse":true,
        "ManagerSearchField":"h_name",
        "UseDNCacheFirst":false
    },
    "LDAPAttributes":[
        "cn",
        "sn",
        "sAMAccountName",
        "userPrincipalName",
        "givenName",
        "manager",
	"mail",
	"mobile",
	"telephonenumber",
	"mobile",
	"title",
	"company",
	"physicalDeliveryOfficeName",
	"thumbnailPhoto"
    ],
    "Roles":[
        "Self Service User",
	   "Basic User Role"
    ],
    "ImageLink":{
        "Action":"Both"
        , "Enabled": true
        , "UploadType": "AD"
        , "ImageType": "jpg"
        , "URI": "[thumbnailPhoto]"
    },
    "SiteLookup":{
        "Action":"Both",
        "Enabled": true,
        "Attribute":"[physicalDeliveryOfficeName]"
    },
    "OrgLookup":{
        "Action":"Both",
        "Enabled":true,
        "Attribute":"###############",
        "Type":5,
        "Membership":"member",
        "TasksView":false,
        "TasksAction":false,
	   "OnlyOneGroupAssignment":false
    }
}

Cheers,

Samuel

Link to comment
Share on other sites

@samwoo

Sorry i found the issue and recreated locally i have built and released an update which fixes the issue https://github.com/hornbill/goLDAPUserImport/releases/tag/v2.4.1

Can you try the updated binary, no need to change the configuration file, and let me know the outcome please.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

26 minutes ago, TrevorKillick said:

@samwoo

Sorry i found the issue and recreated locally i have built and released an update which fixes the issue https://github.com/hornbill/goLDAPUserImport/releases/tag/v2.4.1

Can you try the updated binary, no need to change the configuration file, and let me know the outcome please.

Kind Regards

Trevor Killick

Thanks for this.

It seemed to have worked for the first 687 records and now is throwing up a different error now, for each time it attempts:
59c238c32de87_LDAP_Importerror2.png.5f97e0eaedf94c5219e1e0cc6fda02cb.png

Maybe this is why the new users havent imported because they would likely to be further down the list.

Thanks,

Samuel

Link to comment
Share on other sites

23 minutes ago, TrevorKillick said:

@samwoo

Can you change -workers 2 to -workers=1 it will take a little longer but runs effectively single threaded. 

Kind Regards

Trevor Killick

Thanks Trevor,

This has now worked with 1 worker.

It took a long time, but it isn't a problem as this runs about 5.30 every evening so we will stick to using 1 worker.

Cheers,

Samuel

  • Like 1
Link to comment
Share on other sites

@samwoo

Just to explain what it looks like is happening by default the workers is set to 10 but it looks like your instance was under fairly decent load at this time so responses to API calls were slow anything longer than 30 seconds would timeout in the Import which is what the error is suggesting was happening, bringing that down to 1 makes everything much slower but reduces the load on the Instance. When this is scheduled you can play around with increasing the workers back to 2 or 3 as this should be fine when the instance is under minimal load, you were testing the import pretty much at peak hours for where we see load i.e between 8am and lunch time.

Kind Regards

Trevor Killick

  • Thanks 1
Link to comment
Share on other sites

  • Victor changed the title to LDAP Import - Unable to set user status error

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...