Logan Graham Posted July 31, 2018 Share Posted July 31, 2018 Hi All, Hoping you can help me, we have had an issue since the 20th with trying to import users into Hornbill, if we run the import script we currently get this log output 2018/07/31 14:35:44 [DEBUG] ---- XMLMC LDAP Import Utility V2.0.3 ---- 2018/07/31 14:35:44 [DEBUG] Flag - Config File new_add.json 2018/07/31 14:35:44 [DEBUG] Flag - Zone eur 2018/07/31 14:35:44 [DEBUG] Flag - Dry Run false 2018/07/31 14:35:44 [DEBUG] Flag - Workers 1 2018/07/31 14:35:44 [WARN] 2.0.3 is not latest, you should upgrade to 3.1.1 by downloading the latest package Here https://github.com/hornbill/goLDAPUserImport/releases/tag/v3.1.1 2018/07/31 14:35:44 [DEBUG] Loading Config File: C:\LDAP_Import/new_add.json 2018/07/31 14:35:44 [DEBUG] Instance Endpoint https://eurapi.hornbill.com/woodlandtrust/xmlmc/ 2018/07/31 14:35:44 [DEBUG] Attempting Connection to LDAP... Server: xxx.xxx.org.uk Port: xxx Type: Skip Verify: true Debug: false 2018/07/31 14:35:44 [DEBUG] Creating LDAP Connection 2018/07/31 14:35:44 [DEBUG] LDAP Search Query {Server:xxx.xxx.org.uk UserName:xxx@xxx.org.uk Password:xxx Port:xxx ConnectionType: InsecureSkipVerify:true Scope:2 DerefAliases:1 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(objectClass=user) DSN:CN=xxx,OU=xxx,OU=xxx Staff,OU=xx Users,DC=xxx,DC=org,DC=uk Debug:false} ---- 2018/07/31 14:35:44 [DEBUG] LDAP Results: 1 2018/07/31 14:35:44 [DEBUG] Processing Users 2018/07/31 14:35:44 2018/07/31 13:35:44 [DEBUG] Buffer For Job: 1 - Worker: 1 - User: xxx 2018/07/31 13:35:44 [ERROR] Unable to Search For User: You do not have the required privilege level [user] to invoke the method data::entityDoesRecordExist 2018/07/31 13:35:44 [DEBUG] Create User: xxx 2018/07/31 13:35:44 [DEBUG] LDAP Attribute for Site Lookup: [physicalDeliveryOfficeName] 2018/07/31 13:35:44 [DEBUG] Looking Up Site xxx 2018/07/31 13:35:44 [ERROR] Unable to Search for Site: You do not have the required privilege level [user] to invoke the method data::entityBrowseRecords 2018/07/31 13:35:44 [DEBUG] Site Lookup found Id 2018/07/31 13:35:44 [DEBUG] password 2018/07/31 13:35:44 [DEBUG] Auto Generated Password for: xxx - xxx 2018/07/31 13:35:44 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2018/07/31 13:35:44 [ERROR] Unable to Create User: You do not have the required privilege level [user] to invoke the method admin::userCreate 2018/07/31 14:35:44 [ERROR] Error encountered please check the log file 2018/07/31 14:35:44 [ERROR] Error Count: 1 2018/07/31 14:35:44 [DEBUG] Updated: 0 2018/07/31 14:35:44 [DEBUG] Updated Skipped: 0 2018/07/31 14:35:44 [DEBUG] Created: 0 2018/07/31 14:35:44 [DEBUG] Created Skipped: 0 2018/07/31 14:35:44 [DEBUG] Profiles Updated: 0 2018/07/31 14:35:44 [DEBUG] Profiles Skipped: 0 2018/07/31 14:35:44 [DEBUG] Time Taken: 812.4844ms 2018/07/31 14:35:51 [DEBUG] ---- XMLMC LDAP Import Complete ---- I have been trying to figure out what account is being used to see if i need to change privileges but I see no hint to what account this is using. I have recently taken over from a person maintained the service desk and his account is no longer in hornbill. My question is really is there a way of finding out what account this is trying to use? I have "XXX" out the sensitive data. Thanks, Logan G Link to comment Share on other sites More sharing options...
James Ainsworth Posted July 31, 2018 Share Posted July 31, 2018 Hi Logan, 6 hours ago, Logan Graham said: 2018/07/31 14:35:44 [WARN] 2.0.3 is not latest, you should upgrade to 3.1.1 by downloading the latest package It might be worth starting with updating your version of the Import Utility. If your imports were working, and they have recently stopped working it might simply be that if there was a modification to the security model on the platform, the Import Utility would need to be updated to match the version of the platform. If the issue continues after updating, we can then help investigate. Information about downloading the new version can be found here. This wiki page also includes a link on how to configure the new 3.0 version of the Import Utility. Let us know how you get on with this. Regards, James Link to comment Share on other sites More sharing options...
Logan Graham Posted August 1, 2018 Author Share Posted August 1, 2018 HI James, Thanks for the reply, I don't think the update would help matters in this scenario. Seems odd to me that it would randomly stop working and it be down to the version number. I would rather know what account this is trying to use first as updating it may cause more issues. If there is a way to find out what account this is using it would help me massively. as on the wiki is mentions about this error; [ERROR] Unable to Assign Role to User: You cannot create or update the role as you do not have sufficient permissions to set the system rights. - every action within Hornbill must be performed in the context of a user account. This error is suggesting that the user account you are using to run the utility does not posses the appropriate Hornbill roles set to associate the necessary roles the imported user. See the Testing section above, specifically "What Hornbill Roles are needed for the Import to Complete Successfully?". The main issue is not knowing what account this is using. Thanks, Logan G Link to comment Share on other sites More sharing options...
James Ainsworth Posted August 1, 2018 Share Posted August 1, 2018 Hi Logan, As the user can be any account that you select, I can't say which account you are using. In the link to the documentation that I posted further up, there is a section that describes where the API key for the user that you have selected for the imports needs to be added to the config script. On each User Profile in Administration you can create an API key for that user. This is what will be used within your config script for the import utility. For obvious security reasons, there is no way to tell from looking at the configuration file of the import tool to see the user name or password. Possibly, the API key was for the account of the person that you mentioned who is no longer in Hornbill. The rights needed to perform the imports include Manage Users Create Users Update Users Execute Stored Queries There is a Role called ''User Import'' which contains all of these rights. I would still recommend updating to 3.x of the Import Utility. This version is more secure and easier to configure. As version 2.x has been deprecated, support will be limited. Updates and fixes will only be applied to 3.x. Regards, James Link to comment Share on other sites More sharing options...
Logan Graham Posted August 2, 2018 Author Share Posted August 2, 2018 Thank you james, that was it the api was set to the wrong user, I will look at upgrading this soon just wanted to try and get this initial fix done. Really appreciate the help with this it has been driving me insane for the past few days. Thanks again, Logan G Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now