ldap import tool LDAP Import not updating records

[Jeremy]

We have noticed that it seems that the LDAP importation tool for adding accounts to Service Manager seems to be broken, although it uploads new accounts correctly it does not seem to update the accounts. When it checks for updates it seems to see a created record and then skip the any updates.

Below is the message from our Infrastructure team:

"We have updated the import tool to the latest from Hornbill and checked that all attributes are available to the account making the requests from Hornbill. Unfortunately, there seems to be a bug where it is only creating accounts and not updating them."

Please can this be looked into with some urgency as it appears that no records have been updated for a very long time and we are starting to see the ramifications of this e.g. name changes not being updated, incorrect/no email addresses not being updated.

[Steve Giller]

@JeremyThe first thing to check would be to ensure you're on the latest version (which would be 3.9.1)

[Jeremy]

@Steve Giller We are using LDAP user import Linux x64 v3.9.1

[Steve Giller]

@Jeremy Do you know when the tool was updated, and from what version?

The note from your Infrastructure team implies that it was changed recently, but you say that the updates have not been correct for a long time, which may or may not indicate that there's no correlation between the two.

Are no accounts at all being updated, or is it a mixture of updates and failures?
Have you checked the import logs - you may need to adjust the setting to "Debug" - to check for any commonalities between the accounts that aren't updating?
Is the data in AD consistent - e.g. phone numbers in the same format, locales recorded correctly etc?

[Jeremy]

@Steve Giller

Do you know when the tool was updated, and from what version?

- V3.9.0 to V3.9.1 @ 10am 23/09/2021

The note from your Infrastructure team implies that it was changed recently, but you say that the updates have not been correct for a long time, which may or may not indicate that there's no correlation between the two.

- The no update fault was present before the update. The tool was updated in hope of resolving the problem.

Are no accounts at all being updated, or is it a mixture of updates and failures?

- No accounts are being updated and no attempt is being made to update them.

Have you checked the import logs - you may need to adjust the setting to "Debug" - to check for any commonalities between the accounts that aren't updating?

- Below is a snippet of the logs. The logs are pre tool update but we can get more recent if needed. 

2021/03/07 21:02:05 [DEBUG] Processing User Data
2021/03/07 21:02:05 [DEBUG] LDAP User ID: 'up844005'
2021/03/07 21:02:05 [DEBUG] Auto Generated Password for: UP844005 - epU^4)7l-6
2021/03/07 21:02:05 [DEBUG] LDAP Attribute for Site Lookup: STUDENT
2021/03/07 21:02:05 [DEBUG] Looking Up Site STUDENT
2021/03/07 21:02:05 [DEBUG] Found Site in Cache235
2021/03/07 21:02:05 [DEBUG] User: up844005
        Operation: Both
        User Exists: false
        Create: true
        Update: false
        Update Type: false
        Update Profile: false
        Update Site: false
        Update Status: false
        Update Home Organisation: false
        Roles Count: 2
        Update Image: false
        Groups: 0

it doesn't seem to honour the flags we set : update is false !

Is the data in AD consistent - e.g. phone numbers in the same format, locales recorded correctly etc?

- Account information is consistent between users. Users are created via the Netiq driver to ensure this.

[Steve Giller]

@Jeremy Can you send me the contents of the debug tab via Private Message and I can check through, please?

[Steve Giller]

@Jeremy At first look the config seems in order.

Can you send me the logging for a User who:

• Already exists in the system
• Definitely has changes that need to be applied
• Is skipped over by the Import as described

The log above appears to be for a new User, which may not be fully relevant to the issue described.

[Paul Alexander]

@Jeremy

Did you get this fixed please? I've just noticed that it looks like some info in our LDAP import isn't being updated - in our instance it seems to be the email address. Although the new account IS being created, it's skipping the email address for some reason, and any amount of 'updating' and rerunning the tool isn't updating it either.

We're using version 3.9.6 

 

thanks

 

 

EDIT: Actually, scrub that - it seems that the replication between our on-prem AD and the cloud-AD is taking a little longer than expected to update, which is why I can see the email address ok in one system, but not the other.

 

[Paul Alexander]

Actually - scrub that edit  - it turns out that the LDAP import DOES seem to be missing some items (email addresses) on SOME imports. 

I can't see a pattern to this, except that it only seems to have happened in the last couple of days. 

If I create a new AD account and import it in to Hornbill it isn't bringing in the email address (even though there IS an email address in the AD account).

Is this just us...or has anyone else noticed this in the last couple of days? 

[Jeremy]

We have been noticing this for a while we are trying to get logs to pass to Hornbill but that is proving problematic at the moment for us for a variety of reasons.

But we have issues with any updates to accounts, as once the account is created when the system next does a sync it sees the existing account and decides that there is nothing to update.

We are missing updates to email address, name changes and also we changed the import to include some extra information but this does not seem to be updating the new information.

[Paul Alexander]

HI @Jeremy

Thanks for that...I'll get a ticket opened with Support to see if we can get it sorted...

[Jeremy]

@Paul Alexander was there ever any updates about this?

[Paul Alexander]

Hi @Jeremy

I didn't get around to reporting this to Hornbill, and I haven't been made aware of any more instances of it happening recently. So, in answer to your question, no I haven't seen any updates about it.

 

 

[SamS]

Hi @Jeremy& @Paul Alexander,

Are you using the latest utility?

A couple of weeks ago we've discovered an issue with updating the "Attributes" in all of the user import scripts.
In the LDAP utility that was fixed in 3.11.

I'm not aware of any issues updating the email field, though.

[QEHNick]

I'm getting similar issues with zero updates being made. This happened with 3.11 and now I've updated to 3.12, it's still occurring.

 

I've included my debug if anyone's keen.

Debug.txt

[Paul Alexander]

@SamS

I haven't noticed any anomalies with the LDAP import lately- that's not to say there aren't any, just that I haven't noticed any! We did a big AD cleanup a month or so ago and then updated Hornbill, and it LOOKS to all be ok, so I'm afraid I'm not going to be any help.