samwoo Posted May 16, 2016 Share Posted May 16, 2016 Hello, I wasnt involved with the initial setting up of Hornbill in our organisation but when the users were imported, they only had the "Basic User Role" assigned to them. But they cannot access the basics of the Customer Portal using it. I added "Self Service User" to the LDAP Conf file on Friday, we have it scheduled to run at 5:30 every night so coming in today i've seen that it hasnt worked. I just did a dry run, and can confirm that it hasnt applied the Self Service User job role to all of the users. Conf File { "UserName": "********", "Password": ""********",", "InstanceId": ""********",", "UpdateUserType":false, "LDAPConf": { "Server": ""********",", "UserName": ""********",", "Password": ""********",", "Port": "********",, "Filter": "(objectClass=user)", "DSN": "OU=Users,OU=Users & Desktops,OU="********",,DC="********",,DC="********",,DC="********"," }, "LDAPMapping":{ "UserId":"[sAMAccountName]", "UserType":"basic", "Name":"[cn]", "Password":"", "FirstName":"[givenName]", "LastName":"[sn]", "JobTitle":"[title]", "Site":"", "Phone":"[telephoneNumber]", "Email":"[mail]", "Mobile":"[mobile]", "AbsenceMessage":"", "TimeZone":"", "Language":"", "DateTimeFormat":"", "DateFormat":"", "TimeFormat":"", "CurrencySymbol":"", "CountryCode":"" }, "LDAPAttirubutes":[ "cn", "sn", "sAMAccountName", "userPrincipalName", "givenName", "description", "mobile", "title", "telephoneNumber", "mail" ], "Roles":[ "Basic User Role", "Self Service User" ], "SiteLookup":{ "Enabled": false, "Attribute":"" } } Log File 2016/05/16 11:21:05 [DEBUG] ---- XMLMC LDAP Import Utility V1.4.0 ---- 2016/05/16 11:21:05 [DEBUG] Flag - Config File conf.json 2016/05/16 11:21:05 [DEBUG] Flag - Zone eur 2016/05/16 11:21:05 [DEBUG] Flag - Dry Run true 2016/05/16 11:21:05 [DEBUG] Loading Config File: C:\TEMP\Hornbill/conf.json 2016/05/16 11:21:05 [DEBUG] Logging Into: https://eurapi.hornbill.com/********/xmlmc/ 2016/05/16 11:21:05 [DEBUG] UserName: ******** 2016/05/16 11:21:05 [DEBUG] Connecting Server: ******** 2016/05/16 11:21:06 [DEBUG] LDAP Results: 1591 2016/05/16 11:21:06 [DEBUG] Processing Users 2016/05/16 11:21:06 [DEBUG] LDAP User Record dn: CN=******** ********,OU=Users,OU=Users & Desktops,OU=********,DC=********,DC=********,DC=******** cn: ******** ******** sn: ******** title: ******** ******** description: ******** ******** ******** telephoneNumber: ******** ******** ******** givenName: ******** sAMAccountName: ******** userPrincipalName: ******** mail: ******** ---- Can someone advise? I feel like i'm missing something. Thanks, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 16, 2016 Share Posted May 16, 2016 Hi Samuel Roles are only added on creation of a user as documented here: https://github.com/hornbill/goLDAPUserImport Its possible we can look at adding the ability to change when roles are added as we do now for Organisations and Sites. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
samwoo Posted May 16, 2016 Author Share Posted May 16, 2016 Hi Trevor, That would be great if you can look into this as we are keen to get people using the Self Service Portal due to the changes that are going on in the organisation. Is there any options i could use in the mean time? Is it possible to change the default role of the Self Service Portal to use the Basic User Role? If you update the LDAP Import to allow updates to Job Roles within Hornbill, will it only update/append to the user's current roles? Thanks for your quick response, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 16, 2016 Share Posted May 16, 2016 Hi Samuel Unfortunately due to permissions its not possible to switch the Portal Role to Basic User Role, The only option at this time is to add all your basic users to required self service role. If we were to add the ability to assign roles on user update then it would only add the specified roles. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 16, 2016 Share Posted May 16, 2016 Hi Samuel I have added the ability to assign roles on user update and/or create, once tested i will do a release and let you know. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
samwoo Posted May 16, 2016 Author Share Posted May 16, 2016 Thanks Trevor, the support you and Hornbill provide is fantastic! Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel Latest version of the LDAP Import Tool 2.0.1 contains a flag that allows you to assign roles on update https://github.com/hornbill/goLDAPUserImport Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi Trevor, I have added in the new flag into the conf, but whenever i run the file it comes back like this (in the dry run): 2016/05/18 13:11:39 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] [DEBUG] Buffer For Job: 54 - Worker: 1 - User: 2016/05/18 12:11:39 [ERROR] Unable to Search For User: No key value specified, unable to query record 2016/05/18 12:11:39 [DEBUG] Create User: 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: cn For Input Param: [cn] 2016/05/18 12:11:39 [DEBUG] password 2016/05/18 12:11:39 [DEBUG] Auto Generated Password for: - SZErHWJxZr 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: givenName For Input Param: [givenName] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: sn For Input Param: [sn] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: title For Input Param: [title] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: telephoneNumber For Input Param: [telephoneNumber] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: mail For Input Param: [mail] 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 12:11:39 [DEBUG] User Create XML <params><password>U1pFckhXSnhacg==</password><userType>basic</userType></params> 2016/05/18 12:11:39 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 12:11:39 [DEBUG] Processing User Profile Data 2016/05/18 12:11:39 [DEBUG] User Profile Update XML <params><profileData><userID></userID><attrib1><invalid Value></attrib1><attrib2><invalid Value></attrib2><attrib3><invalid Value></attrib3><attrib4><invalid Value></attrib4><attrib5><invalid Value></attrib5><attrib6><invalid Value></attrib6><attrib7><invalid Value></attrib7><attrib8><invalid Value></attrib8></profileData></params> It does this 103 times then halts... This is the Conf file { "APIKey": "api key", "InstanceId": "instanceid", "UpdateUserType": false, "UserRoleAction": "Update", "LDAPServerConf": { "Server": "server", "UserName": "server user", "Password": "server password", "Port": 389, "ConnectionType": "", "InsecureSkipVerify": false, "Scope": 1, "DerefAliases": 1, "SizeLimit": 0, "TimeLimit": 0, "TypesOnly": true, "Filter": "(objectClass=user)", "DSN": "dsn details", "Debug": false }, "UserMapping":{ "UserId": "[sAMAccountName]", "UserType": "basic", "Name": "[cn]", "Password": "", "FirstName": "[givenName]", "LastName": "[sn]", "JobTitle": "[title]", "Site": "", "Phone": "[telephoneNumber]", "Email": "[mail]", "Mobile": "[mobile]", "AbsenceMessage":"", "TimeZone": "", "Language": "", "DateTimeFormat":"", "DateFormat": "", "TimeFormat": "", "CurrencySymbol":"", "CountryCode": "" }, "UserAccountStatus":{ "Action":"Update", "Enabled": false, "Status":"active" }, "UserProfileMapping":{ "MiddleName":"", "JobDescription":"", "Manager":"", "WorkPhone":"", "Qualifications":"", "Interests":"", "Expertise":"", "Gender":"", "Dob":"", "Nationality":"", "Religion":"", "HomeTelephone":"", "SocialNetworkA":"", "SocialNetworkB":"", "SocialNetworkC":"", "SocialNetworkD":"", "SocialNetworkE":"", "SocialNetworkF":"", "SocialNetworkG":"", "SocialNetworkH":"", "PersonalInterests":"", "homeAddress":"", "PersonalBlog":"", "Attrib1":"", "Attrib2":"", "Attrib3":"", "Attrib4":"", "Attrib5":"", "Attrib6":"", "Attrib7":"", "Attrib8":"" }, "UserManagerMapping":{ "Action": "Create", "Enabled": false, "Attribute": "[manager]", "GetIDFromName": true, "Regex": "CN=(.*?)(?:,[A-Z]+=|$)", "Reverse": true }, "LDAPAttirubutes":[ "cn", "sn", "sAMAccountName", "userPrincipalName", "givenName", "description", "mobile", "title", "telephoneNumber", "mail", "manager" ], "Roles":[ "Basic User Role", "Self Service User" ], "SiteLookup":{ "Action": "Both", "Enabled": false, "Attribute": "" } , "OrgLookup":{ "Action": "Both", "Enabled": false, "Attribute": "[sAMAccountName]", "Type": 2, "Membership": "member", "TasksView": false, "TasksAction": false } } I'm at a loss... can you advise? Also i have another request, could you include a parameter where you can specify the name of the conf you wish to use. If not specified or blank then default to conf. This way it'll be easier dry run without having to rename the old conf to the new in order to test it then revert it back once done. Thanks, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel Let me look into the issue you are seeing and i will get back you. I noticed this on a customer instance earlier, yes there is a -file= input flag where you can specify the configuration file to use. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel I have released 2.0.2 which fixes a number of issues although i was not able to recreate it getting stuck at 100 odd users but i will keep trying to recreate the issue. Can you let me know if it still happens in 2.0.2 Thanks Trevor Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi Trevor, Really odd its stuck on 101 now, none of the values are on the command prompt This is the last two entries in the log: 2016/05/18 15:30:50 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] [DEBUG] Buffer For Job: 100 - Worker: 1 - User: 2016/05/18 14:30:50 [ERROR] Unable to Search For User: No key value specified, unable to query record 2016/05/18 14:30:50 [DEBUG] Create User: 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: cn For Input Param: [cn] 2016/05/18 14:30:50 [DEBUG] password 2016/05/18 14:30:50 [DEBUG] Auto Generated Password for: - VVUnOBubXz 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: givenName For Input Param: [givenName] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sn For Input Param: [sn] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: title For Input Param: [title] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: telephoneNumber For Input Param: [telephoneNumber] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: mail For Input Param: [mail] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 14:30:50 [DEBUG] User Create XML <params><password>VlZVbk9CdWJYeg==</password><userType>basic</userType></params> 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 14:30:50 [DEBUG] Processing User Profile Data 2016/05/18 14:30:50 [DEBUG] User Profile Update XML <params><profileData><userID></userID></profileData></params> 2016/05/18 15:30:50 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] [DEBUG] Buffer For Job: 101 - Worker: 1 - User: 2016/05/18 14:30:50 [ERROR] Unable to Search For User: No key value specified, unable to query record 2016/05/18 14:30:50 [DEBUG] Create User: 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: cn For Input Param: [cn] 2016/05/18 14:30:50 [DEBUG] password 2016/05/18 14:30:50 [DEBUG] Auto Generated Password for: - grbrBeoJRr 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: givenName For Input Param: [givenName] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sn For Input Param: [sn] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: title For Input Param: [title] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: telephoneNumber For Input Param: [telephoneNumber] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: mail For Input Param: [mail] 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 14:30:50 [DEBUG] User Create XML <params><password>Z3JickJlb0pScg==</password><userType>basic</userType></params> 2016/05/18 14:30:50 [ERROR] Unable to Load LDAP Attribute: sAMAccountName For Input Param: [sAMAccountName] 2016/05/18 14:30:50 [DEBUG] Processing User Profile Data 2016/05/18 14:30:50 [DEBUG] User Profile Update XML <params><profileData><userID></userID></profileData></params> Also i was wondering if you are able to add a line to show whether a new Job Role was assigned to a user in the log file? Sorry not getting anyway with it. I will copy the example JSON file from Github then copy the data from the old one (which still works) Thanks, Samuel Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Using the example conf file, i'm still getting stuck at 101.. hmm Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel Job Role will be shown in the log file if its being populated during dry run. I can see from the logs that sAMAccountName which is mapped to the userId field is not found in the LDAP Response which is causing a high number of error, it would be interesting to see how far you get when the mappings are configured in the same way as the working import. My test data has 97 users and its all good i will try and add a few more see if i can make it get stuck. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 I will find enough users to recreate and let you know. Regards Trevor Killick Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi Trevor, Thanks for responding. I have copied the data from the old file that works (where UserMapping was called LDAPMapping, and LDAPServerConf was called LDAPConf) and everything is the same. But i had to add add the missing attributes to the "LDAPAttributes". It fixed the majority except the "mobile" one... which does work in the old version but not the new one. And... it still stops at 101. The is the final part of the log 2016/05/18 16:12:22 [DEBUG] Buffer For Job: 101 - Worker: 1 - User: annjon 2016/05/18 15:12:22 [DEBUG] Update User: annjon 2016/05/18 15:12:22 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 15:12:22 [DEBUG] User Update XML <params><userId>annjon</userId><name>Anna Jones</name><firstName>Anna</firstName><lastName>Jones</lastName><jobTitle>Library Assistant</jobTitle><phone>0118 9699847</phone><email>Anna.Jones@wokingham.gov.uk</email></params> 2016/05/18 15:12:22 [DEBUG] Processing User Profile Data annjon 2016/05/18 15:12:22 [DEBUG] User Profile Update XML <params><profileData><userID>annjon</userID></profileData></params> Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Thank you, Oddly i still cannot replicate this even using the released binaries. What Operating system are running this on? Are there any errors in the Windows Event Viewer? What does task manager show in terms of system resource usage? Is it possible to run without dry run and see how far it gets? I am going to try and create a few thousand accounts and see if it gets stuck as you have 1500 odd accounts being returned in the LDAP Query. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi Trevor, Appreciate you looking into this. 1. Windows Server 2008 2. The Task manager shows the resources as being relatively the same before, the same during the process at it's halt and the same after 3. There is nothing showing in the Event Viewer regarding this process I will copy the file over to my laptop (Windows 7 64 bit) and try it from there quickly. Thanks, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel Thanks for the feedback sorry about this. is it possible to try without the -dryrun flag? Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi again Trevor, It wont work on my system (actively refused connection). Is there any chance of it causing any issues if i do it without a dry run? Thanks, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel No its getting stuck so the worst case if it gets stuck without dry run is that from user 101 onwards they will not have been updated. If you are not happy running it without dryrun i understand i will continue to investigate on our end. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
samwoo Posted May 18, 2016 Author Share Posted May 18, 2016 Hi Trevor, Got the following message when attempting to do it without a dry-run Also getting a message saying its unable to Add Role to User... can you only do it one at a time? See below for the last two outputs in the log to where the red error on the screenshot above has occurred. 2016/05/18 16:36:55 [DEBUG] Buffer For Job: 100 - Worker: 1 - User: annbar 2016/05/18 15:36:55 [DEBUG] Update User: annbar 2016/05/18 15:36:55 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 15:36:55 [DEBUG] Add Role to User: Self Service User 2016/05/18 15:36:55 [DEBUG] Add Role to User: Basic User Role 2016/05/18 15:36:55 [ERROR] Unable to Assign Role to User: Error assigning one or more roles 2016/05/18 15:36:55 [DEBUG] Processing User Profile Data annbar 2016/05/18 15:36:55 [DEBUG] User Profile Update Success 2016/05/18 16:36:56 [ERROR] Unable to write to log XML syntax error on line 6: element <hr> closed by </body> 2016/05/18 16:36:56 [ERROR] Unable to write to log 2016/05/18 16:36:56 [DEBUG] Buffer For Job: 101 - Worker: 1 - User: annjon 2016/05/18 15:36:55 [DEBUG] Update User: annjon 2016/05/18 15:36:55 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: [mobile] 2016/05/18 15:36:56 [DEBUG] Add Role to User: Self Service User 2016/05/18 15:36:56 [DEBUG] Add Role to User: Basic User Role 2016/05/18 15:36:56 [ERROR] Unable to Assign Role to User: Error assigning one or more roles 2016/05/18 15:36:56 [DEBUG] Processing User Profile Data annjon 2016/05/18 15:36:56 [DEBUG] User Profile Update Success Thanks, Samuel ps. It's home time for me now, i really appreciate the attention to this query Trevor Have a good evening! 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel I think its going to be best to arrange a remote session though Victor which i will jump in on and see if we can get to the bottom of this. Can you log a call with support in the morning and let us know when you are free and we can book something in. Cheers Trevor 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 18, 2016 Share Posted May 18, 2016 Hi Samuel I recreated the issue then realised i had left a hardcoded count of 100 for the number of records to process, i do apologize for that. Version 2.0.3 corrects the issue with it stopping at 101 users in dry run. As for the other issues you were getting we can look it in a remote session if you need. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
samwoo Posted May 19, 2016 Author Share Posted May 19, 2016 Hi Trevor, It looks like it works now! I realised now that some users in Active Directory doesn't have some of the attributes hence the reasons its failing for them. I accidentally ran the LDAP tool without the dryrun parameter and updated 250 ish users (i stopped the import at this point) and they even have the relevant Job Roles assigned to them too. Thank you very much for all your assistance Trevor, where's the Kudos button on the forum? Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted May 19, 2016 Share Posted May 19, 2016 Hi Samuel Not a problem glad its all working for you now. Regards Trevor Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now