This topic has 4 replies, 4 voices, and was last updated 6 years, 4 months ago by [email protected].
-
AuthorPosts
-
December 5, 2014 at 7:34 pm #1597
[email protected]
ParticipantHello,
We’re attempting to set up AD password synchronization service with openIDM 3.0 and are failing miserably. I’m at a bit of a loss as to why I am unable to get the AD password sync to work. I believe that I have followed the instructions in the integrators guide properly and have used the sample keytool commands in samples/security/keystore_readme.txt to create the keystore and certificates.
There is nothing in the openIDM logs unless I turn up the log level to FINER where I can see the request. There is a success entry in the audit log.
The Password Sync Service throws the following in the error log:
2014-12-05 12:23:29.073 -0600 [1496:524] service init
#######################################
# OpenIDM Password Sync Service #
# Version: 2.1.0 #
# Revision: 35 #
# Build date: Jun 13 2013 15:57:46 #
#######################################2014-12-05 12:23:29.089 -0600 DEBUG [1496:2076] directory_time_worker(): starting (will fire at 60 second intervals)…
2014-12-05 12:23:30.165 -0600 DEBUG [1496:2276] file_worker(): authType set to “idm”
2014-12-05 12:23:30.165 -0600 DEBUG [1496:2276] file_worker(): authToken0 set to “openidm-admin”
2014-12-05 12:23:30.165 -0600 DEBUG [1496:2276] file_worker(): idmURL set to “http://10.128.101.32:8080/openidm/managed/user?_action=patch&_queryId=for-userName&uid=${samaccountname}”
2014-12-05 12:23:30.165 -0600 DEBUG [1496:2276] file_worker(): processing C:/sync/queue (1 files)
2014-12-05 12:23:30.165 -0600 DEBUG [1496:2276] file_worker(): reading file C:/sync/queue/D41D8CD98F00B204E9800998ECF8427E-20141205121059021.json
2014-12-05 12:23:30.228 -0600 DEBUG [1496:2276] file_worker(): data from user “tuser”
2014-12-05 12:23:30.228 -0600 DEBUG [1496:2276] send_post_request(): request uri:
/openidm/managed/user?_action=patch&_queryId=for-userName&uid=tuser
2014-12-05 12:23:30.228 -0600 DEBUG [1496:2276] send_post_request(): post size: 1430, data:
[{ “replace” : “/adPassword”, “value” : { “$crypto” : { “value” : { “data” : “w7aSxxfhkE2gUPEd4TfNfPseCPb7ri7pq8kMF3r30rE=”, “cipher” : “AES/ECB/PKCS5Padding”, “key” : { “data” : “LuD64zLKg+EyRMlyux1tYu1qAQ0QBIBpjxSXfv4fEdiZRNhLBfIZC+94CLfWw11lXu82x1tC4lQ5Aw0TUx6Vp8LuJ2SA+zIwEGqFi6FlTy3se7uSnTA71IOwmvYrgvALrEjcIh6NDhTPcnLYokvYdFlSxBNnymnWvdgqBIBG3JG88gi/hE18SqCdAGuHA0yzW9JRL1qVCkwB8WPzG9YbHULyE1LXoZI4v53eTBXV4EbEg0mqktPXF+5Fx0rV7PvrxEjKdqp4BfdV2/rNa3orYcnRumI9A/Uw6NDK6NGJaOqdkoxJOAHOVJZmhuuJ85oQyVnuWRQclQ5EEpaHLr23qg==”, “cipher” : “RSA/ECB/PKCS1Padding”, “key” : “openidm-localhost” } }, “type” : “x-simple-encryption” } }}]
2014-12-05 12:23:30.821 -0600 DEBUG [1496:2276] read_sync_response(): status code: 400, content length: 170
2014-12-05 12:23:30.821 -0600 ERROR [1496:2276] file_worker(): change request for user “tuser” failed. Network status: 400, error: 0, code: 0, response size: 170
2014-12-05 12:23:30.821 -0600 DEBUG [1496:2276] file_worker(): response:
{“code”:400,”reason”:”Bad Request”,”message”:”The request could not be processed because the provided content is not a valid JSON patch: /0/operation: Expecting a value”}Has anyone seen this error before or have any ideas as to what I can do to fix this issue?
Thanks for your help!
Pete
December 5, 2014 at 9:42 pm #1600Aron Kozak
SpectatorI’m looking internally, trying to get the right person to help answer this. Back soon!
December 5, 2014 at 11:40 pm #1604tim.sedlack
ParticipantHi Pete –
I think your request to replace the password is formed incorrectly – but trying to find the correct syntax for a replace is proving more difficult than I thought.
Are you actually doing curl commands here – or is this the sync service that’s returning this 400 error?
If it’s the service, then I suspect your keystore values/files have something amiss.
Is there a support case on this by chance?
Tim
December 6, 2014 at 1:49 am #1606Mike Jang
SpectatorHi Pete,
We’ve recently released a new version of the AD password sync plugin for production users, available from https://backstage.forgerock.com/#!/downloads/enterprise/OpenIDM .
If you haven’t yet tried the new plugin, you might try it. I know we’ve seen similar errors such as OPENIDM-1322.
FYI, we have also updated the documentation to reflect the changes associated with the password sync plugin in the Integrator’s Guide.
Let us know if that helps. We appreciate the feedback!
Thanks,
MikeDecember 8, 2014 at 4:30 pm #1717[email protected]
ParticipantThanks Guys. I’ll give that a shot.
-
AuthorPosts
You must be logged in to reply to this topic.