This topic has 3 replies, 2 voices, and was last updated 6 years, 4 months ago by sebek.

  • Author
    Posts
  • #10367
     sebek
    Participant

    Hi all,

    I am using version 4.0.0 of OpenIDM. I am using synchronization between two connectors Database table connector and Ldap connector for users. First one is using as source and the second as target. Unfortunately another software can add users to the LDAP.
    When exist user in source and in target without link should be marked as “FOUND” situation. But OpenIDM this situation marks as ABSENT and lists exception to the log: “System object uid=XXX,ou=People,dc=example,dc=com already exists”.
    In the end anyway IDM deletes this entry in the LDAP. In the log of LDAP I find out that at first was searching relevant entry with success and subsequently this relevant entry was deleted.
    Can You me advise why it is happening

    Pavel

    #10368
     laurent.bristiel
    Participant

    Hi,
    to hit the FOUND situation, did you set up a correlation query so that OpenIDM knows how to match accounts?
    See https://forgerock.org/openidm/doc/bootstrap/integrators-guide/index.html#correlation-queries-configuring
    Laurent

    #10393
     sebek
    Participant

    Hi,

    I thought that correlation query is important only for multiple target objects.
    Okay so i tried set this

    “correlationScript” : {
    “type” : “text/javascript”,
    “globals” : { },
    “source” : “var qry = {‘_queryFilter’: ‘uid eq \”‘ + source.associates_id + ‘\”‘}; qry”
    }

    where the uid is attribute in target LDAP and associates_id is source attribute. But I have another problem. In the log I can see this:

    INFO: Reconciliation reported exception
    org.forgerock.openidm.sync.impl.SynchronizationException: Synchronization failed
    at org.forgerock.openidm.sync.impl.ObjectMapping.doRecon(ObjectMapping.java:1056)
    at org.forgerock.openidm.sync.impl.ObjectMapping.recon(ObjectMapping.java:920)
    at org.forgerock.openidm.sync.impl.ReconciliationService.reconcile(ReconciliationService.java:401)
    at org.forgerock.openidm.sync.impl.ReconciliationService.access$000(ReconciliationService.java:91)
    at org.forgerock.openidm.sync.impl.ReconciliationService$1.run(ReconciliationService.java:357)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
    Caused by: org.forgerock.openidm.sync.impl.SynchronizationException: Exception in executing recon task /0: Expecting a value

    I think that problem is in the connector database table or in configuration of its. Because if I tried REST
    “__ACCOUNT__?_queryFilter=_id+eq+13243&_fields=associates_id,_id'”
    I can see this:
    {
    “remainingPagedResults”: -1,
    “totalPagedResults”: -1,
    “totalPagedResultsPolicy”: “NONE”,
    “pagedResultsCookie”: null,
    “resultCount”: 1,
    “result”: [
    {
    “associates_id”: 8949,
    “_id”: “13243”
    }
    ]
    }

    But if I tried this “__ACCOUNT__?_queryFilter=associates_id+eq+”8949″&_fields=associates_id,_id”
    Does not appear to no result.

    The attribute associates_id has in database type INT and in the connector is configure as follows:
    “associates_id” : {
    “type” : “number”,
    “nativeType” : “integer”,
    “nativeName” : “associates_id”,
    “required” : true
    },

    As keyColumn is used uniquie_id (_id) which is defined also as type INT in the database.

    I don’t know why I see no result after

    Pavel

    #10428
     sebek
    Participant

    Hi,

    so I solved both problems.

    The first problem was solved by the correlation query and the second by correction nativetype in the configuration of the connector

    thank you for the advice

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?