This topic has 7 replies, 3 voices, and was last updated 5 years, 4 months ago by 
-
Posts
-
Hi,
I first though that LiveSync was polling every data from external resources (opendj in my case), but it seems like newly created account on opendj were not polled and therefore created on openIDM repo.
Is this a normal behavior ? or is openIDM supposed to poll new account from DJ and replicate them inside its own repository ?
Thanks
There are two ways that OpenIDM recognizes changes in a source against which it is running LiveSync – either through a) timestamps or b) through the ChangeLog (cn=changelog). Using timestamps will cause OpenIDM to perform a search against all records added or modified after the last time it performed the check. This can be a pretty intrusive search if you are performing this every few seconds or minutes – especially when you have hundreds of thousands of entries (or more) in your directory. A more efficient method of detecting changes is by monitoring the OpenDJ ChangeLog, but this assumes that you have enabled the ChangeLog in the first place and have granted access to it by the OpenIDM user via ACIs. To enable the ChangeLog, you simply enable replication between your OpenDJ servers. Don’t have more than one server? No problem, @ludo provides a nice blog entry on how to enable the ChangeLog on one instance here: https://ludopoitou.com/2011/05/11/opendj-enabling-the-external-change-log-on-a-single-server/.
Hi Bill,
thanks a lot for your quick answer, I do have 2 opendj servers, with replication enabled, so I guess I do have changelog enabled, but how could I check which method is used by openidm for livesync ?
So you confirm that openIDM is supposed to be aware of new accounts created on opendj ? (at least using the changelog technique)
Thanks Bill for your answer
Use of the ChangeLog is the default and yes, it should be aware of new accounts created. OpenIDM ships with a sample for running LiveSync against AD but it uses OpenDJ to demonstrate this. You might want to give Sample 6 (LiveSync With an AD Server) a look.
Thanks Bill.
I did use the sample 6 since the beginning as it was the closest sample to our real use-case.
It was working but at a specific time some accounts were not replicated, so I though I misunderstood something, but looks like I did not do anything wrong.
Thanks a lot for the enlightenment Bill
You can query the changelog manually to see if the new records are showing up there. Also, check your openidm sync logs to see if there are any errors which might have prevented the account creation.
You must be logged in to reply to this topic.
