Skip to content

LDAP Sync issues

role-level-auth-architecture.png

How-to troubleshoot

LDAP Sync Service is not synchronizing data from the Windows AD, even when manually requested from the Security Administration site.

Troubleshooting issues on LDAP Sync Service when is not working should be approached with the architectural design in mind. Below, we present a sequence of steps to be followed in order to triage an issue.

  1. Ensure LDAP Sync Windows Service is installed.
    • Security Sync service and LDAP Sync Service cannot be installed on the same server. Security Sync service should be installed on an Origin/Claims server.
  2. Ensure LDAP Sync Windows Service is running.
  3. Review potential error logged. Points 4, 5 and 6 covers the most probable source of those errors. Logs can be found at:
    • At filesystem, by default at C:\TEMP\logs\sequel-security-ldap-sync\log-{Date}.txt (check RollingFileLoggingSettings at appsettings.json file. Logs during start-up.
    • At the associated Sequel.Core.Logging database (check MsSqlLoggingSettings at appsettings.json file). Logs after start-up.
  4. Review RabbitMQ configuration:
    • Check on LDAP service, the appsettings.json file: MessageBusSettings entry should be configured to use the same virtual host than the rest of the environment.
    • Access to RabbitMQ console and review messages are published by Security API to queue LdapSyncRunProcess, associated to message type Sequel.Security.MessageBus.Contracts.LdapSync.v1.RunProcess; when manual sync is forced from the Administration site.
    • Access to RabbitMQ console and review messages are consumed by the LDAP Sync service from queue LdapSyncRunProcess, associated to message type Sequel.Security.MessageBus.Contracts.LdapSync.v1.RunProcess.
  5. Security services configuration:
    • Review ServiceDiscoverySettings.RequiredServices[Authentication] and AuthenticationSettings at appsettings.json file, for connectivity with Security Authentication Service.
    • Review ServiceDiscoverySettings.RequiredServices[SecurityApi] at appsettings.json file, for connectivity with Security API Service.
  6. Windows AD integration:
    • Review LdapConnection at appsettings.json file.
      • Do we have network connectivity to the defined Host and Port?
      • Credentials issues? Did we check the DN and Password values?
      • Errors running LDAP queries? In this case, go to Security Administration to review the configuration