The LDAP Group Synchronization on UVMS do not retrieve all the Groups defined in LDAP/Active Directory.

Document ID : KB000087068
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
There is no error message but the synchronization log does not show that all the groups and users have been retrieved and created on Uiviewer Management Server:

 2013-06-06 12:48:22 | -------------------------------------------- 
| 2013-06-06 12:48:22 | Starting Synchronization of groups with LDAP 
| 2013-06-06 12:48:22 | -------------------------------------------- 
| 2013-06-06 12:48:25 | Connecting to LDAP: [LDAP Repository] 
| 2013-06-06 12:48:25 | 0 matching group(s) retrieved 
| 2013-06-06 12:48:25 | 0 matching user(s) retrieved 
| 2013-06-06 12:48:25 | 0 group(s) were deleted from UVMS 
| 2013-06-06 12:48:25 | 0 group(s) were created on UVMS 
| 2013-06-06 12:48:26 | 0 login(s) were deleted from UVMS 
| 2013-06-06 12:48:26 | 0 login(s) were created on UVMS 
| 2013-06-06 12:48:26 | 2 login(s) could not be deleted because they are member of internal groups 
| 2013-06-06 12:48:26 | - orsyp 
| 2013-06-06 12:48:26 | - duadmin 
| 2013-06-06 12:48:26 | The synchronization of groups is over 

Patch level detected:Univiewer Management Server 4.0.00
Product Version: Dollar.Universe 6.0.0

Description :The LDAP Group Synchronization on UVMS do not retrieve all the Groups defined in LDAP/Active Directory.
Environment:
OS: All
OS Version: ALL OS
Cause:
Cause type:
Configuration
Root Cause: The LDAP_SYNCHRONIZATION_MODE was not properly set or it set to M.
Resolution:
In order to make sure the LDAP Group Synchronization retrieves all Groups, please follow the procedure below:

-Turn on LDAP Synchronization with the following command:


-Turn on auto-registration of users by setting the AUTO_REGISTRATION variable to Y


If this variable is set to N, a valid LDAP login that is not declared in the UVMS will be refused access.
If this variable is set to Y, the record of a valid LDAP login will be automatically created in the UVMS on the first connection attempt.


-Enable the update Membership at login. When The AUTHENTICATION_MODE is set to "S", it's possible to turn on the update of membership at login by setting the LDAP_MEMBERSHIP_AT_LOGIN variable to Y When this function is activated, every time a user connects to UVMS through UVC, its groups membership is checked on LDAP.This mean that the credentials of that users will match what's defined on LDAP at the time of the login.



-Enable the synchronization type. There are two types of synchronizations which can be enabled by setting the LDAP_SYNCHRONIZATION_MODE variable.

F (Filter): All groups are automatically retrieved from LDAP.

M (Manual): The synchronization will only update the LDAP groups that are already defined in UVMS.


If you want to retrieve all Groups, you need to define it to F.



-Define the Synchronization frequency in hours:

Example:




-Restart UVMS and try to manually synchronize LDAP.

Fix Status: No Fix
 
Additional Information:
Workaround :
N/A