Saviynt Forums

kunal_saxena · ‎09/27/2023

Hi Everyone,

We have configured a connection for onboarding an LDAP application, i.e., an ODSEE LDAP. After configuring the connection, we have created security system and endpoint as well.

Created Job trigger to run full account import (Single threaded)

On running the job, no accounts are imported. Also, the job runs for a long time and then eventually fails without importing any account.

Below is the error observed in the logs:

2023-09-27T12:50:05.038259157Z stdout F 2023-09-27 12:50:05,038 [quartzScheduler_Worker-4] DEBUG services.AdImportService - error --
2023-09-27T12:50:05.038286357Z stdout F java.lang.ArrayIndexOutOfBoundsException: 1
"2023-09-27T12:50:05.038290857Z stdout F at com.saviynt.ecm.services.AdImportService.getRealValue(AdImportService.groovy:2334)"
"2023-09-27T12:50:05.038296557Z stdout F at com.saviynt.ecm.services.AdImportService$_mapDataToDbAccounts_closure21_closure92_closure93_closure96.doCall(AdImportService.groovy:1768)"
"2023-09-27T12:50:05.038312857Z stdout F at com.saviynt.ecm.services.AdImportService$_mapDataToDbAccounts_closure21_closure92_closure93.doCall(AdImportService.groovy:1765)"
"2023-09-27T12:50:05.038317057Z stdout F at com.saviynt.ecm.services.AdImportService$_mapDataToDbAccounts_closure21_closure92.doCall(AdImportService.groovy:1692)"
"2023-09-27T12:50:05.038320957Z stdout F at com.saviynt.ecm.services.AdImportService$_mapDataToDbAccounts_closure21.doCall(AdImportService.groovy:1691)"
"2023-09-27T12:50:05.038324958Z stdout F at com.saviynt.ecm.services.AdImportService.mapDataToDbAccounts(AdImportService.groovy:1688)"
"2023-09-27T12:50:05.038328358Z stdout F at com.saviynt.ecm.services.AdImportService.getLdapResultAndExecute(AdImportService.groovy:4278)"
"2023-09-27T12:50:05.038331958Z stdout F at com.saviynt.ecm.services.AdImportService.doImportInternal(AdImportService.groovy:911)"
"2023-09-27T12:50:05.038335158Z stdout F at com.saviynt.ecm.services.AdImportService.doImport(AdImportService.groovy:184)"
"2023-09-27T12:50:05.038338458Z stdout F at com.saviynt.ecm.integration.ExternalConnectionCallService.invokeExternalMethod(ExternalConnectionCallService.groovy:193)"
"2023-09-27T12:50:05.038341758Z stdout F at SapImportJob.execute(SapImportJob.groovy:109)"
"2023-09-27T12:50:05.038344858Z stdout F at org.quartz.core.JobRunShell.run(JobRunShell.java:199)"
"2023-09-27T12:50:05.038347858Z stdout F at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"

Any suggestions as to what could be the issue?

Thanks,

Kunal

Manu269 · ‎09/27/2023

@kunal_saxena few items to be checked :

1. Verify the SEARCHFILTER : from where you want to import objects identities

2. Verify the OBJECTFILTER : This is Used to import the accounts for the base filter domain name mentioned in SearchFilter.

3. STATUS_THRESHOLD_CONFIG : Specify this parameter if you want to read the status of an account in the target application and update the same status for that account in EIC such as Active, Inactive, or Suspended from import service.

4. Account Attribute Import mapping json.

Manish Kumar

kunal_saxena · ‎09/28/2023

Hi @Manu269 ,

Thanks for the reply. We have verified the following fields:

1. SEARCHFILTER - Initially we had specified the root of the ODSEE server. But later, we had specified a specific OU.

2. OBJECTFILTER - We have specified the LDAP filter for only returning employees & contractor accounts.

3. STATUS_THRESHOLD_CONFIG - We have specified this parameter as follows:

{
"statusAndThresholdConfig":
{
"statusColumn":"customproperty25",
"activeStatus":["active"],
"deleteLinks": true,
"accountThresholdValue" : 1000,
"correlateInactiveAccounts":true,
"inactivateAccountsNotInFile":false,
"deleteAccEntForActiveAccounts":false
}
}

4. Account Attribute Import mapping json - It is specified as below: (some organization specific mapping I have removed here)

[
DISPLAYNAME::cn#String,
NAME::cn#String,
ACCOUNTCLASS::objectClass#String,
ACCOUNTID::uid#String,
CUSTOMPROPERTY1::givenName#String,
CUSTOMPROPERTY2::sn#String,
CUSTOMPROPERTY3::mail#String,
CUSTOMPROPERTY4::eatonManagerId#String,
CUSTOMPROPERTY5::ou#String,
CUSTOMPROPERTY6::street#String,
CUSTOMPROPERTY7::l#String,
CUSTOMPROPERTY8::st#String,
CUSTOMPROPERTY9::postalcode#String,
CUSTOMPROPERTY10::c#String,
CUSTOMPROPERTY11::title#String,
CUSTOMPROPERTY27::nsUniqueId#String,
CREATED_ON::createTimestamp#customDate–yyyyMMddHHmmss,
CREATOR::creatorsName#String,
UPDATEDATE::modifyTimestamp#customDate–yyyyMMddHHmmss,
UPDATEUSER::modifiersName#String,
RECONCILATION_FIELD::CUSTOMPROPERTY27
]

Diwakar · ‎10/13/2023

Hi,

Is this resolved for you? I am also facing the same with AD account import. Please let us know the fix if its working for you!

Regards,

Diwakar.

Dave · ‎10/16/2023

Hi @Diwakar - It might be best to start your own thread on this issue. You can always include a link to this post letting people know that you have already tried the suggestions by Manu269.

kunal_saxena · ‎10/17/2023

Hi @Diwakar ,

This issue got resolved when I removed some of the operational attributes that I was earlier trying to reconcile. Within the connection, in the ACCOUNT_ATTRIBUTE I removed the operational attributes mapping and then the issue got resolved.

I would suggest to set the LDAP filter to just import 1 account in the connection. Then, modify the ACCOUNT_ATTRIBUTE to see which attribute is causing the problem.

Thanks,

Kunal

Saviynt Forums

Account import job for ODSEE LDAP failing