Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory access import failing with below error

SumathiSomala
All-Star
All-Star

‎07/20/2023 05:39 AM

Hi Team,

I ran application data import job to import entitlement form AD. All entitlements imported into saviynt successfully but job is failing with will error

Failed to import one or more object types. Check the Job Log Details page for more information.

i found this error in logs:

2023-07-20T17:48:42+05:30-userms-Uncaught exception thrown|org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe| at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353) ~[tomcat-embed-core-9.0.54.jar!/:na]| at org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:783) ~[tomcat-embed-core-9.0.54.jar!/:na]| at org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:688) ~[tomcat-embed-core-9.0.54.jar!/:na]| at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:388) ~[tomcat-embed-core-9.0.54.jar!/:na]| at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:366) ~[tomcat-embed-core-9.0.54.jar!/:na]| at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:96) ~[tomcat-embed-core-9.0.54.jar!/:na]|Caused by: java.io.IOException: Broken pipe| at java.base/sun.nio.ch.FileDispatcherImpl.write0(Native Method) ~[na:na]| at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47) ~[na:na]| at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113) ~[na:na]| at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:79) ~[na:na]| at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50) ~[na:na]| at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:462) ~[na:na]|

 

Any idea on this?

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Labels:
Preview file
69 KB
0 Kudos
19 REPLIES 19

naveenss
All-Star
All-Star

‎07/20/2023 05:45 AM

Hi @SumathiSomala ,

What is the total number of entitlements you are trying to import from target? Also, was this import working before successfully?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to naveenss

‎07/20/2023 05:50 AM

Hi @naveenss ,

Thanks for the reply.

Total 318 entries.

was this import working before successfully?

No,Failed in first attempt only.

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

naveenss
All-Star
All-Star
In response to SumathiSomala

‎07/20/2023 05:59 AM

Can you confirm if account import and user import from AD was running at the same time? Also, are you seeing this error in every consecutive runs? Can you once try running the account import job when none of the other jobs are running in the system?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to naveenss

‎07/20/2023 06:13 AM

Account import job was successful.

Access import job is failing.

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

jayendraraju
New Contributor III
New Contributor III

‎07/21/2023 08:01 AM

Hi @naveenss

Can you confirm if account import and user import from AD was running at the same time? --User Import and Access import job is successful, we have run then one after the other.

 Also, are you seeing this error in every consecutive runs?-   Yes

Can you once try running the account import job when none of the other jobs are running in the system?---- we have done that but still the same.

0 Kudos

pmahalle
All-Star
All-Star
In response to jayendraraju

‎07/21/2023 09:34 AM

What’s your reconciliation field configured in ACCOUNT_ATTRIBUTE. Also which attribute from AD mapped to accountID?


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

SumathiSomala
All-Star
All-Star
In response to pmahalle

‎07/23/2023 08:21 PM

What’s your reconciliation field configured in ACCOUNT_ATTRIBUTE. Also which attribute from AD mapped to accountID?

cuustomPropErty17:distinguishedName_char,
RECONCILATION_FIELD:customPropeRty17
accountid::objectGUID#Binary

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

naveenss
All-Star
All-Star
In response to SumathiSomala

‎07/23/2023 08:23 PM

can you please share the full json for account and group mapping?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

pmahalle
All-Star
All-Star
In response to SumathiSomala

‎07/23/2023 09:07 PM

Hi @SumathiSomala ,

Make sure to keep recon field value and value store in account id is same.

Can you change reconciliation_field mapping with with accountID since you mapped accountID with objectguid like below:

RECONCILIATION_FIELD:ACCOUNTID,

ACCOUNTID::objectGUID#Binary

Then run, full account import and full access import in the sequence.

 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

dgandhi
All-Star
All-Star
In response to jayendraraju

‎07/21/2023 11:03 AM

Can you paste screenshot of your job? Want to make sure that config is correct in the job.

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

0 Kudos

SumathiSomala
All-Star
All-Star
In response to dgandhi

‎07/23/2023 08:24 PM

Hi @dgandhi ,

Attached the screenshot of job 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Preview file
42 KB
0 Kudos

naveenss
All-Star
All-Star
In response to SumathiSomala

‎07/23/2023 08:59 PM

Can you also run the import as a "Application Data Import (Multi Threaded)" job type? Currently I see this to be a single threaded.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/23/2023 09:05 PM

Please restart server and try again


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

jayendraraju
New Contributor III
New Contributor III

‎07/26/2023 02:45 AM

Hi All

We have established AD connector to pull users, accounts and access. The connection is working fine for user and Account import. when we have run the job(Application Data Import (Single Threaded) ) to fetch the accounts, entitlements related to the accounts are also been fetched to saviynt.

But when we are running job to fetch the only access the job is getting failed and throwing broken pipe exception

Please find below

group import Json1: 
{"entitlementTypeName":"memberOf","performGroupAccountLinking":"true",
"importnestedmembershipoutofscope":"true","incrementalTimeField":"when
Changed","groupObjectClass":"(objectclass=group)","mapping":"memberHas
h:member_char,customproperty1:sAMAccountType_char,customproperty16:mem
berOf_char,customproperty2:instanceType_char,
customproperty3:uSNCreated_char,customproperty4:groupType_char,customp
roperty5:dSCorePropagationData_char,customproperty12:dn_char,
customproperty13:cn_char,lastscandate:whenCreated_date,customproperty1
5:managedBy_char,entitlement_glossary:description_char,customproperty9
:name_char,
customproperty10:objectCategory_char,customproperty11:sAMAccountName_c
har,customproperty14:objectClass_char,status:isCriticalSystemObject_ch
ar,
entitlement_value:distinguishedName_char,entitlement_id:distinguishedN
ame_char,customproperty17:distinguishedName_char,updatedate:whenChange
d_date, RECONCILATION_FIELD:customproperty17"}

GroupImportJson2:

{
"importGroupHierarchy": "true",
"entitlementTypeName":"groups",
"performGroupAccountLinking":"false",
"incrementalTimeField":"whenChanged",
"advanceGroupFilter":
{"memberOf":
{"OU=Network Shares,OU=SDPB Groups,DC=SDPB,DC=LOCAL":
["(&(objectClass=group)(displayName=Executives-ReadOnly))"],
"OU=Security Groups,OU=SDPB Groups,DC=SDPB,DC=LOCAL":
["(&(objectClass=group)(displayName=AppSupport))"],
"OU=SharePoint Groups,OU=SDPB Groups,DC=SDPB,DC=LOCAL":
["(&(objectClass=group) (displayName=SP-Facilities.Visitor))"]
}
},
"mapping":"memberHash:member_char,customProperty1:sAMAccountType_char,
customProperty2:instanceType_char,customProperty3:uSNCreated_char,
customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,
customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,
customProperty15:managedBy_char,entitlement_glossary:description_char,
description:description_char,customProperty9:name_char,customProperty10:objectCategory_char,
customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,
customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,
RECONCILATION_FIELD:customPropeRty17,customProperty18:objectGUID_Binary",
"activeGroupPossibleValues": ["active","a","l","TRUE"]
}

Your inputs are appreciated. 

0 Kudos

pmahalle
All-Star
All-Star
In response to jayendraraju

‎07/26/2023 02:56 AM - edited ‎07/26/2023 02:57 AM

Hi @jayendraraju ,

Can you try with below groupImportMapping JSON

{
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"importGroupHierarchy": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customproperty1:sAMAccountType_char,customproperty16:memberOf_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty14:objectClass_char,status:isCriticalSystemObject_char,entitlement_value:distinguishedName_char,entitlement_id:distinguishedName_char,customproperty17:distinguishedName_char,updatedate:whenChanged_date, RECONCILATION_FIELD:customproperty17",
"activeGroupPossibleValues": [
"active",
"TRUE"
]
}


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

jayendraraju
New Contributor III
New Contributor III

‎07/26/2023 05:39 AM

Hi @pmahalle 

Thanks for the json.

Json is able to pull the accesses but job is getting failed.

Attached screenshots for your reference, please suggest.

jayendraraju_0-1690375068655.pngjayendraraju_1-1690375123670.png

 

0 Kudos

pmahalle
All-Star
All-Star
In response to jayendraraju

‎07/26/2023 06:00 AM - edited ‎07/26/2023 06:02 AM

Hi @jayendraraju ,

Seems like value size of memberof attribute for one or more groups in target AD having more than 255 characters and that's why it's failing, as standard size of entitlement customproperty16 db field is 255 chars. Anyhow you mapped memberof with CP16, which is not required so you can remove that or map to CP1-CP5 which are longtext. Try below:

{
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"importGroupHierarchy": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty14:objectClass_char,status:isCriticalSystemObject_char,entitlement_value:distinguishedName_char,entitlement_id:distinguishedName_char,customproperty17:distinguishedName_char,updatedate:whenChanged_date, RECONCILATION_FIELD:customproperty17",
"activeGroupPossibleValues": [
"active",
"TRUE"
]
}

 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

jayendraraju
New Contributor III
New Contributor III

‎07/28/2023 04:01 AM

Hi @pmahalle ,

The job status successful but entitlements which were correlated with accounts are deleted and in accounts entitlement hierarchy is not visible.
The same is happening when we run the account import job as well.

jayendraraju_0-1690542049728.png

 

0 Kudos

pmahalle
All-Star
All-Star
In response to jayendraraju

‎07/28/2023 04:31 AM

Hi @jayendraraju ,

1. Make sure "performGroupAccountLinking": "true". in groupimportmapping.

2. ENTITLEMENT_ATTRIBUTE  should be memberOf

pmahalle_0-1690543870855.png

 

Also, is there any objectfilter you are using? 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos
Copyright © 2024 Khoros, LLC