We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Unable to reconcile the Entitlements from AD

adityachadde
New Contributor III
New Contributor III
Hi Team,
 
We are trying to reconcile the entitlements from the Active Directory via ADSI Connection. The job is getting successfull but entitlements are not getting reconciled into the Saviynt.
We ran full as well as incremental access recon job both jobs are getting successfull but entitlments are not getting reconciled into the Saviynt. We have verified the logs there is no error specific to this in Saviynt Logs. 
 
We tried running below jobs:
 

ADSI_ACCESS_RECON_FULL

ADSI_Incremental_Access_Recon



We are using the same connection configurations in Saviynt QA instance when we ran the incremental recon job the entitlements are reconciled.
 
This is the blocker for our development. Please help us with this.
 
Best Regards,
Aditya Chadde
6 REPLIES 6

naveenss
All-Star
All-Star

Hi @adityachadde 

can you please share the JSON used for the entitlement import? Also was this working before?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Hi @naveenss ,

Please find the below json

{
"importGroupHierarchy": "true",
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:memberof_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,entitlement_value:distinguishedname_char,entitlementid:distinguishedname_char,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty18:objectguid_char,RECONCILATION_FIELD:customProperty18"
}

there is no issue in json it seems because same json is working in QA environment.

Best Regards,

Aditya Chadde

Can you also please share the logs for the recent run of access import?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

PFA For the logs.

we found below exception in logs

"ecm-worker","2023-06-15T07:22:14.607+00:00","{"log":"2023-06-15 07:22:14,095 [quartzScheduler_Worker-4] DEBUG adsi.AdsiImportService  - Total records returned by API : 0\n","stream":"stdout","time":"2023-06-15T07:22:14.095230622Z"}"
"userms","2023-06-15T07:22:14.083+00:00","{"log":"2023-06-15 07:22:13.172 ERROR [traceId=375e6827b684fc09, spanId=375e6827b684fc09, spanExportable=true, X-Span-Export=true, X-B3-SpanId=375e6827b684fc09, TENANT_ID=DEFAULT, X-B3-TraceId=375e6827b684fc09] 7 --- [http-nio-8480-exec-19] o.s.c.s.i.web.ExceptionLoggingFilter : Uncaught exception thrown|org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe|\u0009at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:783) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:688) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:388) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:366) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:96) ~[tomcat-embed-core-9.0.54.jar!/:na]|Caused by: java.io.IOException: Broken pipe|\u0009at java.base/sun.nio.ch.FileDispatcherImpl.write0(Native Method) ~[na:na]|\u0009at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:79) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50) ~[na:na]|\u0009at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:462) ~[na:na]| \n","stream":"stdout","time":"2023-06-15T07:22:13.172408907Z"}"
"userms","2023-06-15T07:22:14.083+00:00","{"log":"2023-06-15 07:22:13.177 ERROR [traceId=8215cef7f7f95168, spanId=8215cef7f7f95168, spanExportable=true, X-Span-Export=true, X-B3-SpanId=8215cef7f7f95168, TENANT_ID=DEFAULT, X-B3-TraceId=8215cef7f7f95168] 7 --- [http-nio-8480-exec-17] o.s.c.s.i.web.ExceptionLoggingFilter : Uncaught exception thrown|org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe|\u0009at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:783) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:688) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:388) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:366) ~[tomcat-embed-core-9.0.54.jar!/:na]|\u0009at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:96) ~[tomcat-embed-core-9.0.54.jar!/:na]|Caused by: java.io.IOException: Broken pipe|\u0009at java.base/sun.nio.ch.FileDispatcherImpl.write0(Native Method) ~[na:na]|\u0009at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:79) ~[na:na]|\u0009at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50) ~[na:na]|\u0009at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:462) ~[na:na]| \n","stream":"stdout","time":"2023-06-15T07:22:13.177901665Z"}"
"ecm","2023-06-15T07:22:13.990+00:00","{"log":"2023-06-15 07:22:12,994 [http-nio-8080-exec-1] DEBUG ws.Restfulv5Controller  - Disable Audit Logging : true\n","stream":"stdout","time":"2023-06-15T07:22:12.994275496Z"}"
"ecm","2023-06-15T07:22:13.990+00:00","{"log":"2023-06-15 07:22:12,995 [http-nio-8080-exec-1] DEBUG ws.Restfulv5Controller  - Default max limit is set to 50\n","stream":"stdout","time":"2023-06-15T07:22:12.995430125Z"}"
"ecm","2023-06-15T07:22:13.990+00:00","{"log":"2023-06-15 07:22:12,995 [http-nio-8080-exec-1] DEBUG ws.Restfulv5Controller  - inside getEcmVersion\n","stream":"stdout","time":"2023-06-15T07:22:12.995476693Z"}"
"ecm","2023-06-15T07:22:13.990+00:00","{"log":"2023-06-15 07:22:12,995 [http-nio-8080-exec-1] DEBUG services.SaviyntCommonUtilityService  - contentType - text/json\n","stream":"stdout","time":"2023-06-15T07:22:12.995598687Z"}"
"ecm","2023-06-15T07:22:13.990+00:00","{"log":"2023-06-15 07:22:12,996 [http-nio-8080-exec-1] DEBUG services.SaviyntCommonUtilityService  - contentTypeFromConfig - application/json\n","stream":"stdout","time":"2023-06-15T07:22:12.996078635Z"}"
"ecm","2023-06-15T07:22:12.989+00:00","{"log":"2023-06-15 07:22:12,976 [http-nio-8080-exec-1] DEBUG rest.JwtService  - Parsed an HMAC signed JWT\n","stream":"stdout","time":"2023-06-15T07:22:12.976458981Z"}"
"ecm","2023-06-15T07:22:12.989+00:00","{"log":"2023-06-15 07:22:12,977 [http-nio-8080-exec-1] DEBUG rest.JwtService  - Parsed an HMAC signed JWT\n","stream":"stdout","time":"2023-06-15T07:22:12.977107242Z"}"
"ecm","2023-06-15T07:22:12.989+00:00","{"log":"2023-06-15 07:22:12,981 [http-nio-8080-exec-7] INFO  domain.JobcontrolController  - Auditing for list of JobControl\n","stream":"stdout","time":"2023-06-15T07:22:12.981245757Z"}"

 

Hi @adityachadde ,

From the logs it looks like the communication is getting lost and the data is not fetched from ADSI agent. I also see that the connectionTimeout is not conifgured in your connector. Can you please configure this and retry the import? Please refer to the below documentation for the sample connectionTimeOutConfig.

https://docs.saviyntcloud.com/bundle/ADSI-v23x/page/Content/Configuring-the-Integration-for-Importin...

naveenss_0-1686909109717.png

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

adityachadde
New Contributor III
New Contributor III

Hi @naveenss,

connectionTimeOutConfig is already present in connection.

adityachadde_0-1686916010843.png

 

what else we should try?

Best Regards,

Aditya Chadde