- Community Home
- >
- Networking
- >
- IMC
- >
- IMC UAM 7.2 LDAP sync issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2016 09:15 AM
тАО04-22-2016 09:15 AM
IMC UAM 7.2 LDAP sync issue
Hi,
After upgrading from IMC 7.0 to 7.2 (via 7.1 of course) I have faced a strange issue. Sometimes during the nightly LDAP synchronization IMC starts to remove users from Access User database like they are expired/non-existent users. It cancels the accounts. It doesn't happen always but when it happens I have to restore the database from previous backup. The same can be reproduced by manual syncing. Most of the times IMC synchronizes user attributes well, removes only those users which are inactivated in LDAP however rarely it happens that it removes most of the users (thousands of users). This causes BYOD users to re-register their devices.
Our LDAP server is Solaris 10 (Sparc), directory proxy and Directory itself is ODSEE (Oracle Directory Server Enterprise Edition) 11.1.3.0.
Has anyone noticed this kind of problem? I do know that it did not exist with IMC 7.1 base version (no patches) however I don't know whether it was introduced by later 7.1 patches or by 7.2 version.
Thanks
Istvan
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2016 04:35 PM
тАО04-22-2016 04:35 PM
Re: IMC UAM 7.2 LDAP sync issue
Not having that particular problem but a different (maybe related?) issue with iMC_UAM_7.2_E0405 that forced me to roll back to 7.1
Some 802 users would fail to authenticate with E63117: system unknown error. I noticed this within a short time of upgrading, so did not get to the autosync time for the LDAP db.
But could imagine a possible mode where user record is corrupted so that authentication would not occur and subesequent sync might remove the user, like canceleing or blacklisting perhaps?
A case was opened and escalated as other customers were preorted to be having "similar" issues - do not know which ones. That was about a month ago.
Have you logged a case with HPE?
- Tags:
- uam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2016 12:09 AM
тАО04-26-2016 12:09 AM
Re: IMC UAM 7.2 LDAP sync issue
Hi,
So far I have not logged a case with HP but will do so.
Regarding the downgrade my problem is that although I have the 7.1 database backup however now 4 weeks passed and a lots of new users registered. If I downgrade I have to make sure that all newly registered users and their device mac addresses are transferred to 7.1. Now this seems to be a challenge because of several reasons:
1. Although IMC has a batch user export menu, in 7.2 GUI it has disappeared
2. Even if I can export new users, their device mac addresses cannot be exported/imported
I think here only a good SQL script could help that exports access and platform user accounts and their registered device mac addresses... If someone knows which tables to export/import please let me know.
Thanks
Istvan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2016 03:10 PM - edited тАО04-27-2016 03:17 PM
тАО04-27-2016 03:10 PM - edited тАО04-27-2016 03:17 PM
Re: IMC UAM 7.2 LDAP sync issue
The table ead.tbl_acm_user seems to have some of what you want, for the user, both ldap and MAC.
you might also want to look at the ead.tbl_acm_service table - looks like thats where the services the user is linked to are stored.
BTW if you haven't setup a backup server using the same license I'd recommend it. It can continue to do authentication when the main server is offline being upgraded
PS - I have not done an extract then restore using SQL so my info is based on browsing the tables -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2016 07:23 AM
тАО05-12-2016 07:23 AM
Re: IMC UAM 7.2 LDAP sync issue
Thanks for the hints. I will check it.
Of course we have a stateless failover setup so the standby server takes over authentications however new users cannot register their devices for BYOD.
I have installed the latest UAM 7.2 E405P02 patch but the following day UAM process has been frozen so I had to restart it. I was expecting this patch cures at least this freezing (at least the release notes mention that too many transparent authentication request could cause database connectivity break and this has been fixed). I don't know whether LDAP sync will be any better with it, now I set the sync period to 7 days and cross my fingers each week that it goes well... but I have to downgrade to 7.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2016 09:23 AM
тАО05-12-2016 09:23 AM
Re: IMC UAM 7.2 LDAP sync issue
UAM 7.2 E405P03 has been posted. However this has not fixed my problem.
Does mention a fix for large LDAP syncs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2016 03:35 PM
тАО05-13-2016 03:35 PM
Re: IMC UAM 7.2 LDAP sync issue
Spent time with HP regarding the 802.1x issue I was having. This is a problem for me with mixed MAC and 802.1x on the same port.
User would authenticate once succesfully using 802.1x, register the MAC address as the account ID and then subsequently no longer authenticate with 802.1x
Problem is with mschapserverV2. There was lab code that seems to fix this issue that we tested. However next patch is probably a couple of months out.