Unable to remove user from DataSync
This document (7012163) is provided subject to the disclaimer at the end of this document.
Removing user from group does not update to datasync
Unable to remove user account from WebAdmin
Some user accounts can't be removed
Errors in /var/log/datasync/configengine/engine.log:
[LDAPPoll_thread] [directory:280] [userID:] [eventID:] [objectID:]  Adding user: cn=user1,ou=users,o=novell to connector default.pipeline1.mobility failed with Failure .
- See TID 7015282 - How to install dsapp on a Mobility server.
Note: Once dsapp is loaded, proceed with the steps below.
- Select Database
- Enter 'y' to stop Mobility services
- Select Fix targets/membershipCache
Note: The LDAP server will be contacted for a list of membership of Mobility groups.
- Approve the list of Group Membership:
- If the list appears correct, such as the following, enter y:
- If the list shows anything other than a formatted list like the above, enter n and proceed with the steps provided in additional information. There could be trouble contacting the LDAP server or the admin user provided for Mobility has insufficient privileges.
Restarting DataSync will increase referenceCounts in targets table of groupwise database by 1 with the following error in /var/log/datasync/configengine/engine.log:
[LDAPPoll_thread] [directory:280] [userID:]
[eventID:] [objectID:]  Adding user: cn=user1,ou=users,o=novell to connector default.pipeline1.mobility failed with Failure .
referenceCounts increases by 1 because the user is in the targets table, but not in the membershipCache table. It cannot be added to membershipCache because it is already in targets. The steps outlined in this TID should resolve this issue.
StatusReported to Engineering
- Make sure to download and install DataSync build 299 or later. At the time of writing this TID, build 299 has not been released. Please contact Novell Technical Services to get the build. See How to update Mobility for updating instructions.
Also, the latest-released version can be downloaded from: https://download.novell.com/patch/finder
- Verify desired groups are in WebAdmin. http://<serverAddress>:8120
- List group(s) out by Fully-Distinguished Name (FDN) for later steps:
- Verify a list of users from the desired groups are returned using LDAP:
and Paste the command below into a terminal window on the Mobility
server after replacing the following variables with those correct in
context of your unique environment:
ldapsearch -x -H ldap://myldapserver.com -D cn=myadmin,o=novell -w mypassword -b cn=mobilityGroup,o=novell | perl -p00e 's/\r?\n //g' | grep member: | cut -d ":" -f 2 | sed 's/^[ \t]*//' | sed 's/^/"/' | sed 's/$/","cn=mobilityGroup,o=novell"/' | sed '1s/^/memberdn,groupdn\n/'
- myldapserver.com with the Domain/IP address of your LDAP server
- cn=myadmin,o=novell with a user who has rights to see members of the desired groups (preferably an admin)
- mypassword with the above user's password
- cn=mobilityGroup,ou=users,o=novell with the FDN of the group (one group at a time)
- Verify the following command returns a list of users for each group you have in DataSync WebAdmin. Here is an example:
- If the command returns a list similar to what is found above, then copy the working command to a text editor for safe-keeping and proceed with Step 4. Otherwise, troubleshoot LDAP connectivity.
- Clear membershipCache table:
- Open a terminal window for the Datasync server and type rcdatasync stop to stop all the datasync services.
- Type the following command:
psql -U datasync_user datasync
- Enter password for the datasync database. If the database password is not known, please check /etc/datasync/configengine/configengine.xml file as the password is stored in plaintext in the following format:
- Type the following command:
delete from "membershipCache";
- Insert list of users from desired groups into membershipCache table:
- Append the following to the working LDAP command generated from Step 3:
| psql -U datasync_user datasync -c "\copy \"membershipCache\"(memberdn,groupdn) from STDIN WITH DELIMITER ',' CSV HEADER"
- An example of the entire command will look similar to the following:
ldapsearch -x -H ldap://myldapserver.com -D cn=myadmin,o=novell -w mypassword -b cn=mobilityGroup,o=novell | perl -p00e 's/\r?\n //g' | grep member: | cut -d ":" -f 2 | sed 's/^[ \t]*//' | sed 's/^/"/' | sed 's/$/","cn=mobilityGroup,o=novell"/' | sed '1s/^/memberdn,groupdn\n/' | psql -U datasync_user datasync -c "\copy \"membershipCache\"(memberdn,groupdn) from STDIN WITH DELIMITER ',' CSV HEADER"
- From a new terminal window: Copy & Paste the joined command into a terminal window on the Mobility server and press [Enter]
- Verify the list of users has been properly inserted into the database:
select * from "membershipCache";
- The above command should return a list similar to the following:
memberdn | groupdn
cn=admin,o=novell | cn=mobilityGrp,o=novell
cn=user1,ou=users,o=novell | cn=mobilityGrp,o=novell
cn=user2,ou=users,o=novell | cn=mobilityGrp,o=novell
cn=user3,ou=users,o=novell | cn=mobilityGrp,o=novell
- Correct referenceCount issue in targets table:
- Type the following command within the postgres database:
update targets set "referenceCount"='1' where disabled='0';
- Type \q to exit the database.
- Type rcdatasync start to bring datasync services back online.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7012163
- Creation Date:17-APR-13
- Modified Date:26-JUN-14
- NovellGroupWiseGroupWise Mobility Service
Did this document solve your problem? Provide Feedback