Environment
Micro Focus iPrint Appliance 2.1
Situation
Most users import from the source directory to the iPrint Appliance's directory. However, some do not. Investigating the differences between importing and not importing users within the source directory doesn't reveal an explanation as to why some import and some don't.
Resolution
Workaround:
Force an invalid foreignName value within the MySQL database for the affected user or users. This will cause the User Import process to delete the user from the MySQL database the next the LDAP import is executed. Once you run the LDAP import a 2nd time, the user will import with the correct format for the foreignName and populated ldapGuid attribute.
1. Set invalid foreignName value for the affected user:
Force an invalid foreignName value within the MySQL database for the affected user or users. This will cause the User Import process to delete the user from the MySQL database the next the LDAP import is executed. Once you run the LDAP import a 2nd time, the user will import with the correct format for the foreignName and populated ldapGuid attribute.
1. Set invalid foreignName value for the affected user:
This example assumes the id for the problem user is 58. To find the id number for the user, see the commands in the Additional Information section of this TID.2. Run User Import two timesmysql -uroot -proot
use sitescape;
update SS_Principals set foreignName=58 where id=58;
commit;
The first will delete the user. The second time will import the user.3. Sync the MySQL database to the iPrint Appliance's copy of eDirectory:
python /opt/novell/iprintmobile/python/migrate/migrateusers.pyc
Cause
For reasons not yet known, the users which don't import have a blank value for the ldapGuid attribute within the iPrint Appliance's MySQL user database. For those same users, the format for the foreignName attribute within the MySQL user database is not correct. The foreignName attribute format should look like this:
cn=userjoe,ou=acct,o=mycompanyHowever, for the non-importing users, the foreignName attribute format looks like this:
userjoeWhen the ldapGuid is blank and the foreignName attribute format is wrong, the user fails to import from the MySQL user database to the iPrint Appliance's copy of eDirectory.
Additional Information
To display all user ldapGuid and foreignName attributes:
These commands are not optimal if thousands of users are being imported.
These commands are not optimal if thousands of users are being imported.
mysql -uroot -prootDetermine which users have a blank value for the ldapGuid attribute.
use sitescape;
select id,name,disabled,ldapGuid,foreignName from SS_Principals where deleted=0;
mysql -uroot -proot
use sitescape;
select id, name, lastName, disabled, foreignName, ldapGuid from SS_Principals where deleted = '0' and type = 'user' and ldapGuid='';
To turn on debug logging:Note the end of this command has two single quotes. Not double quotes.
- Open /opt/novell/filr/apache-tomcat/conf/log4j.properties
- Remove the # from the following line:
- #log4j.category.org.kablink.teaming.module.authentication=DEBUG
- This enables logging for authenticate for both LDAP imported users and users locally created on the Appliance. It also logs the LDAP sync process.
- Remove the # from the following line:
- log4j.category.org.kablink.teaming.gwt.server.LdapBrowser.LdapBrowserHelper=DEBUG
- This enables extra logging for LDAP sync process.
- Save the changes to the log4j.properties file
- Restart Filr:
- rcfilr restart
/opt/novell/filr/apache-tomcat/logs/catalina.out
/var/opt/novell/log/iprintmobile/ipmigrate.log
/var/opt/novell/tomcat-filr/logs/appserver.log