Sync rule for LDAP users does not work anymore

#1

We use our active directory to sync global users into Icinga.
This set up worked fine for almost two years now.
New users have been added but these will not be synced.
If I check the settings under “Automation -> Import source -> Preview” I can see them.
So the credentials for the import user are correct and the ldap filter as well.
These new users look fine and all required fields are filled out correctly.
But if I trigger the sync for users nothing happens.
Check for changes -> Nothing would change, this rule is still in sync
Trigger this sync -> Nothing changed, rule is in sync
Can I increase/activate debug to see what’s happening in the backgroud?

#2

A tad more information about the configured resource and the import source would help :wink:

#3

This is the import data source:
Source Type: Ldap
Key Column name: sAMAccountName
Object class: user
sAMAccountName,mail,mobile,givenName,displayName,memberOf

If I click on preview I can see the correct data. There are users which have
already imported before and the new ones as well.
All required fields are filled out.

The problem is the synchronization.
Object type: User
Update Policy: Merge
Purge: No
Filter Expression: group=*RW_G

If I hit “check for changes” the new users will not appear.

Is there any chance to debug the process?

#4

Not that I know of.
Tried to re-create your import and sync rules, but wasn’t able to finish due to too little settings info :wink:

Got the import source that imports all the users from the AD. Did you configure any modifiers?
What properties did you define for the sync rule?

What are you trying to achieve with the import/sync?
Import only users into the Director that are member of a specific group?
If yes, try it like this:

#5

Mhhh. I changed a couple of things and that fixed the problem.
But I would like to find out what the problem actually was.
I found a howto on the netways website.
And there was a mapping which was missing in my setup:

Destination field -> obejct_name

Is this really necessary?

#6

I think so, because without it you would create a nameless object.
Example from an server import from AD: