LDAP Listener - Group Membership issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2018 08:54 AM
Hi all,
I'm experiencing an issue with the LDAP Listener.
Current setup:
1 LDAP Server with 2 OU Definitions:
- Users
- Groups
The LDAP Listener runs every 5 minutes, and works correctly for the Users OU. However, it doesn't seem to run for the Groups OU. We've made multiple changes to the members who belong to the group, and the changes never get picked up by the listener.
The only time these changes come across is by the scheduled load, which we have setup to run on a weekly basis.
Has anybody experienced issues with group membership not staying in sync through the Listener?
Thanks in advance!
(P.S. SN Istanbul Patch 9)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2018 10:01 PM
Hi Jayesh,
Can you confirm if there are any ISET records which comes up on the list if you access the following:
where, ldap_group_import is the staging table/import set table for LDAP group import.
<instance> is the name of your instance.
Case 1: If you see any records in the list then it means that the data is coming in but not getting processed correctly.
Case 2: If records are not on the list then it means AD Notify is not sending the Group changes to the listener.
NOTE: As the listener is listening fine confirmed from Users getting updated via listener then there should be some issue with AD Notify.
NOTE: Also if you are using MID Server check if you see any exceptions in MID Server logs when you make any changes in the Group members or what is listener thread doing when you update the Group.
Best Regards,
Mukul Gupta
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2018 04:35 AM
Hi Mukul,
No ISET records are being created for the LDAP listener. I can see one created by the scheduled load.
It's most likely Case 2 in this case, and we're using a MID Server. I haven't done much debugging on the MID Server logs yet, am I looking for any keywords?
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2018 11:21 AM
Hi Jayesh,
As users are correctly picked up by listener it means listener is listening fine and picking up changes published by your LDAP/AD server. Can you confirm with your AD admin that Group Sync is active in your AD?
Check out these docs for Group Sync:https://onlinehelp.tableau.com/current/server/en-us/groups_globalsync.htm
Synchronize All Active Directory Groups on the Server
Azure AD Connect sync: Configure filtering | Microsoft Docs
Best Regards,
Mukul Gupta
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2018 01:06 AM
Hi Mukul,
Thanks for the update! I'll take a look.
Another issue I've noticed is that the listener seems to be picking user updates, but not user inserts? I went through the ISET records and realised Inserts is always 0, but I can confirm that users have been created on the AD side.
Any ideas?
