Test case | Prerequisits | Status |
User created in OD | User created in AD | OK |
User deleted in OD | User deleted from AD | OK |
Group created in OD | Group created in AD | OK |
Group deleted in OD | Group deleted from AD | OK |
Group membership added | User added to group in AD | NOT OK, no entry in log |
Group membership deleted | User removed from group in AD | NOT OK, user deleted from OD group even when AD group has membership of that user |
INFO arsldap.c(2173)ArcLDAPP_LDAPQuery:Current state filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=groupA,OU=...))
21365044:2314 11/08/2022 15:56:37:305810 INFO arsldap.c(2241)ArcLDAPP_LDAPQuery:ldap_create_page_control ldap_rc=0 extra_rc=0
21365044:2314 11/08/2022 15:56:37:307173 INFO arsldap.c(2275)ArcLDAPP_LDAPQuery:ldap_search_ext_s ldap_rc=0 extra_rc=0
21365044:2314 11/08/2022 15:56:37:307183 INFO arsldap.c(2305)ArcLDAPP_LDAPQuery:ldap_parse_result ldap_rc=0 extra_rc=0
21365044:2314 11/08/2022 15:56:37:307188 INFO arsldap.c(2340)ArcLDAPP_LDAPQuery:ldap_parse_page_control ldap_rc=0 extra_rc=0
21365044:2314 11/08/2022 15:56:37:307192 INFO arsldap.c(2355)ArcLDAPP_LDAPQuery:Current state total_cnt=0 done=1
21365044:2314 11/08/2022 15:56:37:307197 INFO arsldap.c(2380)ArcLDAPP_LDAPQuery:ldap_count_entries ldap_rc=0 extra_rc=0
21365044:2314 11/08/2022 15:56:37:307204 INFO arsldap.c(2656)ArcLDAPP_LDAPQuery:Current state group->cnt=0
Current state filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=...OU...DC=�<8B><80>))
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=...,OU=...,DC))
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=...,OU=...,
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=...,OU=...,DC=test
The users that are added to the group must exist exit in OnDemand as part of either the current sync or a previous sync.User exist in OnDemand, user were manually created for some reason.
If you run your userFilter query it should contain the users that will also be synced to groups. If the users are NOT part of your userFilter, they will not only not end up in CMOD and not end up in your group either.userFilter query contain the user.
2022-11-08 12:59:24.713383: ARS1215I User Exists: Userid >User123<
2022-11-08 12:59:24.762684: ARS1224I Group Member Delete Preview: Name >Group456< Userid >User123<
arslsync -tv
2022-11-09 22:24:49.106304: ARS1212I User Add Preview: Userid >User123<
2022-11-15 14:36:07.340313: ARS1225I Group Member Exists: Name >Group456< Userid >User123<
2022-11-15 14:36:07.340818: ARS1222I Group Member Add Preview: Name >Group456< Userid >User789<