AD Login Datasource failure
search cancel

AD Login Datasource failure

book

Article ID: 239517

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

When attempting to import AD logins with the AD Logins Source option on the System -> Users -> Data Sources page in the Enforce Console, it fails and the following error can be seen in the Tomcat localhost logs:

 

com.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not foundcom.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not found
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.initializeUserWalker(DirectoryGroupMemberRetriever.java:180)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:147)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:142)
 at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveFromAConnection(DirectoryGroupMemberRetriever.java:142)
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveDirectoryGroupMembers(DirectoryGroupMemberRetriever.java:105)
 at com.vontu.enforce.domainlayer.adroles.RolesSyncingService.sync(RolesSyncingService.java:107)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.lambda$performFullSync$0(DataUserSyncService.java:98)
 at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.performFullSync(DataUserSyncService.java:98)
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask.run(DataUserSyncTask.java:80)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)

Environment

DLP Versions:15.8

Cause

The import code uses the NETBIOS-name which is not present in the Global Catalog which causes the import to fail.

Resolution

Workaround: In the Enforce Console change the Directory Connection port from the Active Directory Global Catalog port of 3268 to LDAP port 389 for insecure or 636 for secure connections.

Additional Information

https://docs.microsoft.com/en-us/windows/win32/adschema/a-netbiosname

Powered by Wolken Software