0
Answered

Security Users Connector not importing export changes

Ryan Crossingham 7 years ago in UNIFYBroker/Aurion updated by anonymous 5 years ago 6

After successfully exporting users to Aurion Security Users and attempting to import the change from the Security users connector - The new users are not being picked up.

If i attempt to export again the Aurion API errors "Aurion API error -1: User ID is already recorded in Aurion" which indicates that the export completed successfully. Its just the changes that are not being processed.

I think the first thing to check is that the AURIONSECUSER report created by Lifehouse is outputting these new users.. If not - the issue starts there..

Any other recommendations would be appreciated.

Affected Versions:
Fixed by Version:

Hi Ryan,

Your suggestion is definitely the best course of action. The easiest way to go about it is to get a copy of the temp XML file that particularly query outputs and do a search to find if the object you've exported appears in the file. That will tell you whether it's IdB or Aurion causing the issue.

Ok

After a lot of testing I think I have solved the original issue and created another that stands under the same subject..
The Sec Users report on the Aurion Lifehouse side has been reviewed along with the configuration and filters - It looks fine

It seems Aurion Security Users cannot be updated when the Aurion API match lookup attrib is being modified.
The match lookup is "User" - In every case where this was being modified, I was receiving a successful export with no errors. On the next import I would receive "exported-change-not-reimported" because the change was not processed on the Aurion side..

After investigating the Aurion logs I found this at the point of update: "Cannot identify an unique Aurion User from User Match Value"
After removing the (User <- AccountName) Export from the Aurion Security User MA, I reattempted the export - The connector processed the updates perfectly.

Are we able to modify this update call to use the old "User" attribute value so that the API can correctly find a match for updates?

Happy to provide full config if you wish to recreate the issue.

Hi Ryan,

We started discussing this on Lync but you had to run off to a meeting. I wasn't really following what you were saying, so to respond to what I think your reported issue is;

"User" and "User_Match_Value" are actually the same field in the API, it's just called "User" in the ADD function and USER_MATCH_VALUE in the Update function. They're both accessed with the "User" field of our connector. It's a mandatory field that can't be modified. The reason removing the "AccountName => User" flow probably works is because the entire entity is presented to the Identity Broker connector so it's correctly using the existing User value.

Does that make sense of am I not understanding your issue?

Understood Patrick.

Two attribs store the AD samaccount - User & UserOSID.
I'm not sure which is used during the Aurion Kiosk authentication but i wanted to change both in the event of a rename.

If what you say above is true, i'm better off leaving the user as is (with the old user name) and just updating UserOSid or creating a new secuser.
I just thought it would be possible to update the "user" attribute seeing as though the error insinuates that it simply cant find the correct user to update.

User to act as key
OSUserid is used as Aurion Kiosk Auth