After making some changes in domain (added some users) automatical synchronization settings in domain doesn't synchronized correctly.
There is a known issue for this behaviour and we can fix this with Postman and REST API. To set LDAP Synchronization options via the Cloud Director API we should perform these steps:
Log into the Cloud Director API as a System Administrator:
Request:
POST https://vcloud-director-fqdn/cloudapi/1.0.0/sessions/providerHeaders:
Accept: application/json;version=34.0
Authorization: Basic (Encoded username@system / password)You can use environments and tests in Postman for more convient way to store Token and vCD FQDN:
var bearer = postman.getResponseHeader("x-vmware-vcloud-access-token")
pm.environment.set("x-vmware-vcloud-access-token",bearer)
In next requests you can use Bearer token that contains variable {{X-VMWARE-VCLOUD-ACCESS-TOKEN}}
We can get current LDAP synchronization settings using next request:
Request:
POST https://vcloud-director-fqdn/api/admin/extension/settings/generalHeaders:
Accept: application/*+xml;version=34.0
Authorization: Bearer {{X-VMWARE-VCLOUD-ACCESS-TOKEN}}Note in the response the values given for the LDAP synchronization settings, for example:
<vmext:SyncStartDate>2020-09-23T02:00:00.000Z</vmext:SyncStartDate>
<vmext:SyncIntervalInHours>24</vmext:SyncIntervalInHours>Take the entire XML response from the above and change only these synchronization settings to the desired values, for example:
<vmext:SyncStartDate>2021-04-09T06:30:00.000Z</vmext:SyncStartDate>
<vmext:SyncIntervalInHours>12</vmext:SyncIntervalInHours>WARNING! Do not change any other parts of the XML which pertain to other System settings!
Put back this entire XML which includes our changes:
Request:
PUT https://vcloud-director-fqdn/api/admin/extension/settings/generalHeaders:
Accept: application/*+xml;version=34.0
Content-Type: application/vnd.vmware.admin.generalSettings+xml
Authorization: Bearer {{X-VMWARE-VCLOUD-ACCESS-TOKEN}}Request Body:
Entire edited XML from GET in previous steps.
If everything goes well we will get 200 OK status
Verify in the VCD database if the times have changed for the task using the SQL query you mentioned:
select client_activity_name, last_execution_time, next_execution_time from scheduled_activity_jobs where client_activity_name like '%Ldap%';
You can also get details of the Cell this Job should be running on using the following SQL query:
select activity.id,
activity.framework_token,
activity.entity_id,
activity.running_on,
scheduled_activity_jobs.client_activity_name,
cells.instance_id,
cells.name,
cells.primary_ip,
cells.is_active
from activity
left join scheduled_activity_jobs on scheduled_activity_jobs.job_handle = activity.state_handle
left join cells on activity.running_on like '%'||cells.instance_id
where scheduled_activity_jobs.client_activity_name like '%LdapSyncJob%'
order by activity.running_on;
The Cell Management Tool can also be used on Cells to verify if the Job is present:
root@vcdlab1197 [ ~ ]# /opt/vmware/vcloud-director/bin/cell-management-tool cell -i $(service vmware-vcd pid cell) -tt | grep LdapSyncJob
| c0011945-e9f6-3eb4-8ec4-357e3f2027ee | 2021-04-09 11:21:17.034 | 2021-04-09 23:21:17.033 | STATUS_QUEUED | LdapSyncJob |
root@vcdlab1197 [ ~ ]#
Comments?
Leave us your opinion.