Solved: vRA 7.4 REST API - Sync directory = "not found"

LuluTchab · ‎04-20-2018

Hello,

I'm trying to use the API call to sync a specific directory using this : vRealize Automation Identity Service API - VMware API Explorer - VMware {code} (/identity/api/tenants/{tenantId}/directories/{id}/sync)

As {id}, I use the name of the directory I want to sync. I retrieved the name using /identity/api/tenants/{tenantId}/directories/ listing. This listing doesn't contains any "id" field, only "name" field...

But when I try to execute command to sync a specific directory, I get the following message (assuming "my.directory.name" as the directory I want to sync:

{

"errors": [

{

"code": 10102,

"source": null,

"message": "Resource not found.",

"systemMessage": "Cannot find a directory with domain name 'my.directory.name' in tenant 'vsphere.local'!",

"moreInfoUrl": null

}

]

}

Command is : /identity/api/tenants/vsphere.local/directories/my.directory.name/sync

Anyone have an idea ?

Or do I have to contact VMware support ?

Thanks in advance.

LuluTchab · ‎05-16-2018

Perfect timing, we found the problem this morning!

In fact, when we first configured our Directory of type "Active Directory over LDAP", we didn't check the option "This Directory supports DNS Service location" and we entered a specific Active Directory controller host name.

This works with manual and scheduled update from vRA but not from REST API, why? simply because REST API needs the ID to start a sync. And this ID is in fact the "domain" value that we have to use!

There's 2 possibilities to find this value :

List the directories using REST API
On administration page, go in directory details and on the right, there is "Domain(s)" field

The problem is that when we configure a specific Active Directory Controller, this "domain" field is set to empty (in REST API call) or "Not applicable" on the administration web page...

To solve the problem, we had to:

Delete the directory
Wait until it is completely deleted
Recreate directory
1. Check option "This Directory supports DNS Service location"
2. Enter ROOT CA Certificate of Domain (because we want STARTTLS connections)
Done ! the "Domain(s)" field is not displaying our domain FQDN

Warning!

Do not try to edit the existing directory to check box "This Directory supports DNS Service location" because you'll get an error with the "Base DN" which is set to blank every time you click on "Save"...

View solution in original post

daphnissov · ‎04-20-2018

The response indicates that resource isn't found, so are you sure you're using the correct name?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

LuluTchab · ‎04-23-2018

Yes, I'm sure. I use exactly the same name returned by the command that lists all the directories.

pizzle85 · ‎04-24-2018

Does the name of you directory contain any "special" characters that need to be encoded?

LuluTchab · ‎04-27-2018

No, there is no special characters. There are only 2 dots "." in it. But, to be sure, one of the first test I did was to rename the directory to have only letters, in lowercase, and the result is the same, it's not working.

daphnissov · ‎04-27-2018

In my test, a POST to that resource works fine and triggers a directory sync.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

LuluTchab · ‎04-30-2018

I did another test but is still have the same error.

The only difference with you is that I have more headers returned by vRA, (14 instead of 9 for you):

Cache-Control →no-cache, no-store, max-age=0, must-revalidate
Cache-Control →no-cache, no-store
Content-Length →197
Content-Type →application/json;charset=UTF-8
Date →Mon, 30 Apr 2018 11:26:35 GMT
Expires →0
Expires →Wed, 31 Dec 1969 23:59:59 GMT
Pragma →no-cache
Pragma →no-cache
Strict-Transport-Security →max-age=31536000 ; includeSubDomains
X-Content-Type-Options →nosniff
X-Frame-Options →DENY
X-Frame-Options →SAMEORIGIN
X-XSS-Protection →1; mode=block

THeReap · ‎05-16-2018

I have the same problem. Any ideas would be appreciated.

LuluTchab · ‎05-16-2018