Hello,
I'm trying to use the API call to sync a specific directory using this : vRealize Automation Identity Service API - VMware API Explorer - VMware {code} (/identity/api/tenants/{tenantId}/directories/{id}/sync)
As {id}, I use the name of the directory I want to sync. I retrieved the name using /identity/api/tenants/{tenantId}/directories/ listing. This listing doesn't contains any "id" field, only "name" field...
But when I try to execute command to sync a specific directory, I get the following message (assuming "my.directory.name" as the directory I want to sync:
{
"errors": [
{
"code": 10102,
"source": null,
"message": "Resource not found.",
"systemMessage": "Cannot find a directory with domain name 'my.directory.name' in tenant 'vsphere.local'!",
"moreInfoUrl": null
}
]
}
Command is : /identity/api/tenants/vsphere.local/directories/my.directory.name/sync
Anyone have an idea ?
Or do I have to contact VMware support ?
Thanks in advance.
Perfect timing, we found the problem this morning!
In fact, when we first configured our Directory of type "Active Directory over LDAP", we didn't check the option "This Directory supports DNS Service location" and we entered a specific Active Directory controller host name.
This works with manual and scheduled update from vRA but not from REST API, why? simply because REST API needs the ID to start a sync. And this ID is in fact the "domain" value that we have to use!
There's 2 possibilities to find this value :
The problem is that when we configure a specific Active Directory Controller, this "domain" field is set to empty (in REST API call) or "Not applicable" on the administration web page...
To solve the problem, we had to:
Warning!
Do not try to edit the existing directory to check box "This Directory supports DNS Service location" because you'll get an error with the "Base DN" which is set to blank every time you click on "Save"...
The response indicates that resource isn't found, so are you sure you're using the correct name?
Yes, I'm sure. I use exactly the same name returned by the command that lists all the directories.
Does the name of you directory contain any "special" characters that need to be encoded?
No, there is no special characters. There are only 2 dots "." in it. But, to be sure, one of the first test I did was to rename the directory to have only letters, in lowercase, and the result is the same, it's not working.
In my test, a POST to that resource works fine and triggers a directory sync.
I did another test but is still have the same error.
The only difference with you is that I have more headers returned by vRA, (14 instead of 9 for you):
Cache-Control →no-cache, no-store, max-age=0, must-revalidate
Cache-Control →no-cache, no-store
Content-Length →197
Content-Type →application/json;charset=UTF-8
Date →Mon, 30 Apr 2018 11:26:35 GMT
Expires →0
Expires →Wed, 31 Dec 1969 23:59:59 GMT
Pragma →no-cache
Pragma →no-cache
Strict-Transport-Security →max-age=31536000 ; includeSubDomains
X-Content-Type-Options →nosniff
X-Frame-Options →DENY
X-Frame-Options →SAMEORIGIN
X-XSS-Protection →1; mode=block
Perfect timing, we found the problem this morning!
In fact, when we first configured our Directory of type "Active Directory over LDAP", we didn't check the option "This Directory supports DNS Service location" and we entered a specific Active Directory controller host name.
This works with manual and scheduled update from vRA but not from REST API, why? simply because REST API needs the ID to start a sync. And this ID is in fact the "domain" value that we have to use!
There's 2 possibilities to find this value :
The problem is that when we configure a specific Active Directory Controller, this "domain" field is set to empty (in REST API call) or "Not applicable" on the administration web page...
To solve the problem, we had to:
Warning!
Do not try to edit the existing directory to check box "This Directory supports DNS Service location" because you'll get an error with the "Base DN" which is set to blank every time you click on "Save"...