Checking Connectivity and Logs

Regular maintenance and troubleshooting of the Eko AD Sync solution rely heavily on confirming connectivity between the components and reviewing system logs. This is critical for diagnosing issues related to user synchronization (provisioning) and user authentication.

1. Checking Connectivity

The primary tool for verifying network reachability and configuration success is the EkoADC Web Console.

Connectivity Tests: Use the Test menu on the ADC Web Console. This test function verifies the configuration required to connect the EkoADC to the essential services:

• Connection to IDM: Confirms that the EkoADC can securely connect to the Eko Identity Management API (IDMAPI) using the configured endpoint and secret_token.

• Connection to AD: Confirms that the EkoADC can successfully establish an LDAP/LDAPS connection (LDAP binding) with the customer’s Active Directory using the provided IP address, port, and credentials.

If connectivity tests fail, it often points to issues in the local network environment, such as incorrect firewall rules or errors in the configuration files (e.g., wrong IP address, port, or LDAP credentials). Failures related to the secure connection should be checked against potential SSL issues, such as errors like "SSL invalid".

2. Log Review (Troubleshooting Synchronization)

If user provisioning fails (e.g., users are not created, updated, or deleted as expected), the first course of action is to check the relevant logs:

• EkoADC Logs: Review the logs generated directly by the EkoADC container. EkoADC is responsible for fetching raw user data from the Active Directory or file source and sending it in batches to the IDMAPI.

• IDMAPI Logs: Review the Eko Identity Management API logs. The IDMAPI logs contain information about the mapping of user data and the requests forwarded to the Eko Backend.

The synchronization process tracks detailed metrics, which can be seen in the system logs or reports, including success/failure counts for create, update, disable, and delete actions, as well as counts for update:rejected (when a lower domain priority prevents an update)

3. Log Review (Troubleshooting Authentication)

If users report being unable to log into the Eko Application using their AD credentials, both client-side and cloud-side logs must be examined:

• Check ADC logs: Review the EkoADC logs. EkoADC is responsible for performing the LDAP binding with the Active Directory for authentication when the EkoIDMAPI sends the request.

• Check IDMAPI logs: Review the IDMAPI logs. IDMAPI handles receiving the user credentials passed from the Eko Application and forwarding the authentication request via HTTPS to the EkoADC.

These logs are crucial to determine if the authentication failure occurred due to network issues, credential errors at the Active Directory level (LDAP bind failure), or communication failure between the ADC and IDMAPI.