This section lists some problems that can occur with LDAP importing and suggested steps to resolve these issues.

No groups found under BASE_DN

The most common problem with Active Directory group importing is an incorrect BASE_DN setting. If you set BASE_DN to “ou=users,ou=organization,cn=company,dc=domain,” and there are no groups under BASE_DN, License Statistics won’t be able to find either groups or users, and consequently their usage details.

LDAP import limitation

Some Active Directory implementations have a setting that limits the number of entries that can be imported at once. This limitation is commonly set to 1000 by default, so if you have 1000 or more LDAP groups, check this setting and increase it if needed.

LDAP import interval is too frequent

By default, the interval for LDAP import is 6 hours. If this is manually changed to a more frequent interval, it can result in problems, particularly for large Active Directory implementations.

For example, If LDAP importing is done every 10 minutes and the import takes 8 minutes, there are only 2 minutes during which the data is complete. After those two minutes, the data is cleared and the import is started over. In such a scenario, there is a good chance that the import is in progress when looking at the data in License Statistics, so it will appear to be incomplete. 

User does not belong to a group in Active Directory

There must be a relation between users and groups in Active Directory to import user details. If a user is not a member of any group, that user will be omitted during importing. 

User has no usage in License Statistics

Only users who have usage reported by License Statistics will have their details imported. Users who have no usage reported by License Statistics will be omitted from import results.

Timeouts or memory problems

If your Active Directory is very large, you may experience crashes due to timeouts or insufficient memory.

Duplicate group names

If you have a group in License Statistics and Active Directory that are identically named, the group in Active Directory will be excluded from the LDAP import to avoid unintentionally overwriting the License Statistics group. In such cases, you will see the following message:

"Group group_name already exists in database."

There are two options for resolving this issue, depending on whether the two groups are identical:

  • If the groups are identical, remove the group from License Statistics.
  • If the groups are different but have the same name, change the name of one of the groups.

The group will then be created with the next LDAP update.