Hi Guys
Iam experiencing the following error when provisioning users in Active Directory from the IDM Vault.The end result is the account is never created in MAD.
Iam using IDM 4.0.1
SUSE 11 Enterprise
Active Directory Driver version 3.5.11
I have attached the trace log below.Any help will be greatly appreciated.
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="success"><application>DirXML</application>
<module>Cathed Active Directory Driver</module>
<object-dn>\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya</object-dn>
<component>Subscriber</component>
</status>
</output>
</nds>
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Applying to status #5.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - Initialize Realm Mapping'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.enable' equal "true") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.mode' equal "fanout") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on regular delete operation'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation match "delete|remove-association") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation equal "status") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on regular operations'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation equal "status") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "./@level='success' or ./@level='warning'") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on mapped operations'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST:Policy returned:
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20100723_120000" instance="\CENIDM\system\Cathed\Cathed Active Directory Driver" version="3.5.11">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="error" type="driver-general">
<ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
<client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
<server-err>00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
19:50:51 FFFFFFFFE14A7950 Drvrs: <operation-data AccountTracking-AccountStatusChanged="true" AccountTracking-AppAccountStatus="-" AccountTracking-IdvAccountStatus="A" AccountTracking-LDAPDN="CN=Numendumah\, Sonya,DC=cathednet,DC=wa,DC=edu,DC=au" AccountTracking-ObjectDN="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya" AccountTracking-Operation="add" AccountTracking-sAMAccountName="Numendumah.Sonya" AccountTracking-userPrincipalName="Numendumah.Sonya@cathednet.wa.e du.au" LEGACY-OBJECT="FALSE" NASurname="Numendumah" NEWUSER="TRUE" Normalized-GivenName="Sonya" Normalized-MiddleName="" Normalized-PreferredName="Sonya" Normalized-Surname="Numendumah" UNIQUE-GN="Sonya" USER-ID="NUMESX" accountAction="accountCreateByEntitlementGrant" association="" check-exch-mailbox-entitlements="true" check-group-entitlements="true" guid="en6qc2hdO0tvmXp+qnNoXQ==" objectClass="User" schoolName="" sized-samaccountname-normalized="Numendumah.Sonya" sourceDN="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya">
<entitlement-impl id="system\Cathed\Entitlement Policies\All Staff" name="UserAccount" qualified-src-dn="O=data\OU=users\OU=Wanalirri Catholic School\CN=Numendumah.Sonya" src="RBE" src-dn="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya" src-entry-id="54258" state="1">cathednet.wa.edu.au</entitlement-impl>
<password-subscribe-status>
<association/>
</password-subscribe-status>
</operation-data>
</status>
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="warning" type="driver-general">
<ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
19:50:51 FFFFFFFFE14A7950 Drvrs: <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
<server-err>0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=cathednet,DC=wa,DC=edu,DC=au'
Thanks
TM
Iam experiencing the following error when provisioning users in Active Directory from the IDM Vault.The end result is the account is never created in MAD.
Iam using IDM 4.0.1
SUSE 11 Enterprise
Active Directory Driver version 3.5.11
I have attached the trace log below.Any help will be greatly appreciated.
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="success"><application>DirXML</application>
<module>Cathed Active Directory Driver</module>
<object-dn>\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya</object-dn>
<component>Subscriber</component>
</status>
</output>
</nds>
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Applying to status #5.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - Initialize Realm Mapping'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.enable' equal "true") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.mode' equal "fanout") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on regular delete operation'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation match "delete|remove-association") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation equal "status") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on regular operations'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-operation equal "status") = TRUE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "./@level='success' or ./@level='warning'") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on mapped operations'.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST: Rule rejected.
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST:Policy returned:
19:50:51 FFFFFFFFE14A7950 Drvrs: SK *** ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20100723_120000" instance="\CENIDM\system\Cathed\Cathed Active Directory Driver" version="3.5.11">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="error" type="driver-general">
<ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
<client-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
<server-err>00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
19:50:51 FFFFFFFFE14A7950 Drvrs: <operation-data AccountTracking-AccountStatusChanged="true" AccountTracking-AppAccountStatus="-" AccountTracking-IdvAccountStatus="A" AccountTracking-LDAPDN="CN=Numendumah\, Sonya,DC=cathednet,DC=wa,DC=edu,DC=au" AccountTracking-ObjectDN="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya" AccountTracking-Operation="add" AccountTracking-sAMAccountName="Numendumah.Sonya" AccountTracking-userPrincipalName="Numendumah.Sonya@cathednet.wa.e du.au" LEGACY-OBJECT="FALSE" NASurname="Numendumah" NEWUSER="TRUE" Normalized-GivenName="Sonya" Normalized-MiddleName="" Normalized-PreferredName="Sonya" Normalized-Surname="Numendumah" UNIQUE-GN="Sonya" USER-ID="NUMESX" accountAction="accountCreateByEntitlementGrant" association="" check-exch-mailbox-entitlements="true" check-group-entitlements="true" guid="en6qc2hdO0tvmXp+qnNoXQ==" objectClass="User" schoolName="" sized-samaccountname-normalized="Numendumah.Sonya" sourceDN="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya">
<entitlement-impl id="system\Cathed\Entitlement Policies\All Staff" name="UserAccount" qualified-src-dn="O=data\OU=users\OU=Wanalirri Catholic School\CN=Numendumah.Sonya" src="RBE" src-dn="\CENIDM\data\users\Wanalirri Catholic School\Numendumah.Sonya" src-entry-id="54258" state="1">cathednet.wa.edu.au</entitlement-impl>
<password-subscribe-status>
<association/>
</password-subscribe-status>
</operation-data>
</status>
<status event-id="cen-idm01#20120202115044#1#1:7a469332-8877-4d94-50a6-3293467a7788" level="warning" type="driver-general">
<ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
19:50:51 FFFFFFFFE14A7950 Drvrs: <client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No Such Object</client-err>
<server-err>0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=cathednet,DC=wa,DC=edu,DC=au'
Thanks
TM