SAP Portal driver not starting

This is my first driver configuration and also this is my first post in the NetIQ forum. As following the documentation, I have configured the SAP EP driver, but when try to start, it will not started. I need help on this.
  • Welcome to the forum.

    I am a little shocked that your first driver would be one for SAP; I
    suppose there could be harder ones, but you certainly started off in the
    deep end.

    Since this is your first time, let's start with the basic checks that we
    always need in order to narrow down what is happening.
    Which IDM version and Service/Support Pack (SP) are you using?

    Are you using a Remote Loader (RL) for this connection and, if so, is it
    actually on the SAP box? Generally using the RL is a good thing for a
    variety of reasons (see previous threads, or CoolSolution articles, for
    discussions), but it is not required.

    Were you following any particular documentation when creating this?
    Knowing that you were, and which steps you have followed specifically,
    makes reproducing, or at least understanding where you are, a lot easier.
    If you were not doing that, particularly for your driver driver config,
    you may want to consider that.

    Please get, and post, a level three (3) trace of the driver config object
    startup, probably from the engine at least unless you also have a RL side,
    which has its own trace. An IDM trace is basically required for almost
    any issue, not because it is the only way to fix things, but because it is
    fairly comprehensive, and often the fastest way to see exactly what is
    wrong. Wrong password for an application? The trace shows it. Missing a
    third-party JAR file in the engine or RL? Trace shows that too. Weird
    logic or syntax issues in policies? Traces make it pretty clear.

    To get a trace, go into Designer, right-click on the line that represents
    your driver config object, then go to Properties. Under 'Trace' on the
    left-hand side, set the trace level field to three (3), the file to an
    absolute path on your engine machine (e.g. /var/log/idm/sap.trace), and
    then set a max size of 100 (megabytes) which will cause the system to
    create ten (10) files, each approximately ten (10) megabytes in size, and
    rotate them for you, which is really nice. Save the changes and use
    Compare to push those changes to the engine. If the driver config object
    is running, you do NOT need to restart it for the changes to apply, but
    since yours will not start (or more likely, stay running) that is not
    relevant. Be sure that the directory where you choose to write the file
    already exists, and that eDirectory (which underpins the IDM engine) has
    rights to write to it (likely, as eDirectory often runs as 'root'). To
    create the path above:


    sudo mkdir -p /var/log/idm


    When you start the driver object, the sap.log file will get a bunch of
    text you can post here, or you can post to a pasting site (SUSE Paste,
    PasteBin, etc.) and then provide a link here.

    Some other notes about traces: every driver config needs to have its own;
    do not try to write a trace from the DriverSet overall; it can be done,
    and it is basically worthless, so while it seems like a shortcut, it is
    actually more like a paper cut. Also, tracing negatively impacts
    performance, as all tracing/debugging/logging for anything does, though
    not usually enough for you to need to turn it off, so as long as you
    configure a max file size it is probably fine to leave on, but keep in
    mind that if you are doing a bulk operation you'll notice the performance
    hit when compared to a system that is not tracing at all. To turn the
    trace level down, change it from three (3) to zero (0) and you'll get that
    performance back.

    Let's start with that; environment details and trace output, and we'll see
    if anything else is needed.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • On 1/4/2018 7:58 AM, ab wrote:
    > Welcome to the forum.
    >
    > I am a little shocked that your first driver would be one for SAP; I
    > suppose there could be harder ones, but you certainly started off in the
    > deep end.


    I agree with Aaron that SAP (HR specificially) is one of the hardest
    drivers. However SAP Portal (even UM, really) is pretty straightforward.

    The Portal driver is a SOAP driver, so actually pretty simple to deal
    with. Thus the question is, why is it failing?

    Aaron told you how to figure that out, read the trace, there will be
    something at the end of it explaining why it is failing.

    Often the shim requires a driver config value that is missing and
    fatals. But without seeing the trace, we are speculating.

    Side note: If you are doing this as your first IDM driver, I 100%
    support Aaron's advice. But in terms of helping with learning there is
    a Designer plugin that reads trace off the server and displays it in a
    somewhat parsed, and easier to handle format. However, it is not
    scalable, fast enough, or able to look at anything but live trace.
    (Cannot load a file into the view, only read it live).

    So it is a crutch, but it helps you get started.


    http://vancauwenberge.info/#enhTrace

    (Short summary, add an update site into Package Updates with this path,
    and install Stefaan's enhanced Trace)
    https://raw.githubusercontent.com/scauwe/IDMSite/master/
  • I have set the trace level 5 in remote loader as well as the SAP Portal driver, and found the following error, which I am not understand where is the error
    1>Error showing in remote loader trace

    DirXML: [04/04/18 13:08:49.75]:
    DirXML Log Event -------------------
    Driver = \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    Thread = Subscriber
    Level = warning
    Message = <description>The SOAP driver doesn't return any application schema by default. If there is application specific schema you want the shim to report, you can write your own Java class that implements the SchemaReporter interface and then configure the driver to load your class as a Java extension. See the driver documentation for more details.</description>
    DirXML: [04/04/18 13:08:49.75]: TRACE: Remote Loader: Sending...
    DirXML: [04/04/18 13:08:49.75]: TRACE: <nds dtdversion="2.0">
    <source>
    <product build="20100202_131201" instance="SAP Portal Driver" version="4.0.1.0">NetIQ Identity Manager Driver 4.0.1.0 for SAP Portal</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <output>
    <status level="warning" type="driver-general">
    <description>The SOAP driver doesn't return any application schema by default. If there is application specific schema you want the shim to report, you can write your own Java class that implements the SchemaReporter interface and then configure the driver to load your class as a Java extension. See the driver documentation for more details.</description>
    </status>
    </output>
    </nds>

    2>Error showing driver trace

    DirXML Log Event -------------------
    Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    Status: Warning
    Message: <description>The SOAP driver doesn't return any application schema by default. If there is application specific schema you want the shim to report, you can write your own Java class that implements the SchemaReporter interface and then configure the driver to load your class as a Java extension. See the driver documentation for more details.</description>
    [01/12/18 01:31:05.299]:SAP Portal Driver ST:
    DirXML Log Event -------------------
    Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    Status: Warning
    Message: Code(-8001) Unable to retrieve application schema.
    [01/12/18 01:31:05.300]:SAP Portal Driver ST:Loading Java shim com.novell.nds.dirxml.remote.driver.DriverShimImpl.
    [01/12/18 01:31:05.304]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver#DirXML-ShimConfigInfo.
    [01/12/18 01:31:05.310]:SAP Portal Driver ST:
    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Advanced" version="4.6.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <input>
    <init-params src-dn="\CESU-DEV-TREE\system\DriverSet\SAP Portal Driver">
    <authentication-info>
    <server>REMOTE(hostname=10.7.12.155 port=8092 )10.7.15.193</server>
    <user>IDAM_ADM_U1</user>
    <password><!-- content suppressed --></password>
    </authentication-info>
    <driver-options>
    <ndsElementHandling display-name="XML element handling specific for Identity Manager (<nds>, <input>, <output>)">yes</ndsElementHandling>
    <viewJavaGroup display-name="Custom Java Extensions">show</viewJavaGroup>
    <documentJavaGroup display-name="Document Handling">no</documentJavaGroup>
    <documentClass display-name="Class"></documentClass>
    <documentParam display-name="Init Parameter"></documentParam>
    <bytearrayJavaGroup display-name="Byte array handling">no</bytearrayJavaGroup>
    <bytearrayClass display-name="Class"></bytearrayClass>
    <bytearrayParam display-name="Init Parameter"></bytearrayParam>
    <subTransJavaGroup display-name="Subscriper Transport Layer Replacement">no</subTransJavaGroup>
    <subTransClass display-name="Class"></subTransClass>
    <subTransParam display-name="Init Parameter"></subTransParam>
    <pubTransJavaGroup display-name="Publisher Transport Layer Replacement">no</pubTransJavaGroup>
    <pubTransClass display-name="Class"></pubTransClass>
    <pubTransParam display-name="Init Parameter"></pubTransParam>
    <schemaJavaGroup display-name="Schema">no</schemaJavaGroup>
    <schemaClass display-name="Class"></schemaClass>
    <schemaParam display-name="Init Parameter"></schemaParam>
    </driver-options>
    </init-params>
    </input>
    </nds>
    [01/12/18 01:31:05.326]:SAP Portal Driver ST:DriverShim.init() returned:
    [01/12/18 01:31:05.328]:SAP Portal Driver ST:
    <nds dtdversion="4.0" ndsversion="8.x">
    <output>
    <status level="success">
    <provides-secure-channel>false</provides-secure-channel>
    </status>
    </output>
    </nds>
    [01/12/18 01:31:05.341]:SAP Portal Driver ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33801.t
    [01/12/18 01:31:05.345]:SAP Portal Driver ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33801.p
    [01/12/18 01:31:05.346]:SAP Portal Driver ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33801
    [01/12/18 01:31:05.349]:SAP Portal Driver ST:Initializing ECMAScript extensions.
    [01/12/18 01:31:05.400]:SAP Portal Driver ST:Initializing subscriber system\DriverSet\SAP Portal Driver\Subscriber for \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver.
    [01/12/18 01:31:05.401]:SAP Portal Driver ST:Loading startup policies.
    [01/12/18 01:31:05.401]:SAP Portal Driver ST:Policy not found.
    [01/12/18 01:31:05.401]:SAP Portal Driver ST:Loading shutdown policies.
    [01/12/18 01:31:05.401]:SAP Portal Driver ST:Policy not found.
    [01/12/18 01:31:05.401]:SAP Portal Driver ST:Loading Subscriber input transformation policies.
    [01/12/18 01:31:05.402]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-its-SPMLInputTransform#XmlData.
    [01/12/18 01:31:05.405]:SAP Portal Driver ST:Found XSLT policy.
    [01/12/18 01:31:05.407]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLAUDTENTC-itp-SendEntitlementsEvents#XmlData.
    [01/12/18 01:31:05.409]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.411]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTENT-itp-InitEntitlementConfigurationResource#XmlData.
    [01/12/18 01:31:05.414]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.420]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-itp-addAssociation#XmlData.
    [01/12/18 01:31:05.421]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.422]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-itp-IssueRetryOnLocked#XmlData.
    [01/12/18 01:31:05.423]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.425]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-itp-Special Attribute Handling Input Trans#XmlData.
    [01/12/18 01:31:05.426]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.427]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-itp-wrong_password#XmlData.
    [01/12/18 01:31:05.428]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.429]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTAUDT-itp-SendEntitlementsEvents#XmlData.
    [01/12/18 01:31:05.430]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.432]:SAP Portal Driver ST:Loading Subscriber output transformation policies.
    [01/12/18 01:31:05.432]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-otp-addTimeStamp#XmlData.
    [01/12/18 01:31:05.433]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.434]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-otp-passwordChange#XmlData.
    [01/12/18 01:31:05.435]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.437]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-otp-Special Attribute Handling Output Trans#XmlData.
    [01/12/18 01:31:05.438]:SAP Portal Driver ST:Found DirXMLScript policy.
    [01/12/18 01:31:05.438]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-ots-copyData#XmlData.
    [01/12/18 01:31:05.439]:SAP Portal Driver ST:Found XSLT policy.
    [01/12/18 01:31:05.440]:SAP Portal Driver ST:Reading XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-ots-SPMLOutputTransform#XmlData.
    [01/12/18 01:31:05.443]:SAP Portal Driver ST:Found XSLT policy.
    [01/12/18 01:31:05.468]:SAP Portal Driver ST:
    DirXML Log Event -------------------
    Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    Channel: Subscriber
    Status: Error
    Message: Code(-9061) Error processing XSLT policy: vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-ots-SPMLOutputTransform#XmlData (189): <xsl:choose>: invalid content
    [01/12/18 01:31:05.477]:SAP Portal Driver ST:Error initializing policy.
    [01/12/18 01:31:05.478]:SAP Portal Driver ST:Remote Interface Publisher: Received shutdown.
    [01/12/18 01:31:05.478]:SAP Portal Driver ST:Remote Interface Subscriber: Received shutdown.
    [01/12/18 01:31:05.499]:SAP Portal Driver ST:
    DirXML Log Event -------------------
    Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    Channel: Subscriber
    Status: Error
    Message: Code(-9014) One or more errors occurred parsing an XSLT stylesheet:
    [01/12/18 01:31:05.508]:SAP Portal Driver ST:Driver terminated.
    [01/12/18 01:31:05.512]:SAP Portal Driver ST:Writing XML attribute vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver#DirXML-PersistentData.
  • On 4/10/2018 11:04 AM, tirthankar1984 wrote:
    > DirXML Log Event -------------------
    > Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    > Channel: Subscriber
    > Status: Error
    > Message: Code(-9061) Error processing XSLT policy:
    > vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-ots-SPMLOutputTransform#XmlData
    > (189): <xsl:choose>: invalid content
    > [01/12/18 01:31:05.477]:SAP Portal Driver ST:Error initializing policy.
    > [01/12/18 01:31:05.478]:SAP Portal Driver ST:Remote Interface Publisher:
    > Received shutdown.
    > [01/12/18 01:31:05.478]:SAP Portal Driver ST:Remote Interface
    > Subscriber: Received shutdown.
    > [01/12/18 01:31:05.499]:SAP Portal Driver ST:
    > DirXML Log Event -------------------
    > Driver: \CESU-DEV-TREE\system\DriverSet\SAP Portal Driver
    > Channel: Subscriber
    > Status: Error
    > Message: Code(-9014) One or more errors occurred parsing an XSLT
    > stylesheet:


    The not returning a schema is not an error, per se, it is informational.
    Ignore it.

    The real error is above.

    The policy:
    /NOVLPORTB-ots-SPMLOutputTransform

    At line 189 has an error. Go look and fix it.

    Side note: designer - Windows, Preferences, General, Editors, Text
    Editors there is a Show Line numbers tick box which will make it easier
    to find line 189.

    Specifically:

    Code(-9061) Error processing XSLT policy:
    vnd.nds.stream://CESU-DEV-TREE/system/DriverSet/SAP Portal Driver/NOVLPORTB-ots-SPMLOutputTransform#XmlData
    (189): <xsl:choose>: invalid content

    So there is an <xsl:choose> node there with invalid content.

    In my packaged copy of that policy I see:

    <xsl:for-each select="search-attr">
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser'">
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>
    <xsl:value-of select="string(.)"/>
    </initial>
    </substrings>
    </xsl:when>
    <xsl:otherwise>
    <!-- <equalityMatch> -->
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>*</initial>
    <!-- <xsl:value-of select="string(.)"/>-->
    <!-- </equalityMatch> -->
    </substrings>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:for-each>


    Oh, I remember this... There is a bug here, but Ii forget the details...
  • The NOVLPORTB-ots-SPMLOutputTransform policy is exactly same with your share policy

    <xsl:for-each select="search-attr">
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser'">
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>
    <xsl:value-of select="string(.)"/>
    </initial>
    </substrings>
    </xsl:when>
    <xsl:otherwise>

    <!-- <equalityMatch> -->
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>*</initial>
    <!-- <xsl:value-of select="string(.)"/>-->
    <!-- </equalityMatch> -->
    </substrings>
    </xsl:otherwise>
  • On 4/10/2018 12:04 PM, tirthankar1984 wrote:
    >
    > The NOVLPORTB-ots-SPMLOutputTransform policy is exactly same with your
    > share policy


    Kick trace up really high, like level 25 or 99 perhaps and see if you
    get any more hints in the trace.

  • tirthankar1984;2478907 wrote:
    The NOVLPORTB-ots-SPMLOutputTransform policy is exactly same with your share policy

    <xsl:for-each select="search-attr">
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser'">
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>
    <xsl:value-of select="string(.)"/>
    </initial>
    </substrings>
    </xsl:when>
    <xsl:otherwise>

    <!-- <equalityMatch> -->
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>*</initial>
    <!-- <xsl:value-of select="string(.)"/>-->
    <!-- </equalityMatch> -->
    </substrings>
    </xsl:otherwise>


    Can you post the entire XSLT? I don't see any obvious bugs in that section, but there's clearly something wrong with it.
  • <?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet exclude-result-prefixes="query cmd dncv" version="1.0" xmlns:cmd="">www.novell.com/.../com.novell.nds.dirxml.driver.XdsCommandProcessor" xmlns:dncv="">www.novell.com/.../com.novell.nds.dirxml.driver.DNConverter" xmlns:query="">www.novell.com/.../com.novell.nds.dirxml.driver.XdsQueryProcessor" xmlns:xsl="">www.w3.org/.../Transform">
    <!-- parameters passed in from the DirXML engine -->
    <xsl:param name="srcQueryProcessor"/>
    <xsl:param name="destQueryProcessor"/>
    <xsl:param name="srcCommandProcessor"/>
    <xsl:param name="destCommandProcessor"/>
    <xsl:param name="dnConverter"/>
    <xsl:param name="fromNds"/>
    <!-- ********************* -->
    <!-- Convert XDS to SPML -->
    <!-- ********************* -->
    <!-- doing search -->
    <xsl:template match="query[@event-id!='query-driver-ident'] ">
    <!--<xsl:template match="query">-->
    <!-- search will use dest-dn for value. global search applies for saprole and sapgroup -->
    <xsl:message>Output (searchRequest): Convert XDS to Portal SPML for className
    <xsl:value-of select="search-class/@class-name"/>
    </xsl:message>
    <!-- <xsl:message>
    <xsl:copy-of select="."/>
    </xsl:message> -->
    <xsl:variable name="timestamp" select="operation-datacopy/@timestamp"/>
    <xsl:variable name="position" select="position()"/>
    <xsl:variable name="classname">
    <xsl:choose>
    <xsl:when test="search-class">
    <xsl:value-of select="search-class/@class-name"/>
    </xsl:when>
    <xsl:when test="@class-name">
    <xsl:value-of select="@class-name"/>
    </xsl:when>
    </xsl:choose>
    </xsl:variable>
    <xsl:variable name="scope" select="@scope"/>
    <xsl:variable name="dn">
    <xsl:choose>
    <xsl:when test="association">
    *
    <xsl:value-of select="association"/>*
    </xsl:when>
    <xsl:when test="@dest-dn">
    <xsl:value-of select="@dest-dn"/>
    </xsl:when>
    </xsl:choose>
    </xsl:variable>
    <xsl:choose>
    <!-- portal user account -->
    <xsl:when test="search-class[@class-name='PortalUserAccount']">
    <spml:searchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="requestID">
    <xsl:value-of select="concat('search-',$timestamp)"/>
    </xsl:attribute>
    <searchBase>
    <xsl:choose>
    <xsl:when test="string-length(operation-datacopy/@idtype) > 0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    </xsl:when>
    <xsl:otherwise>
    <xsl:attribute name="type">
    <xsl:value-of select="'urn:oasis:names:tc:SPML:1:0#GenericString'"/>
    </xsl:attribute>
    </xsl:otherwise>
    </xsl:choose>
    <spml:identifier>
    <xsl:choose>
    <xsl:when test="string-length(operation-datacopy/@idtype) > 0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    </xsl:when>
    <xsl:otherwise>
    <xsl:attribute name="type">
    <xsl:value-of select="'urn:oasis:names:tc:SPML:1:0#GenericString'"/>
    </xsl:attribute>
    </xsl:otherwise>
    </xsl:choose>
    <spml:id/>
    </spml:identifier>
    </searchBase>
    <filter>
    <and>
    <equalityMatch name="objectclass">
    <dsml:value xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">sapuser</dsml:value>
    </equalityMatch>
    <substrings name="logonname">
    <initial>a</initial>
    </substrings>
    <substrings name="logonname">
    <initial>b</initial>
    </substrings>
    </and>
    </filter>
    <spml:attributes>
    <attribute name="logonname"/>
    </spml:attributes>
    <operation-data idtype="urn:oasis:names:tc:SPML:1:0#GenericString" parent-node-1="searchResponse">
    <return-to-me class-name="PortalUserAccount" command="query" event-id="0" scope="subtree"/>
    </operation-data>
    </spml:searchRequest>
    </xsl:when>
    <!-- end portal user account -->
    <!-- normal search -->
    <xsl:otherwise>
    <spml:searchRequest xmlns:spml="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="requestID">
    <xsl:value-of select="concat('search-',$timestamp)"/>
    </xsl:attribute>
    <xsl:attribute name="derefAliases">
    neverDerefAliases
    </xsl:attribute>
    <xsl:if test="@dest-dn">
    <searchBase xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:choose>
    <xsl:when test="string-length(operation-datacopy/@idtype) > 0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    </xsl:when>
    <xsl:otherwise>
    <xsl:attribute name="type">
    <xsl:value-of select="'urn:oasis:names:tc:SPML:1:0#GenericString'"/>
    </xsl:attribute>
    </xsl:otherwise>
    </xsl:choose>
    <spml:identifier>
    <xsl:choose>
    <xsl:when test="string-length(operation-datacopy/@idtype) > 0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    </xsl:when>
    <xsl:otherwise>
    <xsl:attribute name="type">
    <xsl:value-of select="'urn:oasis:names:tc:SPML:1:0#GenericString'"/>
    </xsl:attribute>
    </xsl:otherwise>
    </xsl:choose>
    <spml:id>
    <xsl:value-of select="@dest-dn"/>
    </spml:id>
    </spml:identifier>
    </searchBase>
    </xsl:if>
    <xsl:if test="$classname or search-attr">
    <filter xmlns="urn:oasis:names:tc:SPML:1:0">
    <and>
    <xsl:if test="$classname">
    <equalityMatch name="objectclass">
    <dsml:value xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">
    <xsl:value-of select="$classname"/>
    </dsml:value>
    </equalityMatch>
    </xsl:if>
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser'">
    <xsl:message>special case for all users</xsl:message>
    <substrings name="logonname">
    <initial>
    *<!-- <xsl:value-of select="association"/>* -->
    </initial>
    </substrings>
    </xsl:when>
    <xsl:otherwise>
    <!-- assume global search for saprole or sapgroup -->
    <substrings name="uniquename">
    <xsl:choose>
    <!-- <xsl:when test="@dest-dn and $classname != 'saprole'"> -->
    <xsl:when test="@dest-dn">
    <initial>
    <xsl:value-of select="@dest-dn"/>
    </initial>
    </xsl:when>
    <xsl:when test="association">
    <initial>
    *<!-- <xsl:value-of select="association"/>* -->
    </initial>
    </xsl:when>
    <xsl:otherwise>
    <initial>*</initial>
    </xsl:otherwise>
    </xsl:choose>
    </substrings>
    </xsl:otherwise>
    </xsl:choose>
    <xsl:for-each select="search-attr">
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser'">
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>
    <xsl:value-of select="string(.)"/>
    </initial>
    </substrings>
    </xsl:when>
    <xsl:otherwise>
    <!-- <equalityMatch> -->
    <substrings>
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    <initial>*</initial>
    <!-- <xsl:value-of select="string(.)"/>-->
    <!-- </equalityMatch> -->
    </substrings>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:for-each>
    </and>
    </filter>
    </xsl:if>
    <xsl:choose>
    <xsl:when test="read-attr[@attr-name]">
    <!-- When <read-attr attr-name="..."> -->
    <spml:attributes>
    <xsl:for-each select="read-attr">
    <attribute xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="name">
    <xsl:value-of select="string(@attr-name)"/>
    </xsl:attribute>
    </attribute>
    </xsl:for-each>
    </spml:attributes>
    </xsl:when>
    <xsl:when test="read-attr">
    <!-- When <read-attr/>, 1.1 is an undefined OID -->
    <!-- removed 1.1 for SAP UME -->
    <spml:attributes>
    <!-- <attribute name="1.1"/> -->
    <xsl:choose>
    <xsl:when test="$classname = 'sapuser' ">
    <attribute name="logonname" xmlns="urn:oasis:names:tc:SPML:1:0"/>
    </xsl:when>
    <xsl:otherwise>
    <attribute name="uniquename" xmlns="urn:oasis:names:tc:SPML:1:0"/>
    </xsl:otherwise>
    </xsl:choose>
    <!-- <attribute name="uniquename"/> -->
    </spml:attributes>
    </xsl:when>
    </xsl:choose>
    <operation-data>
    <xsl:attribute name="parent-node-1">searchResponse</xsl:attribute>
    <xsl:for-each select="operation-datacopy/@*">
    <!-- <xsl:message>copying <xsl:value-of select="."/></xsl:message> -->
    <xsl:copy>
    <xsl:copy-of select="."/>
    </xsl:copy>
    </xsl:for-each>
    <return-to-me command="query">
    <xsl:apply-templates select="@*"/>
    </return-to-me>
    </operation-data>
    </spml:searchRequest>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:template>
    <!-- end query -->
    <xsl:template match="status">
    <xsl:choose>
    <xsl:when test="operation-data/return-to-me[@command='heartbeat']">
    <xsl:message>
    Output: Do not add Portal SPML header to heartbeat
    </xsl:message>
    <xsl:copy>
    <xsl:apply-templates select="node()|@*"/>
    </xsl:copy>
    </xsl:when>
    <xsl:when test="operation-data/return-to-me[@command='remote-loader-query']">
    <xsl:message>
    Output: Do not add Portal SPML header to remote loader
    query
    </xsl:message>
    <xsl:copy>
    <xsl:apply-templates select="node()|@*"/>
    </xsl:copy>
    </xsl:when>
    <xsl:when test="operation-data/return-to-me[@command='check-password']">
    <xsl:message>
    Output: Do not add Portal SPML header to check-password
    </xsl:message>
    <xsl:copy>
    <xsl:apply-templates select="node()|@*"/>
    </xsl:copy>
    </xsl:when>
    <xsl:otherwise>
    <xsl:message>Output: Convert XDS to Portal SPML</xsl:message>
    <xsl:variable name="command" select="operation-data/return-to-me/@command"/>
    <xsl:variable name="timestamp" select="operation-data/@timestamp"/>
    <xsl:variable name="level" select="@level"/>
    <xsl:variable name="descr" select="."/>
    <xsl:variable name="eventID">
    <xsl:choose>
    <xsl:when test="@event-id">
    <xsl:value-of select="@event-id"/>
    </xsl:when>
    <xsl:otherwise>none</xsl:otherwise>
    </xsl:choose>
    </xsl:variable>
    <xsl:variable name="result">
    <xsl:choose>
    <xsl:when test="$level = 'success'">
    <xsl:text>
    urn:oasis:names:tc:SPML:1:0#success
    </xsl:text>
    </xsl:when>
    <xsl:otherwise>
    <xsl:text>
    urn:oasis:names:tc:SPML:1:0#failure
    </xsl:text>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:variable>
    <xsl:choose>
    <xsl:when test="$command = 'add'">
    <xsl:variable name="assoc" select="operation-data/return-to-me/association"/>
    <addResponse xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="result">
    <xsl:value-of select="$result"/>
    </xsl:attribute>
    <xsl:value-of select="$descr"/>
    <spml:identifier xmlns:spml="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    <spml:id>
    <xsl:value-of select="$assoc"/>
    </spml:id>
    </spml:identifier>
    </addResponse>
    </xsl:when>
    <xsl:when test="$command = 'modify'">
    <modifyResponse xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="result">
    <xsl:value-of select="$result"/>
    </xsl:attribute>
    <xsl:value-of select="$descr"/>
    </modifyResponse>
    </xsl:when>
    <xsl:when test="$command = 'delete'">
    <deleteResponse xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="result">
    <xsl:value-of select="$result"/>
    </xsl:attribute>
    <xsl:value-of select="$descr"/>
    </deleteResponse>
    </xsl:when>
    <xsl:when test="$command = 'query'">
    <xsl:variable name="id" select="operation-data/return-to-me/@dest-dn"/>
    <searchResponse xmlns="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="result">
    <xsl:value-of select="$result"/>
    </xsl:attribute>
    <xsl:value-of select="$descr"/>
    <xsl:for-each select="//instance">
    <searchResultEntry>
    <spml:identifier xmlns:spml="urn:oasis:names:tc:SPML:1:0">
    <xsl:attribute name="type">
    <xsl:value-of select="operation-datacopy/@idtype"/>
    </xsl:attribute>
    <spml:id>
    <xsl:value-of select="$id"/>
    </spml:id>
    </spml:identifier>
    <xsl:if test="attr">
    <spml:attributes xmlns:spml="urn:oasis:names:tc:SPML:1:0">
    <xsl:for-each select="attr">
    <xsl:variable name="name" select="string(@attr-name)"/>
    <spml:attr>
    <xsl:attribute name="name">
    <xsl:value-of select="$name"/>
    </xsl:attribute>='member'
    <dsml:value xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">
    <xsl:value-of select="."/>
    </dsml:value>
    </spml:attr>
    </xsl:for-each>
    </spml:attributes>
    </xsl:if>
    </searchResultEntry>
    </xsl:for-each>
    </searchResponse>
    </xsl:when>
    </xsl:choose>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:template>
    <!-- -->
    <!-- identity transformation template -->
    <!-- in the absence of any other templates this will cause -->
    <!-- the stylesheet to copy the input through unchanged to the output -->
    <xsl:template match="node()|@*">
    <xsl:copy>
    <xsl:apply-templates select="node()|@*"/>
    </xsl:copy>
    </xsl:template>
    </xsl:stylesheet>
  • Sorry, I don't know. It looks ok to me. Designer seems happy enough with it in the simulator. Maybe Geoff can remember what bug he's thinking of.
  • Hi Geoff, did you remember what the bug is?