eDir Bi-Directional driver


All the sudden in the middle of testing new policies I'm seeing the
following in the IDM Server trace:
> Status: Success
> 15:09:28 XYZ PT:XYZ-TEST eDir: OpenLDAPConnection - Connect to the
> server
> 15:09:28 XYZ PT:XYZ-TEST eDir: Opening clear text connection
> 15:09:28 XYZ PT:XYZ-TEST eDir: WARNING !!! WARNING !!! WARNING !!!
> 15:09:28 XYZ PT:XYZ-TEST eDir: You are using a clear-text connection.
> 15:09:28 XYZ PT:XYZ-TEST eDir: The user password will be sent in
> plain-text, which can be sniffed easily.
> 15:09:28 XYZ PT:XYZ-TEST eDir: It is recommended to use SSL to secure
> the connection.
>
> 15:09:28 XYZ PT:XYZ-TEST eDir: Host name: 10.28.55.39
> 15:09:28 XYZ PT:XYZ-TEST eDir: Port: 389
> 15:09:28 XYZ PT:XYZ-TEST eDir: DN: cn=IDM_ADMIN_PROXY,o=services
> 15:09:28 XYZ PT:XYZ-TEST eDir: Protocol version=3
> 15:09:28 XYZ PT:XYZ-TEST eDir: SDK version=4.5
> 15:09:28 XYZ PT:XYZ-TEST eDir: EdirPublisher - Initiating agent
> registration...
> 15:09:28 XYZ PT:XYZ-TEST eDir: LDAPInterface.registerDriverInstance() :
> Exception occured while registration - Other
> 15:09:28 LDAPException: Other (80) Other
> 15:09:28 LDAPException: Server Message: insufficient space (-1)
> 15:09:28 LDAPException: Matched DN:
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPResponse.getResultException(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
> Source)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.LDAPInterface.registerDriverInstance(LDAPInterface.java:1119)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EdirPublisher.register(EdirPublisher.java:84)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EdirPublisher.WaitAndRestoreConnection(EdirPublisher.java:617)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EDIRPublicationShim.start(EDIRPublicationShim.java:101)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:542)
> 15:09:28
> 15:09:28 at java.lang.Thread.run(Unknown Source)


And the following on the target eDir server LDAP trace:
> 15:09:25 New cleartext connection 0x14cb0330 from 10.30.188.160:61384,
> monitor = 0x798, index = 3
> 15:09:25 DoBind on connection 0x14cb0330
> 15:09:25 Bind name:cn=IDM_ADMIN_PROXY,o=services, version:3,
> authentication:simple
> 15:09:25 Sending operation result 0:"":"" to connection 0x14cb0330
> 15:09:25 DoExtended on connection 0x14cb0330
> 15:09:25 DoExtended: Extension Request OID:
> 2.16.840.1.113719.1.14.100.200
> 15:09:25 Sending operation result 80:"":"insufficient space (-1)" to
> connection 0x14cb0330
> 15:09:55 DoExtended on connection 0x14cb0330


It is a test tree for development, all servers are Windows, no change
after target server eDir restart and reboots. Changed it from 636 to
port 389 but no difference. Target server is only server in the tree
and holds the one and only partition that exists.

Turns out that it was a wonky rule that caused all the mayhem.


--
kmaule
------------------------------------------------------------------------
kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=55252

  • On 1/26/2016 10:34 AM, kmaule wrote:
    >
    > All the sudden in the middle of testing new policies I'm seeing the
    > following in the IDM Server trace:
    >> Status: Success
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: OpenLDAPConnection - Connect to the
    >> server
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: Opening clear text connection
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: WARNING !!! WARNING !!! WARNING !!!
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: You are using a clear-text connection.
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: The user password will be sent in
    >> plain-text, which can be sniffed easily.
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: It is recommended to use SSL to secure
    >> the connection.
    >>
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: Host name: 10.28.55.39
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: Port: 389
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: DN: cn=IDM_ADMIN_PROXY,o=services
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: Protocol version=3
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: SDK version=4.5
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: EdirPublisher - Initiating agent
    >> registration...
    >> 15:09:28 XYZ PT:XYZ-TEST eDir: LDAPInterface.registerDriverInstance() :
    >> Exception occured while registration - Other
    >> 15:09:28 LDAPException: Other (80) Other
    >> 15:09:28 LDAPException: Server Message: insufficient space (-1)
    >> 15:09:28 LDAPException: Matched DN:
    >> 15:09:28
    >> 15:09:28 at com.novell.ldap.LDAPResponse.getResultException(Unknown
    >> Source)
    >> 15:09:28
    >> 15:09:28 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
    >> Source)
    >> 15:09:28
    >> 15:09:28 at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
    >> Source)
    >> 15:09:28
    >> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
    >> Source)
    >> 15:09:28
    >> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
    >> Source)
    >> 15:09:28
    >> 15:09:28 at
    >> com.novell.nds.dirxml.driver.edir.LDAPInterface.registerDriverInstance(LDAPInterface.java:1119)
    >> 15:09:28
    >> 15:09:28 at
    >> com.novell.nds.dirxml.driver.edir.EdirPublisher.register(EdirPublisher.java:84)
    >> 15:09:28
    >> 15:09:28 at
    >> com.novell.nds.dirxml.driver.edir.EdirPublisher.WaitAndRestoreConnection(EdirPublisher.java:617)
    >> 15:09:28
    >> 15:09:28 at
    >> com.novell.nds.dirxml.driver.edir.EDIRPublicationShim.start(EDIRPublicationShim.java:101)
    >> 15:09:28
    >> 15:09:28 at
    >> com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:542)
    >> 15:09:28
    >> 15:09:28 at java.lang.Thread.run(Unknown Source)

    >
    > And the following on the target eDir server LDAP trace:
    >> 15:09:25 New cleartext connection 0x14cb0330 from 10.30.188.160:61384,
    >> monitor = 0x798, index = 3
    >> 15:09:25 DoBind on connection 0x14cb0330
    >> 15:09:25 Bind name:cn=IDM_ADMIN_PROXY,o=services, version:3,
    >> authentication:simple
    >> 15:09:25 Sending operation result 0:"":"" to connection 0x14cb0330
    >> 15:09:25 DoExtended on connection 0x14cb0330
    >> 15:09:25 DoExtended: Extension Request OID:
    >> 2.16.840.1.113719.1.14.100.200
    >> 15:09:25 Sending operation result 80:"":"insufficient space (-1)" to
    >> connection 0x14cb0330
    >> 15:09:55 DoExtended on connection 0x14cb0330

    >
    > It is a test tree for development, all servers are Windows, no change
    > after target server eDir restart and reboots. Changed it from 636 to
    > port 389 but no difference. Target server is only server in the tree
    > and holds the one and only partition that exists.
    >
    > Turns out that it was a wonky rule that caused all the mayhem.


    What did the rule do? I am guessing, ITP or OTP and it blocked some of
    the startup events? If you veto all events, then the <init-params> event
    is also vetoed, which is bad.



  • I think it was when I left out the usual "if class name = User, if
    operation = modify" conditions.


    --
    kmaule
    ------------------------------------------------------------------------
    kmaule's Profile: https://forums.netiq.com/member.php?userid=306
    View this thread: https://forums.netiq.com/showthread.php?t=55252