PWNotify Driver


Hi all,

I am getting LDAP connection errors on the PWNotify driver.
TRACE: 'PWNotify.txt - 4shared.com - document sharing - download'
(http://www.4shared.com/document/dhEopSD1/PWNotify.html)

I have configured my LDAP server as ldaps://ldap1.company.ac.za:636,
then the CN of the user that can connect to that LDAP server, this is an
admin user BTW, and I have given the password for the user.
I have left the TLS keystore blank as I want to use the IDM engine
keystore as eDir is using the default CA...

I tested the connection parameters in Apache Directory studio and
everything works fine with the connect, although I do need to accept a
certificate...

BUT I keep getting:

<nds dtdversion="4.0">
<source>
<product instance="PWNotify" version="4.0.1.1">DirXML Loopback
Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="success" type="notification">Password Expiration
Notification<br/>
<LastRunTime>1970-01-01 00:00:00</LastRunTime>
<ThisRunTime>2011-11-25 15:25:06</ThisRunTime>
<Notification1>
<From>2011-11-29 15:25:06</From>
<To..>2011-12-10 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification1>
<Notification2>
<From>2011-11-27 15:25:06</From>
<To..>2011-11-29 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification2>
<Notification3>
<From>2011-11-25 15:25:06</From>
<To..>2011-11-27 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification3>
</status>
</input>
</nds>


This should be simple correct?
Thanks in advance


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=448721


  • P.S.
    I do not seem to get any connection errors when it comes to the Grace
    Login Remaining section of the driver...

    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Standard" version="4.0.1.1">DirXML</product>
    <contact>Novell, Inc.</contact>
    </source>
    <input>
    <modify cached-time="20111125133958.398Z" class-name="User"
    event-id="UKZNID#20111125133958#4#1:3fc28a59-d8d9-4f4b-9cbb-598ac23fd9d8"
    qualified-src-dn="O=UDW\OU=STU\CN=210532222"
    src-dn="\UN\UDW\STU\210532222" src-entry-id="41864"
    timestamp="1322228396#9">
    <modify-attr attr-name="Login Grace Remaining">
    <remove-all-values/>
    <add-value>
    <value type="counter">8</value>
    </add-value>
    </modify-attr>
    </modify>
    </input>
    </nds>


    --
    ccikara
    ------------------------------------------------------------------------
    ccikara's Profile: http://forums.novell.com/member.php?userid=86966
    View this thread: http://forums.novell.com/showthread.php?t=448721

  • On 11/25/2011 8:46 AM, ccikara wrote:
    >
    > Hi all,
    >
    > I am getting LDAP connection errors on the PWNotify driver.
    > TRACE: 'PWNotify.txt - 4shared.com - document sharing - download'
    > (http://www.4shared.com/document/dhEopSD1/PWNotify.html)



    So I ran through this with a client, and threw my hands up. Aaron at
    NTS figured it out!

    Do you have the UserApp driver installed on this engine server?

    It turns out the xcd-all.jar file (part of the User App driver) includes
    the LDAP classes that the ECMA function calls. Normally they are
    provided by the ldap.jar file as part of the LDAP driver. But the
    versions provided in the xcd-all.jar do not work with the ECMA version.

    There is a bug with details, but basically if this engine server is NOT
    running the User App driver, you can delete the file. IDM 4 and higher
    will have the LDAP classes removed from the JAR file to avoid the
    conflict in the future.

    I cannot find the bug # right now. Aaron might be able to provide it.


    > I have configured my LDAP server as ldaps://ldap1.company.ac.za:636,
    > then the CN of the user that can connect to that LDAP server, this is an
    > admin user BTW, and I have given the password for the user.
    > I have left the TLS keystore blank as I want to use the IDM engine
    > keystore as eDir is using the default CA...
    >
    > I tested the connection parameters in Apache Directory studio and
    > everything works fine with the connect, although I do need to accept a
    > certificate...
    >
    > BUT I keep getting:
    >
    > <nds dtdversion="4.0">
    > <source>
    > <product instance="PWNotify" version="4.0.1.1">DirXML Loopback
    > Driver</product>
    > <contact>Novell, Inc.</contact>
    > </source>
    > <input>
    > <status level="success" type="notification">Password Expiration
    > Notification<br/>
    > <LastRunTime>1970-01-01 00:00:00</LastRunTime>
    > <ThisRunTime>2011-11-25 15:25:06</ThisRunTime>
    > <Notification1>
    > <From>2011-11-29 15:25:06</From>
    > <To..>2011-12-10 15:25:06</To..>
    > <status level="error">JavaException: com.novell.ldap.LDAPException:
    > Connect Error</status>
    > </Notification1>
    > <Notification2>
    > <From>2011-11-27 15:25:06</From>
    > <To..>2011-11-29 15:25:06</To..>
    > <status level="error">JavaException: com.novell.ldap.LDAPException:
    > Connect Error</status>
    > </Notification2>
    > <Notification3>
    > <From>2011-11-25 15:25:06</From>
    > <To..>2011-11-27 15:25:06</To..>
    > <status level="error">JavaException: com.novell.ldap.LDAPException:
    > Connect Error</status>
    > </Notification3>
    > </status>
    > </input>
    > </nds>
    >
    >
    > This should be simple correct?
    > Thanks in advance
    >
    >



  • Thanks for the reply!!!

    The UserApp is installed on the same engine server...
    But I am using IDM 4.0.1 SE...

    You said this bug would be solved with IDM 4 by removing the classes
    from the Jar file correct? Does that mean it should work on IDM 4?

    Any suggestions on what else I can do?
    I tried the Password Expiration Notification job that "comes" with IDM,
    but I seem to keep getting different results, one implementation it
    works and another it doesn't...

    Regards,
    Craig Cikara


    --
    ccikara
    ------------------------------------------------------------------------
    ccikara's Profile: http://forums.novell.com/member.php?userid=86966
    View this thread: http://forums.novell.com/showthread.php?t=448721

  • On 11/25/2011 9:46 AM, ccikara wrote:
    >
    > Thanks for the reply!!!
    >
    > The UserApp is installed on the same engine server...
    > But I am using IDM 4.0.1 SE...
    >
    > You said this bug would be solved with IDM 4 by removing the classes
    > from the Jar file correct? Does that mean it should work on IDM 4?


    So the class called by the ECMA version is available in two JAR files.
    One is working, one is broken. Alas, it seems to load the broken one
    first.

    https://bugzilla.novell.com/show_bug.cgi?id=663378

    So if I read that right, there are two issues. One, make the classes
    the same and it sort of goes away. This is supposed to be fixed in IDM4
    SP1. The other approach is leave them just in ldap.jar and remove them
    from xcd-all.jar and it is hard to tell what patch level that is fixed in.

    Regardless, it looks like this should work fine in IDM 4.01 in which
    case, you might need an incident with Novell to figure out what is going
    wrong in this case. Or else it could just be a bad file copy? Or of
    course, something else totally unrelated.


    > Any suggestions on what else I can do?
    > I tried the Password Expiration Notification job that "comes" with IDM,
    > but I seem to keep getting different results, one implementation it
    > works and another it doesn't...