Trouble calling com.novell.nds.dirxml.util.DxCommand.commandLine() method with XPath

I am developing a driver which have to save User objects and some its attributes to file each day, so I created Null Service Driver to save info and and subscriber channel trigger job named "LDIF-export-Job" which pushes objects from predefined scope to the driver. Thing is that the file, which contain records from current day must have constant name, so I have to rename this file adding timestamp and create new one each day. And I created second job named "export-starter-Job" which is scheduled and on run of this job driver renames file and have to start "LDIF-export-Job".

I followed instructions from https://community.microfocus.com/cyberres/idm/w/identity_mgr_tips/4208/an-even-easier-way-to-call-a-job-from-policy

and used

<token-xpath expression='jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")'/>

When I push user DN, password and job DN with plain text it works fine. But with local variables XPath does not try to get values from local variables and throws -601 Error.

[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Action: do-set-local-variable("START-JOB",scope="policy",token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")")).
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: arg-string(token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")"))
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")")
[07/28/2021 15:26:53.546] NetIQ Identity Manager Command Line Utility
[07/28/2021 15:26:53.546] version 4.6.0.0
[07/28/2021 15:26:53.546] Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
[07/28/2021 15:26:53.546] novell.jclient.JCException: resolve -601 ERR_NO_SUCH_ENTRY

Full rule trace:

[07/28/2021 15:26:53.515] LDIF-Export-Driver ST: Applying rule 'Start LDIF-export-Job'.
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Action: do-set-local-variable("USERNAME",scope="policy",token-src-attr("Security Equals",arg-dn(token-global-variable("dirxml.auto.driverdn")))).
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-string(token-src-attr("Security Equals",arg-dn(token-global-variable("dirxml.auto.driverdn"))))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-src-attr("Security Equals",arg-dn(token-global-variable("dirxml.auto.driverdn")))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-dn(token-global-variable("dirxml.auto.driverdn"))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-global-variable("dirxml.auto.driverdn")
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Query from policy
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query dest-dn="\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver" scope="entry">
<read-attr attr-name="Security Equals"/>
</query>
</input>
</nds>
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Pumping XDS to eDirectory.
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Performing operation query for \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver.
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: --JCLNT-- \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver : Duplicating : context = 1634074966, tempContext = 1634074958
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: --JCLNT-- \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver : Calling free on tempContext = 1634074958
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Query from policy result
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="DirXML-Driver" qualified-src-dn="O=system\CN=driverset1\CN=LDIF-Export-Driver" src-dn="\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver" src-entry-id="34323">
<attr attr-name="Security Equals">
<value timestamp="1627466236#1" type="dn">\IDMTREE_IP98\system\sa\admin</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Action: do-set-local-variable("PASSWORD",scope="policy",token-src-attr("nspmDistributionPassword",arg-dn(token-local-variable("USERNAME")))).
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-string(token-src-attr("nspmDistributionPassword",arg-dn(token-local-variable("USERNAME"))))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-src-attr("nspmDistributionPassword",arg-dn(token-local-variable("USERNAME")))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-dn(token-local-variable("USERNAME"))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-local-variable("USERNAME")
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Query from policy
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query dest-dn="\IDMTREE_IP98\system\sa\admin" scope="entry">
<read-attr attr-name="nspmDistributionPassword"/>
</query>
</input>
</nds>
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Pumping XDS to eDirectory.
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Performing operation query for \IDMTREE_IP98\system\sa\admin.
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: --JCLNT-- \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver : Duplicating : context = 1634074966, tempContext = 1634074958
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: --JCLNT-- \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver : Calling free on tempContext = 1634074958
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Query from policy result
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=system\OU=sa\CN=admin" src-dn="\IDMTREE_IP98\system\sa\admin" src-entry-id="32877">
<association state="disabled"></association>
<attr attr-name="nspmDistributionPassword" is-sensitive="true"><!-- content suppressed -->
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "-- suppressed --".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "-- suppressed --".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Action: do-set-local-variable("USERNAME",scope="policy",token-parse-dn(dest-dn-format="dot",start="1",token-local-variable("USERNAME"))).
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-string(token-parse-dn(dest-dn-format="dot",start="1",token-local-variable("USERNAME")))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-parse-dn(dest-dn-format="dot",start="1",token-local-variable("USERNAME"))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-parse-dn(dest-dn-format="dot",start="1",token-local-variable("USERNAME"))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-local-variable("USERNAME")
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "\IDMTREE_IP98\system\sa\admin".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Token Value: "admin.sa.system".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Arg Value: "admin.sa.system".
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: Action: do-set-local-variable("JOB",scope="policy","LDIF-export-Job."+token-parse-dn(dest-dn-format="dot",start="1",token-global-variable("dirxml.auto.driverdn"))).
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: arg-string("LDIF-export-Job."+token-parse-dn(dest-dn-format="dot",start="1",token-global-variable("dirxml.auto.driverdn")))
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-text("LDIF-export-Job.")
[07/28/2021 15:26:53.530] LDIF-Export-Driver ST: token-parse-dn(dest-dn-format="dot",start="1",token-global-variable("dirxml.auto.driverdn"))
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: token-parse-dn(dest-dn-format="dot",start="1",token-global-variable("dirxml.auto.driverdn"))
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: token-global-variable("dirxml.auto.driverdn")
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Token Value: "\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Arg Value: "\IDMTREE_IP98\system\driverset1\LDIF-Export-Driver".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Token Value: "LDIF-Export-Driver.driverset1.system".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Arg Value: "LDIF-export-Job.LDIF-Export-Driver.driverset1.system".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Action: do-set-local-variable("START-JOB",scope="policy",token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")")).
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: arg-string(token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")"))
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: token-xpath("jcmd:commandLine(" -user $USERNAME -password $PASSWORD -startjob $JOB")")
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] NetIQ Identity Manager Command Line Utility
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] version 4.6.0.0
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] novell.jclient.JCException: resolve -601 ERR_NO_SUCH_ENTRY
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at novell.jclient.JCContext.resolve(Native Method)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at novell.jclient.JCContext.resolve(JCContext.java:951)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.util.DxCommand.jclientLogin(DxCommand.java:1144)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.util.DxCommand.login(DxCommand.java:1093)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:543)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:665)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at java.lang.reflect.Method.invoke(Method.java:498)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.xsl.extensions.JavaMethodInstance.invoke(JavaMethodInstance.java:148)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.xml.xpath.FunctionCall.evaluate(FunctionCall.java:90)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.xml.dom.DOMEvaluator.evaluate(DOMEvaluator.java:89)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.RuleDynamicContext.evaluateXPath(RuleDynamicContext.java:176)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.TokenXPath.expand(TokenXPath.java:72)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.Arg.evaluate(Arg.java:469)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.DoSetLocalVariable.apply(DoSetLocalVariable.java:101)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.ActionSet.apply(ActionSet.java:182)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.rules.DirXMLScriptProcessor.applyRules(DirXMLScriptProcessor.java:310)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:417)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:304)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Subscriber$CustomOpProcessor.process(Subscriber.java:1347)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Subscriber.processEvent(Subscriber.java:1156)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Subscriber.processEvents(Subscriber.java:969)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.Driver.submitTransaction(Driver.java:865)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.DriverEntry.submitTransaction(DriverEntry.java:1158)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.DriverEntry.processCachedTransaction(DriverEntry.java:1042)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.DriverEntry.eventLoop(DriverEntry.java:850)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at com.novell.nds.dirxml.engine.DriverEntry.run(DriverEntry.java:627)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] at java.lang.Thread.run(Thread.java:745)
[07/28/2021 15:26:53.546]
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Token Value: "-1".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST: Arg Value: "-1".
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST:Policy returned:
[07/28/2021 15:26:53.546] LDIF-Export-Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<trigger event-id="trigger-job:export-starter-Job#20210728122653#0#0" source="export-starter-Job">
<operation-data source="export-starter-Job"/>
</trigger>
</input>
</nds>

Can You please help me to solve this problem?

  • 601, object not found, means it could be one of two objects.  The User or the Job.

    I would add a trace, just before you call the jcmd: command of JOB and USER variables.

    Then try the command line yourself with those parameters.

    It is possible that dxcmd in the version you are looking at is expecting LDAP DNs vs NDAP DNs.  Or maybe you need a switch to allow NDAP vs LDAP in later versions of dxcmd.

    I mean I wrote the article you are referencing over 12 years ago. So would not be surprised if this has changed.

  • As I wrote in startpost I tried to launch command with plain text like

    <token-xpath expression='jcmd:commandLine(" -user admin.sa.system -password plainpassword -startjob LDIF-export-Job.LDIF-Export-Driver.driverset1.system")'/>

    and it worked fine - job "LDIF-export-Job" runs!

    You can see values of variables USERNAME and JOB  on full trace-it is the same as I wrote upper in this post

    The thing is when I try to use local variables in XPath expression it seems that script tries to pass not its values like "admin.sa.system" but string "$USERNAME" and same for password and job

  • Suggested Answer

    Interesting I started old 4.6 designer and I see I have different syntax:
    <token-xpath expression="es:customeScript($test)"/>

    So the difference is only the es part... Probably not the problematic part...

    How about using single quotes around variables:

    <token-xpath expression='jcmd:commandLine(" -user '$USERNAME' -password '$PASSWORD' -startjob $JOB")'/>

    Or even better set whole command line parameter as local variable and use it as parameter:

    <do-set-local-variable name="test" scope="policy">
    <arg-string>
    <token-text xml:space="preserve"> -user "</token-text>
    <token-local-variable name="USERNAME"/>
    <token-text xml:space="preserve">" -password "</token-text>
    <token-local-variable name="PASSWORD"/>
    <token-text xml:space="preserve">" -startjob "</token-text>
    <token-text xml:space="preserve">JOB</token-text>
    <token-text xml:space="preserve">"</token-text>
    </arg-string>
    </do-set-local-variable>

    <do-set-local-variable name="START-JOB" scope="policy">
    <arg-string>
    <token-xpath expression="jcmd:commandLine($test)"/>
    </arg-string>
    </do-set-local-variable>

    Something like that, let me know if this helps.You might want to get rid of extra quotes in the second solution around variable names (I used it in case anything includes space).

  • With single quotes I catch:

    NetIQ Identity Manager Command Line Utility
    version 4.6.0.0
    Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

    Enter user's password:
    Enter user's password:

    java.io.IOException: The handle is invalid

    at java.io.FileInputStream.readBytes(Native Method)...

    ------------------------------------------------------------------------------------

    When single variable with command is used: 

    Action: do-set-local-variable("START-JOB",scope="policy",arg-object(token-xpath("jcmd:commandLine($lv-start-command)"))).
    arg-object(token-xpath("jcmd:commandLine($lv-start-command)"))
    token-xpath("jcmd:commandLine($lv-start-command)")
    Processing returned document.
    Processing operation <status> for .
    DirXML Log Event -------------------
    Driver: \IDMTREE_IP98\system\driverset1\LDIF-Export-Driver
    Channel: Subscriber
    Status: Error
    Message: Code(-9131) Error in vnd.nds.stream://IDMTREE_IP98/system/driverset1/LDIF-Export-Driver/Subscriber/sub-ctp-renameFile#XmlData:114 : Error evaluating XPATH expression 'token-xpath("jcmd:commandLine($lv-start-command)")' : com.novell.xml.xpath.XPathEvaluationException: Multiple matching Java methods for 'jcmd:commandLine($lv-start-command)'.

  • Found solution: using GCVs

    <token-xpath expression='jcmd:commandLine("-user ~gcv-d-jobUser~ -password ~gcv-d-password~ -startjob  ~gcv-d-jobDN~")'/>

    reads GCVs correctly. 

    But trouble of ignoring local variables in Java methods call are very irritating

  • Other than trying different variations of using none/single/double quotes in single variable, I don't know what else what you could do.

  • Hi Ivan,

    You can try to use -v and -s parameters. for troubleshooting.

    dxcmd parameters in CS:

    community.microfocus.com/.../dxcmd-switches

    Configuration:
        -user < user name>
        -host < name or IP address>
        -password < user password>
        -port < port number>
        -cert < X.509 DER certificate filename>
        -dnform < slash|qualified-slash|dot|qualified-dot|ldap> (force dn form)
        -version < n.n[.n[.n]]>                 (force engine version for testing)
        -nossl                                 (use clear socket for LDAP)
        -keystore < keystore path and filename> (for LDAP SSL)
        -storepass < keystore password>         (for LDAP SSL)
        -q                                     (quiet mode)
        -v                                     (verbose mode)
        -s                                     (write result to stdout)
        -?                                     (show this message)
        -help                                  (show this message)
  • Hi,

    could you provide a more detailed (elevated) trace? FYI New error seems totally unrelated I would translate it as you having this method defined twice in library (just off top of my head).

  • Basically "commandLine" method of class DxCommand have 4 overloads.

    Here is description

    All of them have only 1 parameter with different type 

    So  gave an idea to manually show that variable has "String" type, and as result code:

    <do-set-local-variable name="START-JOB" scope="policy">
        <arg-string>
            <token-xpath expression="jcmd:commandLine(string($lvStartCommand))"/>
        </arg-string>
    </do-set-local-variable>

    works 

  • I just helped Ivan to troubleshoot the issue.

    Command line string, that he tried to pass to JCMD, missed some mandatory information and DXCMD had no chance to execute the command.

    When the command line string was fixed, DXCMD was executed without any issue.