DCS Driver Help

We are trying to deploy the Reporting application. The issue I'm having is that no matter what I get the following error. Message: Code(-9076) Unhandled error in event loop: com.novell.nds.dirxml.engine.VRDException: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: <description>Subscriber Error: (Error 401) Could not connect to the URL 'xxx.xxx.xxx.xxx/.../idvs'. Unauthorized User Account error</description>

I know the username and password provided are correct. I don't remember having this issue when we first deployed this but the DCS driver has not been working properly for some time now. We updated to 4.7.2 and the DCS driver package is at the latest version. I followed the documentation for how it should be set up but something just isn't connecting properly. Any tips or hints to resolve this? I've contemplated just deleting the driver and starting over from scratch.

Thanks for the help.
  • On 5/9/2019 3:36 PM, jburns80 wrote:
    >
    > We are trying to deploy the Reporting application. The issue I'm having
    > is that no matter what I get the following error. Message: Code(-9076)
    > Unhandled error in event loop:
    > com.novell.nds.dirxml.engine.VRDException: Code(-9006) The driver
    > returned a "retry" status indicating that the operation should be
    > retried later. Detail from driver: <description>Subscriber Error: (Error
    > 401) Could not connect to the URL
    > 'xxx.xxx.xxx.xxx/.../idvs'. Unauthorized User
    > Account error</description>
    >
    > I know the username and password provided are correct. I don't remember
    > having this issue when we first deployed this but the DCS driver has not
    > been working properly for some time now. We updated to 4.7.2 and the
    > DCS driver package is at the latest version. I followed the
    > documentation for how it should be set up but something just isn't
    > connecting properly. Any tips or hints to resolve this? I've
    > contemplated just deleting the driver and starting over from scratch.


    Format of username? gcarman or cn=gcarman,ou=users,o=acme?

    Depends the API that DCCS is using to connect. Should be OAUth so I
    guess gcarman format.


  • Currently is in the cn=username,ou=ouname,o=dev

    I'll try the latter, It was using cn before
  • oauth may be part of the issue. When I login to the reporting server it won't let me login with just uaadmin account, I have to use the fully qualified cn. But there must be some configuration to where it's seeking that username that I need to update because any user in the users OU can login with just cn.
  • On 5/9/2019 4:14 PM, jburns80 wrote:
    >
    > oauth may be part of the issue. When I login to the reporting server it
    > won't let me login with just uaadmin account, I have to use the fully
    > qualified cn. But there must be some configuration to where it's
    > seeking that username that I need to update because any user in the
    > users OU can login with just cn.



    You do not mention the specific rev and OSP has changed a bit over the
    years and versions, where some versions specify an Admin user container,
    and logins are tried against the main user container and the secondary
    Admin container. See if you have that configured in configupdate.sh


  • On 5/9/2019 4:14 PM, jburns80 wrote:
    >
    > oauth may be part of the issue. When I login to the reporting server it
    > won't let me login with just uaadmin account, I have to use the fully
    > qualified cn. But there must be some configuration to where it's
    > seeking that username that I need to update because any user in the
    > users OU can login with just cn.


    Oh, also, in /opt/netiq/idm/apps/tomcat/bin/setenv.sh have you set the
    log level shipped at INFO to say, ALL ?

    If so, look for something happening in the osp.log when DCS tries to log in.


  • On 5/9/2019 4:21 PM, Geoffrey Carman wrote:
    > On 5/9/2019 4:14 PM, jburns80 wrote:
    >>
    >> oauth may be part of the issue.  When I login to the reporting server it
    >> won't let me login with just uaadmin account, I have to use the fully
    >> qualified cn.  But there must be some configuration to where it's
    >> seeking that username that I need to update because any user in the
    >> users OU can login with just cn.

    >
    > Oh, also, in /opt/netiq/idm/apps/tomcat/bin/setenv.sh have you set the
    > log level shipped at INFO to say, ALL ?
    >
    > If so, look for something happening in the osp.log when DCS tries to log
    > in.


    Thinking about it, I have never understood how it will work under the
    covers, when you have SAML federation enabled, and then a driver like
    DCS wants to do Oauth, how does it log in? If you get trace of that, in
    osp.log, I would very much like to see how that looks.


  • OSP version is 6.3.1, I've configured it to do local authorization. I'll up the logging and check the OSP logs, I'll gladly share the findings. This morning I tried changing the user in the GCV and the Driver config to an admin type account I created just for reporting, same error occurs. I'll get the logs to you asap.
  • I finally got the DCS driver and MSGW driver working, it was Oauth, but it was because I was trying to use OSP from a different server instead of local osp. I corrected that an it is now working, now I have to determine why the application won't connect to the oracle data source. Thank you for your help