Highlighted
Trusted Contributor.
Trusted Contributor.
206 views

Automatic fulfillment to IDM

Hello

I’m trying to remove idm permissions automatically but when the fulfillment from IG is triggered the following error message appears: 

Comentario: Error inesperado al provisionar el elemento de cambio con ID: 60. Motivo: Error de comando: tipo: modify: [com.netiq.daas.common.DaaSException: (GRANT: cn=Rol_Basico_Alumno_En_Practica,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system, result: ERROR [DAL communication error.])]

IDM-catalina.out showed the following log:

[GRAVE] 2020-06-23 15:20:20 com.netiq.iac.persistence.dcs.prov.worker.AutoProvisioningWorkerThread call - [IG-DTP] Unexpected error while provisioning changeItem id: 60. Reason: Error de comando: tipo: modify: [com.netiq.daas.common.DaaSException: (GRANT: cn=Rol_Basico_Alumno_En_Practica,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system, result: ERROR [DAL communication error.])]
[GRAVE] 2020-06-23 15:20:20 com.netiq.soa.notification.impl.NotificationThread run - [IG-DTP] Error sending email.
[GRAVE] 2020-06-23 15:20:20 com.netiq.soa.notification.impl.NotificationThread run - [IG-DTP] Error sending email.
[GRAVE] 2020-06-23 15:20:20 com.netiq.soa.notification.impl.NotificationThread run - [IG-DTP] Error sending email.

Can you help me with an alternative to solve this problem?

Thanks!

4 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Automatic fulfillment to IDM

Greetings,


There should be more of an error on the IDM App's Tomcat server log. ID Gov issues SOAP call to the IDM Apps in this case and passes the information.

1) Please look at the ID Apps logs for the full error since that is where it is happening and provide that.

2.a) Are you only collecting Identities from IDM?
2.a.1) If no, what other Identity Source are you collecting from?
2.a.2) If no, are you utilizing Publishing and Merging? If yes, who is the authority for the LDAP Distinguished Name?

Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus

Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Automatic fulfillment to IDM


Thank you for your quick response!
Regarding your questions:

1- IDM-catalina.out showed the following log:

 

2020-06-24 15:18:26,826 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8543-exec-171) [RBPM] [Login_Success] cn=uaadmin,ou=sa,o=data successfully logged in.
2020-06-24 15:18:26,827 DEBUG [com.novell.soa.ws.impl.xml.OutputStreamImpl] (https-jsse-nio-8543-exec-171) <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><SOAP-ENV:Body><ns1:getVersionResponse xmlns="http://www.novell.com/role/service" xmlns:ns1="http://www.novell.com/role/service"><VersionVO>3.6.1</VersionVO></ns1:getVersionResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
2020-06-24 15:18:26,899 INFO  [com.novell.pwdmgt.util.PasswordHelper] (https-jsse-nio-8543-exec-151) [RBPM] [Login_Success] cn=uaadmin,ou=sa,o=data successfully logged in.
2020-06-24 15:18:26,947 ERROR [com.novell.srvprv.impl.vdata.model.VirtualDataAccess] (https-jsse-nio-8543-exec-151) [RBPM] Ldap error creating object: cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system. Error: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining name 'cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining name 'cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system'
							
2020-06-24 15:18:26,949 ERROR [com.novell.idm.nrf.service.ResourceManagerService] (https-jsse-nio-8543-exec-151) [RBPM] [Resource_Request_Failure] Requested by cn=uaadmin,ou=sa,o=data, Target DN: cn=asierra,ou=actives,ou=users,o=data, Source DN:cn=User_Email_DEV,cn=ResourceDefs,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system, Request DN:cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system, Request Category: 10, Request Status: 0, Original Request Status: null, Correlation ID: 65, Error Message: null
			
2020-06-24 15:18:26,950 INFO  [com.novell.idm.nrf.soap.ws.resource.impl.ResourceServiceSkeletonImpl] (https-jsse-nio-8543-exec-151) [RBPM] DAL communication error.
com.novell.idm.nrf.exception.NrfException: DAL communication error.
	
Caused by: com.novell.srvprv.spi.vdata.exception.VirtualDataException: Ldap error creating object: cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system. Error: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining name 'cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system'
			
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining name 'cn=20200624151826-a0f3da49f5b24e58b8b7af3e95b26301-0,cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system'
					
2020-06-24 15:18:26,952 DEBUG [com.novell.soa.ws.impl.xml.OutputStreamImpl] (https-jsse-nio-8543-exec-151) <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>Client</faultcode><faultstring>Server Error</faultstring><detail><ns1:NrfServiceException xmlns="http://www.novell.com/resource/service" xmlns:ns1="http://www.novell.com/resource/service"><reason>DAL communication error.</reason></ns1:NrfServiceException><stackTrace xmlns="" xsi:type="xsd:string">com.novell.idm.nrf.soap.ws.resource.NrfServiceException
						
</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>	

 

 

2- Yes, only identities from IDM

Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Automatic fulfillment to IDM

Greetings,
 
1) What is the exact version of the ID Apps and IDM that you have installed?
 
2) Do the following exist right now in your Vault:
a) cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system
b) cn=User_Email_DEV,cn=ResourceDefs,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system
c) cn=asierra,ou=actives,ou=users,o=data
 
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Automatic fulfillment to IDM

Hello,

Thanks for responding

1) IG version is 3.6.1 and IDM is 4.8.1

2) Yes, all of these exist

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.