This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
veridicis
veridicis Trusted Contributor.
Trusted Contributor.
‎2019-02-18 13:29
490 views

AD driver not getting schema

Hei gents, anyone have any idea for this?
I'm introducing an entitled AD driver and doing some testing to check policies/operations/stability.
On matching with an existing user I'm doing a query with no results (removed OU names, etc). The user exists in that location, the service account has plenty of rights.

[02/18/19 09:53:40.180]:ADentt ST:        Remote Interface Driver: Sending...
[02/18/19 09:53:40.180]:ADentt ST:        
<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Advanced" version="4.7.1.1">DirXML</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <input>
    <query class-name="user" dest-dn="CN=H21646,OU=Brukere,OU=,OU=,OU=,DC=,DC=" event-id="0" scope="entry">
      <search-class class-name="user"/>
      <read-attr/>
    </query>
  </input>
</nds>
[02/18/19 09:53:40.183]:ADentt ST:        Remote Interface Driver: Document sent.
[02/18/19 09:53:40.183]:ADentt ST:        Remote Interface Driver: Waiting for receive...
[02/18/19 09:53:40.200]:ADentt ST:        Remote Interface Driver: Received
[02/18/19 09:53:40.200]:ADentt ST:        
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20180125_120000" instance="\IDV\service\IDM\DriverSet3\ADentt" version="4.1.1.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status event-id="0" level="success"/>
  </output>
</nds>



On the RL side trace I see:

DirXML: [02/18/19 09:53:40.91]: Loader: Received 'subscriber execute' document
DirXML: [02/18/19 09:53:40.91]: Loader: XML Document:
DirXML: [02/18/19 09:53:40.91]: <nds dtdversion="4.0" ndsversion="8.x">
	<source>
		<product edition="Advanced" version="4.7.1.1">DirXML</product>
		<contact>NetIQ Corporation</contact>
	</source>
	<input>
		<query class-name="user" dest-dn="CN=H21646,OU=Brukere,OU=,OU=,OU=,DC=,DC=" event-id="0" scope="entry">
			<search-class class-name="user"/>
			<read-attr/>
		</query>
	</input>
</nds>
DirXML: [02/18/19 09:53:40.92]: Loader: Calling subscriptionShim->execute()
DirXML: [02/18/19 09:53:40.92]: Loader: XML Document:
DirXML: [02/18/19 09:53:40.92]: <nds dtdversion="4.0" ndsversion="8.x">
	<source>
		<product edition="Advanced" version="4.7.1.1">DirXML</product>
		<contact>NetIQ Corporation</contact>
	</source>
	<input>
		<query class-name="user" dest-dn="CN=H21646,OU=Brukere,OU=,OU=,OU=,DC=,DC=" event-id="0" scope="entry">
			<search-class class-name="user"/>
			<read-attr/>
		</query>
	</input>
</nds>
DirXML: [02/18/19 09:53:40.93]: ADDriver: parse command

  className    user
  destDN       CN=H21646,OU=Brukere,OU=,OU=,OU=,DC=,DC=
  eventId      0
  association  
DirXML: [02/18/19 09:53:40.93]: ADDriver: query
DirXML: [02/18/19 09:53:40.93]: ADDriver: query constraints
DirXML: [02/18/19 09:53:40.93]: ADDriver:    warning: search-class user not in schema
DirXML: [02/18/19 09:53:40.93]: ADDriver:    read-attr (do not return attributes)
DirXML: [02/18/19 09:53:40.93]: Loader: subscriptionShim->execute() returned:
DirXML: [02/18/19 09:53:40.93]: Loader: XML Document:
DirXML: [02/18/19 09:53:40.93]: <nds ndsversion="8.7" dtdversion="1.1">
	<source>
		<product version="4.1.1.0" asn1id="" build="20180125_120000" instance="\IDV\service\IDM\DriverSet3\ADentt">AD</product>
		<contact>NetIQ Corporation</contact>
	</source>
	<output>
		<status level="success" event-id="0"/>
	</output>
</nds>


That warning seems to be the culprit.
Labels (1)
Tags (2)
0 Likes
Reply
Report Inappropriate Content
4 Replies
aburgemeister
Knowledge Partner
Knowledge Partner
‎2019-02-18 14:35

Re: AD driver not getting schema

On 02/18/2019 06:34 AM, veridicis wrote:
> search-class user not in schema

I do not have a note of that in any trace I have stored, so maybe that's
new, or maybe it is not and it's a sign of a weird misconfiguration. Also
odd is that the user class-name is just right, so that's weird. It may be
useful to post a driver config startup trace to see hot that looks on the
Remote Loader (RL) side. An example from an old trace follows:


<query class-name="user" dest-dn="CN=John
Wayne,OU=northamerica,DC=company,DC=com" event-id="0" scope="entry">


Has this ever worked before, maybe in a Test environment of some sort? Is
anything weird about this microsoft active directory (MAD) environment?
Does that object exist right there (be triple-sure)? Have you tested with
a full administrator to make sure there isn't a weird problem connecting
fully due to privileges?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Reply
Report Inappropriate Content
al_b
Knowledge Partner
Knowledge Partner
‎2019-02-18 18:06

Re: AD driver not getting schema

ab;2495530 wrote:
On 02/18/2019 06:34 AM, veridicis wrote:
> search-class user not in schema

I do not have a note of that in any trace I have stored, so maybe that's
new, or maybe it is not and it's a sign of a weird misconfiguration. Also
odd is that the user class-name is just right, so that's weird. It may be
useful to post a driver config startup trace to see hot that looks on the
Remote Loader (RL) side. An example from an old trace follows:


<query class-name="user" dest-dn="CN=John
Wayne,OU=northamerica,DC=company,DC=com" event-id="0" scope="entry">


Has this ever worked before, maybe in a Test environment of some sort? Is
anything weird about this microsoft active directory (MAD) environment?
Does that object exist right there (be triple-sure)? Have you tested with
a full administrator to make sure there isn't a weird problem connecting
fully due to privileges?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


It is looks like permissions issue of driver service account.
you can try to initiate App schema refresh from your Designer and report here about results.
0 Likes
Reply
Report Inappropriate Content
veridicis
veridicis Trusted Contributor.
Trusted Contributor.
‎2019-02-19 12:21

Re: AD driver not getting schema

al_b;2495548 wrote:
It is looks like permissions issue of driver service account.
you can try to initiate App schema refresh from your Designer and report here about results.


The service account is a Domain Admin, refresh schema from Designer doesn't work :/. "Not able to get schema definitions from server". And nothing in the RL trace.

To be fair, the current DC that's in use has seen better times. I am waiting for a new DC to be made available where I'll put the RL and point the entitled driver towards it.
0 Likes
Reply
Report Inappropriate Content
veridicis
veridicis Trusted Contributor.
Trusted Contributor.
‎2019-02-20 14:49

Re: AD driver not getting schema

veridicis;2495572 wrote:
The service account is a Domain Admin, refresh schema from Designer doesn't work :/. "Not able to get schema definitions from server". And nothing in the RL trace.

To be fair, the current DC that's in use has seen better times. I am waiting for a new DC to be made available where I'll put the RL and point the entitled driver towards it.


So definitely something wrong/muddled with the DC, I installed the RL on a new DC and it initialized correctly. Queries and operations running through with no issues...
Thanks for all the suggestions so far.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.