Highlighted
Captain
Captain
612 views

Bi-directional eDirectory LDAPException: Insufficient Access Rights (50) Insufficient Access Rights

We have two IDM eDirectory Server, we are trying to sync one User from one IDM eDirectory server to other IDM eDirectory Server.
For this, we are using Bi-directional eDirectory Driver.
We are using SSL connection, Driver parameters are given below which we have configured in Driver.

<?xml version="1.0" encoding="UTF-8"?><driver-config name="Identity Manager eDirectory Driver">
<driver-options>
<configuration-values>
<definitions>
<group>
<definition display-name="Use SSL" name="use-ssl" type="enum">
<description>Specify if you want LDAP protocol communications to be encrypted using SSL.</description>
<enum-choice display-name="No">false</enum-choice>
<enum-choice display-name="Yes">true</enum-choice>
<value>true</value>
</definition>
<subordinates active-value="true">
<group>
<definition display-name="Always accept server certificate" name="accept-srv-ldaps-cert" type="enum">
<description>Accept the server certificate automatically. Avoids the need for manually maintaining a keystore. If you select No, you must have a keystore configured with the appropriate certificates.</description>
<enum-choice display-name="Yes">true</enum-choice>
<enum-choice display-name="No">false</enum-choice>
<value>false</value>
</definition>
<subordinates active-value="false">
<definition display-name="Keystore path for SSL certificate(s)" name="keystore" type="string">
<description>Specify the full path to the keystore file containing SSL certificates.</description>
<value xml:space="preserve">/opt/netiq/common/jre/lib/security/cacerts</value>
</definition>
<definition display-name="Use mutual authentication" name="use-mutual-auth" type="enum">
<description>Select Yes if you want the driver to use SSL mutual (both client and server) authentication or select No for server authentication only. If you select Yes, you must have the appropriate certificates configured in your keystore.</description>
<enum-choice display-name="No">false</enum-choice>
<enum-choice display-name="Yes">true</enum-choice>
<value>true</value>
</definition>
<definition display-name="Key alias" name="keyalias" type="string">
<description>Specify an alias for your certificate</description>
<value xml:space="preserve">nam-edir-new</value>
</definition>
<definition critical-change="true" display-name="Keystore password" name="keystore-pass" type="password-ref">
<description>Specify the password used by the keystore.</description>
<value xml:space="preserve">ksore-passwd</value>
<pwd-value removePwd="false"/>
</definition>
</subordinates>
</group>
</subordinates>
</group>
<gcv-ref name="drv.edir.passwd.sync.ver"/>
<definition display-name="Driver GUID" hide="true" name="driverGUID" type="string">
<description>Specify the driver GUID.</description>
<value>~dirxml.auto.driverguid~</value>
</definition>
<gcv-ref driver-param-name="idvBaseDn" hide="true" name="idv.dit.data.users"/>
</definitions>
</configuration-values>
</driver-options>
<subscriber-options>
<configuration-values>
<definitions>
<group>
<definition display-name="Show default configuration" id="108" name="drv.edir.sub.basic.config" type="enum">
<description/>
<enum-choice display-name="Show">show</enum-choice>
<enum-choice display-name="Hide">hide</enum-choice>
<value>show</value>
</definition>
<subordinates active-value="show">
<definition display-name="eDirectory port number" id="109" name="drv.edir.sub.dsport" type="integer">
<description>Specify the eDirectory port number. This is required only for creating home directory.</description>
<value>524</value>
</definition>
</subordinates>
</group>
</definitions>
</configuration-values>
</subscriber-options>
<publisher-options>
<configuration-values>
<definitions>
<group>
<definition display-name="Show default configuration" id="108" name="drv.edir.pub.basic.config" type="enum">
<description/>
<enum-choice display-name="Show">show</enum-choice>
<enum-choice display-name="Hide">hide</enum-choice>
<value>show</value>
</definition>
<subordinates active-value="show">
<gcv-ref driver-param-name="drv.edir.pub.base.cont" name="drv.edir.base.container"/>
<definition display-name="Polling interval in seconds" name="drv.edir.pub.pollRate" type="integer">
<description>Specify the number of seconds after which the publisher channel polls the eDirectory for updates.</description>
<value>30</value>
</definition>
<definition display-name="Heartbeat interval in minutes" name="pub-heartbeat-interval" type="string">
<description>Specify the heartbeat interval in minutes. Leave this field blank to turn off the heartbeat.</description>
<value>1</value>
</definition>
<definition display-name="Keep Alive interval in minutes" name="keep-alive-interval" type="integer">
<description>Specifies how often, in minutes, the driver shim re-initializes an idle change-log connection in order to keep the connection alive between the bidirectional eDirectory shim and the change-log. The default value is 30 minutes. The minimum duration is 1 minute. Setting the interval as 0 or lesser will disable this option.</description>
<value>30</value>
</definition>
<definition critical-change="true" display-name="Allow loop-back detection" name="drv.edir.pub.event.optimize" type="boolean">
<description>Specify whether the driver should perform loop-back detection. When set to true, the driver avoids event loop-back. When set to false, subscriber events may loop into the publisher channel. </description>
<value>true</value>
</definition>
</subordinates>
</group>
<group>
<definition display-name="Show Change-log plugin configuration" name="drv.edir.chng.log.config" type="enum">
<description/>
<enum-choice display-name="Show">show</enum-choice>
<enum-choice display-name="Hide">hide</enum-choice>
<value>hide</value>
</definition>
<subordinates active-value="show">
<definition critical-change="true" display-name="Max days without re-connect" name="drv.edir.cl.CLMaxDisconnectDays" range-hi="100" range-lo="1" type="integer">
<description>Specify the number of days after which driver change cache and registration information is deleted if the driver does not connect.
Default value is 30. Min val=1, max val=100</description>
<value>30</value>
</definition>
<definition critical-change="true" display-name="Ignore processing errors" name="drv.edir.cl.CLIgnoreErrors" type="boolean">
<description>Specify if the change-log should ignore any error encountered while processing a publisher event.
If the value is set to true, then errors are ignored and the next event will be processed.
If the value is set to false, then the same event be resend.</description>
<value>false</value>
</definition>
<definition critical-change="true" display-name="Allow password on clear-text connection" name="drv.edir.cl.CLAllowPasswdOnClearConn" type="boolean">
<description>Specify if password can be sent over insecure connection.
If the value is set to true, then password will be sent over insecure connection.
If the value is set to false, then password will be sent over secure channel only .</description>
<value>false</value>
</definition>
<definition critical-change="true" display-name="Change-log trace level" name="drv.edir.cl.CLTraceLevel" type="enum">
<description>Specify the change-log trace level. Following are the identified trace levels :
1 : ERROR – log only errors
2 : INFO – log informational messages
3 : DEBUG – log debug data along with info messages
Default trace level is 1(ERROR).</description>
<enum-choice display-name="ERROR">1</enum-choice>
<enum-choice display-name="INFO">2</enum-choice>
<enum-choice display-name="DEBUG">3</enum-choice>
<value>1</value>
</definition>
<definition critical-change="true" display-name="Change-log preferred maximum batch-size" id="119" name="drv.edir.cl.CLPreferedMaxBatchSize" range-hi="500" range-lo="1" type="integer">
<description>Specify the maximum number of events that may be sent in a batch by the change-log module.
minimum = 1
maximum = 500</description>
<value>100</value>
</definition>
</subordinates>
</group>
</definitions>
</configuration-values>
</publisher-options>
</driver-config>

Publisher/Subscriber Channel Placement Type is mirrored.

I have already performed the steps of below URL to import certificate into clients certificate store.
https://www.netiq.com/documentation/identity-manager-47-drivers/bidirect_edirectory/data/importing-the-certificate-into-the-clients-certificate.html

When we are creating a User in IDM eDirectory Server 1 then we are getting below error in Drivers logs
LDAPInterface.doLDAPAdd() Error: LDAPException: Insufficient Access Rights (50) Insufficient Access Rights

Drivers log are given below

[07/28/20 12:22:30.638]:Bi-directional eDirectory ST:Start transaction.
[07/28/20 12:22:30.639]:Bi-directional eDirectory ST:type(add-entry)entry-id(72158) dn(\T=MYLDAP\O=mycompany\OU=Users\OU=External\CN=tcsr01) class-id(441) class-name(User)
[07/28/20 12:22:30.640]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=Given Name, string=Test
[07/28/20 12:22:30.641]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=employeeType, string=CSR
[07/28/20 12:22:30.642]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_BOOLEAN, attributeName=Login Disabled, State=false
[07/28/20 12:22:30.643]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_OCTET_STRING, attributeName=GUID, octetString=[B@392a821, length=16
[07/28/20 12:22:30.644]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=CN, string=tcsr01
[07/28/20 12:22:30.645]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=ADEmailAddress, string=**PERSONAL INFORMATION REMOVED**
[07/28/20 12:22:30.646]:Bi-directional eDirectory ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=Surname, string=CSR01
[07/28/20 12:22:30.647]:Bi-directional eDirectory ST:Processing events for transaction.
[07/28/20 12:22:30.660]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
</add>
</input>
</nds>
[07/28/20 12:22:30.687]:Bi-directional eDirectory ST:No event transformation policies.
[07/28/20 12:22:30.688]:Bi-directional eDirectory ST:Subscriber processing add for \MYLDAP\mycompany\Users\External\tcsr01.
[07/28/20 12:22:30.689]:Bi-directional eDirectory ST:Applying object matching policies.
[07/28/20 12:22:30.690]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-mp-Scoping%-C.
[07/28/20 12:22:30.691]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:30.691]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
[07/28/20 12:22:30.692]:Bi-directional eDirectory ST: (if-src-dn in-subtree "mycompany\Users\External") = TRUE.
[07/28/20 12:22:30.693]:Bi-directional eDirectory ST: Rule selected.
[07/28/20 12:22:30.694]:Bi-directional eDirectory ST: Applying rule 'remember relative position in hierarchy'.
[07/28/20 12:22:30.707]:Bi-directional eDirectory ST: Action: do-set-op-property("unmatched-src-dn",token-unmatched-src-dn(convert="true")).
[07/28/20 12:22:30.708]:Bi-directional eDirectory ST: arg-string(token-unmatched-src-dn(convert="true"))
[07/28/20 12:22:30.709]:Bi-directional eDirectory ST: token-unmatched-src-dn(convert="true")
[07/28/20 12:22:30.710]:Bi-directional eDirectory ST: Token Value: "CN=tcsr01".
[07/28/20 12:22:30.711]:Bi-directional eDirectory ST: Arg Value: "CN=tcsr01".
[07/28/20 12:22:30.711]:Bi-directional eDirectory ST: Action: do-set-op-property("attempt-to-match","true").
[07/28/20 12:22:30.712]:Bi-directional eDirectory ST: arg-string("true")
[07/28/20 12:22:30.713]:Bi-directional eDirectory ST: token-text("true")
[07/28/20 12:22:30.713]:Bi-directional eDirectory ST: Arg Value: "true".
[07/28/20 12:22:30.714]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:30.714]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:30.732]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-mp%-C.
[07/28/20 12:22:30.732]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:30.733]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'veto out-of-scope events'.
[07/28/20 12:22:30.734]:Bi-directional eDirectory ST: (if-op-property 'attempt-to-match' not-available) = FALSE.
[07/28/20 12:22:30.735]:Bi-directional eDirectory ST: (if-op-property 'attempt-to-match' equal "false") = FALSE.
[07/28/20 12:22:30.736]:Bi-directional eDirectory ST: Rule rejected.
[07/28/20 12:22:30.737]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'match everything else'.
[07/28/20 12:22:30.738]:Bi-directional eDirectory ST: (if-class-name equal "User") = TRUE.
[07/28/20 12:22:30.738]:Bi-directional eDirectory ST: (if-global-variable 'drv.subPlacementType' equal "mirrored") = TRUE.
[07/28/20 12:22:30.739]:Bi-directional eDirectory ST: Rule selected.
[07/28/20 12:22:30.740]:Bi-directional eDirectory ST: Applying rule 'match everything else'.
[07/28/20 12:22:30.740]:Bi-directional eDirectory ST: Action: do-find-matching-object(scope="entry",arg-dn(token-global-variable("nam.edir.csr.users")+"\"+token-src-name())).
[07/28/20 12:22:30.742]:Bi-directional eDirectory ST: arg-dn(token-global-variable("nam.edir.csr.users")+"\"+token-src-name())
[07/28/20 12:22:30.743]:Bi-directional eDirectory ST: token-global-variable("nam.edir.csr.users")
[07/28/20 12:22:30.743]:Bi-directional eDirectory ST: Token Value: "mycompany\CSRPartnerPortal\people".
[07/28/20 12:22:30.744]:Bi-directional eDirectory ST: token-text("\")
[07/28/20 12:22:30.745]:Bi-directional eDirectory ST: token-src-name()
[07/28/20 12:22:30.745]:Bi-directional eDirectory ST: Token Value: "tcsr01".
[07/28/20 12:22:30.746]:Bi-directional eDirectory ST: Arg Value: "mycompany\CSRPartnerPortal\people\tcsr01".
[07/28/20 12:22:30.758]:Bi-directional eDirectory ST: Query from policy
[07/28/20 12:22:30.759]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="mycompany\CSRPartnerPortal\people\tcsr01" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
[07/28/20 12:22:30.768]:Bi-directional eDirectory ST: Fixing up association references.
[07/28/20 12:22:30.769]:Bi-directional eDirectory ST: Applying schema mapping policies to output.
[07/28/20 12:22:30.770]:Bi-directional eDirectory ST: Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:30.771]:Bi-directional eDirectory ST: Mapping class-name 'User' to 'User'.
[07/28/20 12:22:30.771]:Bi-directional eDirectory ST: Mapping class-name 'User' to 'User'.
[07/28/20 12:22:30.772]:Bi-directional eDirectory ST: No output transformation policies.
[07/28/20 12:22:30.773]:Bi-directional eDirectory ST: Submitting document to subscriber shim:
[07/28/20 12:22:30.774]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="mycompany\CSRPartnerPortal\people\tcsr01" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
[07/28/20 12:22:30.809]:Bi-directional eDirectory ST: Bi-directional eDirectory: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Matched DN: .
Resetting connection.
[07/28/20 12:22:30.810]:Bi-directional eDirectory ST: SubscriptionShim.execute() returned:
[07/28/20 12:22:30.811]:Bi-directional eDirectory ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20180222_0550" instance="Bi-directional eDirectory" version="4.0.4.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
[07/28/20 12:22:30.814]:Bi-directional eDirectory ST: No input transformation policies.
[07/28/20 12:22:30.815]:Bi-directional eDirectory ST: Applying schema mapping policies to input.
[07/28/20 12:22:30.815]:Bi-directional eDirectory ST: Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:30.816]:Bi-directional eDirectory ST: Resolving association references.
[07/28/20 12:22:30.818]:Bi-directional eDirectory ST: Query from policy result
[07/28/20 12:22:30.819]:Bi-directional eDirectory ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20180222_0550" instance="Bi-directional eDirectory" version="4.0.4.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
[07/28/20 12:22:30.821]:Bi-directional eDirectory ST: No matches found.
[07/28/20 12:22:30.822]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:30.822]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:30.852]:Bi-directional eDirectory ST:No match found.
[07/28/20 12:22:30.852]:Bi-directional eDirectory ST:Applying object creation policies.
[07/28/20 12:22:30.853]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-cp%-C.
[07/28/20 12:22:30.875]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:30.876]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:30.876]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:30.887]:Bi-directional eDirectory ST:Applying object placement policies.
[07/28/20 12:22:30.888]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-pp%-C.
[07/28/20 12:22:30.889]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:30.890]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Store the target container'.
[07/28/20 12:22:30.890]:Bi-directional eDirectory ST: (if-global-variable 'drv.edir.base.container' not-equal "") = TRUE.
[07/28/20 12:22:30.892]:Bi-directional eDirectory ST: Rule selected.
[07/28/20 12:22:30.893]:Bi-directional eDirectory ST: Applying rule 'Store the target container'.
[07/28/20 12:22:30.894]:Bi-directional eDirectory ST: Action: do-set-local-variable("edirBaseContainer",","+token-global-variable("drv.edir.base.container")).
[07/28/20 12:22:30.895]:Bi-directional eDirectory ST: arg-string(","+token-global-variable("drv.edir.base.container"))
[07/28/20 12:22:30.896]:Bi-directional eDirectory ST: token-text(",")
[07/28/20 12:22:30.897]:Bi-directional eDirectory ST: token-global-variable("drv.edir.base.container")
[07/28/20 12:22:30.898]:Bi-directional eDirectory ST: Token Value: "ou=people,ou=CSRPartnerPortal,o=mycompany".
[07/28/20 12:22:30.899]:Bi-directional eDirectory ST: Arg Value: ",ou=people,ou=CSRPartnerPortal,o=mycompany".
[07/28/20 12:22:30.903]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Placement Rule for 'flat' Configuration'.
[07/28/20 12:22:30.904]:Bi-directional eDirectory ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
[07/28/20 12:22:30.905]:Bi-directional eDirectory ST: Rule rejected.
[07/28/20 12:22:30.906]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Placement Rule for 'mirrored' Configuration'.
[07/28/20 12:22:30.907]:Bi-directional eDirectory ST: (if-global-variable 'drv.subPlacementType' equal "mirrored") = TRUE.
[07/28/20 12:22:30.908]:Bi-directional eDirectory ST: Rule selected.
[07/28/20 12:22:30.908]:Bi-directional eDirectory ST: Applying rule 'Placement Rule for 'mirrored' Configuration'.
[07/28/20 12:22:30.909]:Bi-directional eDirectory ST: Action: do-set-op-dest-dn(arg-dn(token-op-property("unmatched-src-dn")+token-local-variable("edirBaseContainer"))).
[07/28/20 12:22:30.910]:Bi-directional eDirectory ST: arg-dn(token-op-property("unmatched-src-dn")+token-local-variable("edirBaseContainer"))
[07/28/20 12:22:30.911]:Bi-directional eDirectory ST: token-op-property("unmatched-src-dn")
[07/28/20 12:22:30.912]:Bi-directional eDirectory ST: Token Value: "CN=tcsr01".
[07/28/20 12:22:30.913]:Bi-directional eDirectory ST: token-local-variable("edirBaseContainer")
[07/28/20 12:22:30.914]:Bi-directional eDirectory ST: Token Value: ",ou=people,ou=CSRPartnerPortal,o=mycompany".
[07/28/20 12:22:30.915]:Bi-directional eDirectory ST: Arg Value: "CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany".
[07/28/20 12:22:30.916]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:30.916]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" dest-dn="CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:30.928]:Bi-directional eDirectory ST:Submitting add to subscriber shim.
[07/28/20 12:22:30.928]:Bi-directional eDirectory ST:Applying command transformation policies.
[07/28/20 12:22:30.929]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-ctp-TransformLoginExpTime%-C.
[07/28/20 12:22:30.930]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:30.931]:Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Transform changes to loginExpirationTime'.
[07/28/20 12:22:31.002]:Bi-directional eDirectory ST: (if-operation equal "modify") = FALSE.
[07/28/20 12:22:31.002]:Bi-directional eDirectory ST: Rule rejected.
[07/28/20 12:22:31.003]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:31.004]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" dest-dn="CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:31.023]:Bi-directional eDirectory ST:Applying policy: %+C%14Csub-ctp-AddAuxClasses%-C.
[07/28/20 12:22:31.023]:Bi-directional eDirectory ST: Applying to add #1.
[07/28/20 12:22:31.024]:Bi-directional eDirectory ST:Policy returned:
[07/28/20 12:22:31.024]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" dest-dn="CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="Given Name">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="Login Disabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="ADEmailAddress">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:31.033]:Bi-directional eDirectory ST:Filtering out notification-only attributes.
[07/28/20 12:22:31.034]:Bi-directional eDirectory ST:Fixing up association references.
[07/28/20 12:22:31.034]:Bi-directional eDirectory ST:Applying schema mapping policies to output.
[07/28/20 12:22:31.035]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:31.035]:Bi-directional eDirectory ST: Mapping attr-name 'Given Name' to 'givenName'.
[07/28/20 12:22:31.036]:Bi-directional eDirectory ST: Mapping attr-name 'Login Disabled' to 'loginDisabled'.
[07/28/20 12:22:31.037]:Bi-directional eDirectory ST: Mapping attr-name 'CN' to 'cn'.
[07/28/20 12:22:31.037]:Bi-directional eDirectory ST: Mapping attr-name 'ADEmailAddress' to 'mail'.
[07/28/20 12:22:31.038]:Bi-directional eDirectory ST: Mapping attr-name 'Surname' to 'sn'.
[07/28/20 12:22:31.038]:Bi-directional eDirectory ST: Mapping class-name 'User' to 'User'.
[07/28/20 12:22:31.039]:Bi-directional eDirectory ST:No output transformation policies.
[07/28/20 12:22:31.039]:Bi-directional eDirectory ST:Submitting document to subscriber shim:
[07/28/20 12:22:31.040]:Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20200728162230.615Z" class-name="User" dest-dn="CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany" event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" qualified-src-dn="O=mycompany\OU=Users\OU=External\CN=tcsr01" src-dn="\MYLDAP\mycompany\Users\External\tcsr01" src-entry-id="72158" timestamp="1595953350#34">
<add-attr attr-name="givenName">
<value timestamp="1595953350#4" type="string">Test</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1595953350#10" type="string">CSR</value>
</add-attr>
<add-attr attr-name="loginDisabled">
<value timestamp="1595953350#7" type="state">false</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1595953350#34" type="octet">Di8pEVTiQkGqlQ4vKRFU4g==</value>
</add-attr>
<add-attr attr-name="cn">
<value timestamp="1595953350#33" type="string">tcsr01</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1595953350#6" type="string">**PERSONAL INFORMATION REMOVED**</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1595953350#5" type="string">CSR01</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</add>
</input>
</nds>
[07/28/20 12:22:31.050]:Bi-directional eDirectory ST:Stripping operation data from input document
[07/28/20 12:22:31.050]:Bi-directional eDirectory ST:Bi-directional eDirectory: EDIRSub.performAddOperation() Calling getAllSups(User)
[07/28/20 12:22:31.052]:Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Add:
dn: CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany
employeeType: CSR
mail: **PERSONAL INFORMATION REMOVED**
GUID: /)T�BA��/)T�
loginDisabled: false
cn: tcsr01
sn: CSR01
givenName: Test

[07/28/20 12:22:31.073]:Bi-directional eDirectory ST:Bi-directional eDirectory: OpenLDAPConnection - Connect to the server
[07/28/20 12:22:31.079]:Bi-directional eDirectory ST:Bi-directional eDirectory: Opening SSL connection
[07/28/20 12:22:31.142]:Bi-directional eDirectory ST:Bi-directional eDirectory: Host name: 172.19.55.2
[07/28/20 12:22:31.143]:Bi-directional eDirectory ST:Bi-directional eDirectory: Port: 636
[07/28/20 12:22:31.143]:Bi-directional eDirectory ST:Bi-directional eDirectory: DN: cn=admin,ou=sa,ou=services,o=mycompany
[07/28/20 12:22:31.144]:Bi-directional eDirectory ST:Bi-directional eDirectory: Protocol version=3
[07/28/20 12:22:31.144]:Bi-directional eDirectory ST:Bi-directional eDirectory: SDK version=4.6
[07/28/20 12:22:31.147]:Bi-directional eDirectory ST:Bi-directional eDirectory: LDAPInterface.doLDAPAdd() Error: LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: NDS error: no access (-672)
LDAPException: Matched DN: CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany

[07/28/20 12:22:31.149]:Bi-directional eDirectory ST:Restoring operation data to output document
[07/28/20 12:22:31.149]:Bi-directional eDirectory ST:SubscriptionShim.execute() returned:
[07/28/20 12:22:31.150]:Bi-directional eDirectory ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20180222_0550" instance="Bi-directional eDirectory" version="4.0.4.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="CSR User Migration CSV Driver#Publisher#0:bec91d5e-2e5e-406a-9789-01496cc5d437" level="error">LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: NDS error: no access (-672)
LDAPException: Matched DN: CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany
<operation-data attempt-to-match="true" unmatched-src-dn="CN=tcsr01"/>
</status>
</output>
</nds>
[07/28/20 12:22:31.154]:Bi-directional eDirectory ST:No input transformation policies.
[07/28/20 12:22:31.155]:Bi-directional eDirectory ST:Applying schema mapping policies to input.
[07/28/20 12:22:31.155]:Bi-directional eDirectory ST:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:31.156]:Bi-directional eDirectory ST:Resolving association references.
[07/28/20 12:22:31.157]:Bi-directional eDirectory ST:Processing returned document.
[07/28/20 12:22:31.157]:Bi-directional eDirectory ST:Processing operation <status> for .
[07/28/20 12:22:31.158]:Bi-directional eDirectory ST:
DirXML Log Event -------------------
Driver: \MYLDAP\mycompany\services\idm\Driver set\Bi-directional eDirectory
Channel: Subscriber
Object: \MYLDAP\mycompany\Users\External\tcsr01
Status: Error
Message: LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: NDS error: no access (-672)
LDAPException: Matched DN: CN=tcsr01,ou=people,ou=CSRPartnerPortal,o=mycompany

[07/28/20 12:22:31.161]:Bi-directional eDirectory ST:End transaction.
[07/28/20 12:22:37.517]:Bi-directional eDirectory PT:Bi-directional eDirectory: EdirPublisher - Initiating agent registration...
[07/28/20 12:22:37.520]:Bi-directional eDirectory PT:Bi-directional eDirectory: LDAPInterface.registerDriverInstance() : Exception occured while registration - Protocol Error
[07/28/20 12:22:37.522]:Bi-directional eDirectory PT:Bi-directional eDirectory: Cannot establish ldap connection to remote eDir yet ... waiting for 30 sec.
[07/28/20 12:22:37.524]:Bi-directional eDirectory PT:Receiving DOM document from application.
[07/28/20 12:22:37.525]:Bi-directional eDirectory PT:
<nds dtdversion="4.0">
<source>
<product build="20180222_0550" instance="Bi-directional eDirectory" version="4.0.4.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="success" type="heartbeat"/>
</input>
</nds>
[07/28/20 12:22:37.527]:Bi-directional eDirectory PT:No input transformation policies.
[07/28/20 12:22:37.528]:Bi-directional eDirectory PT:Applying schema mapping policies to input.
[07/28/20 12:22:37.529]:Bi-directional eDirectory PT:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:37.529]:Bi-directional eDirectory PT:Resolving association references.
[07/28/20 12:22:37.530]:Bi-directional eDirectory PT:No event transformation policies.
[07/28/20 12:22:37.531]:Bi-directional eDirectory PT:Applying publisher filter.
[07/28/20 12:22:37.532]:Bi-directional eDirectory PT:Publisher processing status for .
[07/28/20 12:22:37.532]:Bi-directional eDirectory PT:Applying command transformation policies.
[07/28/20 12:22:37.533]:Bi-directional eDirectory PT:Applying policy: %+C%14CNOVLEDIR2DFC-pub-ctp-MoveToBaseContainer%-C.
[07/28/20 12:22:37.534]:Bi-directional eDirectory PT: Applying to status #1.
[07/28/20 12:22:37.535]:Bi-directional eDirectory PT: Evaluating selection criteria for rule 'Change destination parent container as IDV user container'.
[07/28/20 12:22:37.536]:Bi-directional eDirectory PT: (if-operation equal "move") = FALSE.
[07/28/20 12:22:37.537]:Bi-directional eDirectory PT: Rule rejected.
[07/28/20 12:22:37.537]:Bi-directional eDirectory PT:Policy returned:
[07/28/20 12:22:37.538]:Bi-directional eDirectory PT:
<nds dtdversion="4.0">
<source>
<product build="20180222_0550" instance="Bi-directional eDirectory" version="4.0.4.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<status level="success" type="heartbeat"/>
</input>
</nds>
[07/28/20 12:22:37.540]:Bi-directional eDirectory PT:Filtering out notification-only attributes.
[07/28/20 12:22:37.541]:Bi-directional eDirectory PT:Pumping XDS to eDirectory.
[07/28/20 12:22:37.542]:Bi-directional eDirectory PT:Performing operation status for .
[07/28/20 12:22:37.543]:Bi-directional eDirectory PT:
DirXML Log Event -------------------
Driver: \MYLDAP\mycompany\services\idm\Driver set\Bi-directional eDirectory
Channel: Publisher
Status: Success
[07/28/20 12:22:37.544]:Bi-directional eDirectory PT:Fixing up association references.
[07/28/20 12:22:37.545]:Bi-directional eDirectory PT:Applying schema mapping policies to output.
[07/28/20 12:22:37.546]:Bi-directional eDirectory PT:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[07/28/20 12:22:37.546]:Bi-directional eDirectory PT:No output transformation policies.
[07/28/20 12:22:37.547]:Bi-directional eDirectory PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.7.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>

We are using IDM 4.7.3 and eDirectory 9.1.4, both IDM server have same version of IDM Engine and eDirectory.

Labels (2)
9 Replies
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Does the remote eDir server you are connecting to, have IDM installed?  (If so, I do not think the changelog will work, since it cannot co-exist with IDM, ssince cl_dxevent module is really dxevent of IDM pulled out to use as changelog).

I would watch ndstrce +ldap on the remote eDir server and see what the real error is that is being thrown.

Highlighted
Captain
Captain

Thanks for the reply.

Yes, we have IDM installed on both eDir Server.

Now I changed my eDirectory Base Container value inside the Driver Parameters Publisher channel to "ou=people,ou=CSRPartnerPortalTest,o=mycompany" and run the scenario again.

Captured the below logs in ndstrace.log file of emote eDir server

[2020/07/28 16:23:13.391] Cannot resolve NDS name 'uniqueID=tcsr01.OU=people.OU=CSRPartnerPortalTest.O=mycompany' in ResolveAndAuthNDSName, err = no such entry (-601)
[2020/07/28 16:23:13.391] Base "uid=tcsr01,ou=people,ou=CSRPartnerPortalTest,o=mycompany" not found, err = no such entry (-601)
[2020/07/28 16:23:13.434] Cannot resolve NDS name 'CN=tcsr01.OU=people.OU=CSRPartnerPortalTest.O=mycompany' in ResolveAndAuthNDSName, err = no such entry (-601)
[2020/07/28 16:23:13.435] Base "cn=tcsr01,ou=people,ou=CSRPartnerPortalTest,o=mycompany" not found, err = no such entry (-601)

0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

First off, we need to see much more trace than that...  Perhaps attach it as a file.

so first line, has periods and not commas, which i sodd.  So 601 makes sense.

Base DN error is interesting as missing is odd.

 

0 Likes
Highlighted
Captain
Captain

I have take a fresh Driver and configured it and now I am getting below error as per my understanding my Authentication DN and password is correct that's why I can able to restart driver without any error.

novell.jclient.JCException: authenticate -669 ERR_FAILED_AUTHENTICATION

For ndstrace log, I followed the steps, mentioned in below URL

https://support.microfocus.com/kb/doc.php?id=7007106

I have attached the log files of driver and ndstrace, please review it and help me to resolve this.

Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Try again please... Include the driver startup to an event in the log.

0 Likes
Highlighted
Captain
Captain

I have attached updated logs with Driver start events. Please review it.

0 Likes
Highlighted
Captain
Captain

From the logging the object cannot be found and the driver cannot do the required extention for proper operation. Please review your connection details and check using an ldap browser for your objects.

Best regards
Michiel Los
Highlighted
Captain
Captain

I have one update here, User is successfully created in remote eDirectory but I am getting the below error in log.

novell.jclient.JCException: authenticate -669 ERR_FAILED_AUTHENTICATION

Logs are attached.

Highlighted
Cadet 1st Class
Cadet 1st Class

Looks like the authentication failed when trying to create home directories. The user was created successfully before the home directory creation action. Are you using that?
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.