vkhoury
New Member.
1990 views

Code(-9010) An exception occurred: novell.jclient.JCExcepti

I'm using IDM 4.5. I have a database with a table named 'hr_pers' where 'manager' is an attribute with a constraint of foreign key. Since one of users can be a manager.
I was trying to sync this attribute to AD. I realized that the attribute is referencing a DN (IDVAULT-TREE\users\data\Name). I added an attribute to the vault names 'mngrid' (dsingle valued and of type DN).
The attribute is added to the filter and to schema mapping.
But while mapping i have the following error:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Filtering out notification-only attributes.
[09/03/18 14:29:54.888]:trace1 PT:Pumping XDS to eDirectory.
[09/03/18 14:29:54.888]:trace1 PT:Performing operation modify for data\users\VKhoury.
[09/03/18 14:29:54.888]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating : context = 1353318507, tempContext = 1353318509
[09/03/18 14:29:54.888]:trace1 PT:Modifying entry data\users\VKhoury.
[09/03/18 14:29:54.888]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on tempContext = 1353318509
[09/03/18 14:29:54.888]:trace1 PT:
DirXML Log Event -------------------
Driver: \IDVAULT-TREE\system\driverset1\PostgreSQL
Channel: Publisher
Object: ID=4,table=HR_PERS (data\users\VKhoury)
Status: Error
Message: Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE
[09/03/18 14:29:54.888]:trace1 PT:Fixing up association references.
[09/03/18 14:29:54.888]:trace1 PT:Applying schema mapping policies to output.
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPGSDISYN-smp%-C.
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLJDBCDACL-smp%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
I don't know what type of attribute to use in this case.
Labels (1)
0 Likes
16 Replies
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

The attribute type is probably fine but the error means you have likely
not extended this particular user to be able to use this new attribute.
Did you add it to an auxiliary class (hopefully) or maybe even the User
class (please no)? If neither of those, then while the attribute exists
in schema it is not available to ANY class of object, which also explains
your problem.

Normally you should create a new attribute (if necessary; why not use the
'manager' attribute that is available to the User class already in
eDirectory), add it to an auxiliary class as an optional attribute, and
then when you want that attribute to be on a user you add that auxiliary
object class to the object and the attribute is now available. This
basically lets you bolt any attributes to any objects as needed in a very
flexible way.

Since you did not mention doing it, I presume you did not create an
auxiliary class which is the problem. If you did, then show us the full
trace of the event leading to what you show below. The IDM engine will
auto-add the auxiliary classes needed for a new attribute on the fly, but
only if you add it early enough in the channel (prior to the Publisher
Command Transformation Policyset (CTP)). I presume that was the case
here, but without the full trace I cannot tell. If correct, simply create
an auxiliary class with the attribute as an optional attribute and then
try again.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
vkhoury
New Member.

Re: Code(-9010) An exception occurred: novell.jclient.JCExce

The attribute is added to an auxiliary table named 'IDVAULT'.
I created an attribute because the existing one is multivalued.
The trace file is as follows:
[09/03/18 14:29:54.857]:trace1 PT:Applying policy: %+C%14CSchema+map%-C.
[09/03/18 14:29:54.857]:trace1 PT: Mapping class-name 'hr_pers' to 'User'.
[09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'midname' to 'Initials'.
[09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'midname' to 'Initials'.
[09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'firstname' to 'Given Name'.
[09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'firstname' to 'Given Name'.
[09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'manager' to 'mngrid'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'manager' to 'mngrid'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'jobtitle' to 'JobTitle'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'jobtitle' to 'JobTitle'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'id' to 'workforceID'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'id' to 'workforceID'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'status' to 'Status'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'status' to 'Status'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'department' to 'Department'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'department' to 'Department'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'telephonenumber' to 'Telephone Number'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'telephonenumber' to 'Telephone Number'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'lastname' to 'Surname'.
[09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'lastname' to 'Surname'.
[09/03/18 14:29:54.872]:trace1 PT:Resolving association references.
[09/03/18 14:29:54.872]:trace1 PT:No event transformation policies.
[09/03/18 14:29:54.872]:trace1 PT:Applying publisher filter.
[09/03/18 14:29:54.872]:trace1 PT:Publisher processing modify for ID=4,table=HR_PERS.
[09/03/18 14:29:54.872]:trace1 PT:Reading relevant attributes from data\users\VKhoury.
[09/03/18 14:29:54.872]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" scope="entry">
<read-attr attr-name="Department"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="JobTitle"/>
<read-attr attr-name="mngrid"/>
<read-attr attr-name="Status"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="workforceID"/>
<read-attr attr-name="Object Class"/>
</query>
</input>
</nds>
[09/03/18 14:29:54.872]:trace1 PT:Pumping XDS to eDirectory.
[09/03/18 14:29:54.872]:trace1 PT:Performing operation query for data\users\VKhoury.
[09/03/18 14:29:54.872]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating : context = 1353318507, tempContext = 1353318509
[09/03/18 14:29:54.872]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on tempContext = 1353318509
[09/03/18 14:29:54.872]:trace1 PT:Read result:
[09/03/18 14:29:54.872]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" event-id="0" qualified-src-dn="O=data\OU=users\CN=VKhoury" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34053">
<association state="associated">ID=4,table=HR_PERS</association>
<attr attr-name="Department">
<value timestamp="1535699431#8" type="string">eng</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1535699431#4" type="string">Vanessa</value>
</attr>
<attr attr-name="Initials">
<value timestamp="1535699431#3" type="string">Farid</value>
</attr>
<attr attr-name="JobTitle">
<value timestamp="1535701249#2" type="string">manager</value>
</attr>
<attr attr-name="Status">
<value timestamp="1535699431#7" type="int">0</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1535699431#10" type="string">Khoury</value>
</attr>
<attr attr-name="Telephone Number">
<value timestamp="1535699431#9" type="teleNumber">70771865</value>
</attr>
<attr attr-name="workforceID">
<value timestamp="1535699431#6" type="string">4</value>
</attr>
<attr attr-name="Object Class">
<value timestamp="1535699431#15" type="string">User</value>
<value timestamp="1535699431#16" type="string">IDVault</value>
<value timestamp="1535699431#17" type="string">Organizational Person</value>
<value timestamp="1535699431#18" type="string">Person</value>
<value timestamp="1535699431#19" type="string">ndsLoginProperties</value>
<value timestamp="1535699431#20" type="string">Top</value>
<value timestamp="1535699444#6" type="string">DirXML-ApplicationAttrs</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
[09/03/18 14:29:54.872]:trace1 PT:Found non-class attribute mngrid.
[09/03/18 14:29:54.872]:trace1 PT:Optimize Modify returned:
[09/03/18 14:29:54.872]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.872]:trace1 PT:Applying command transformation policies.
[09/03/18 14:29:54.872]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/03/18 14:29:54.872]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.872]:trace1 PT:Policy returned:
[09/03/18 14:29:54.872]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.872]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
[09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for rule 'On User add, provide the default password if no password exists'.
[09/03/18 14:29:54.872]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.872]:trace1 PT:Policy returned:
[09/03/18 14:29:54.872]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.872]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[09/03/18 14:29:54.872]:trace1 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[09/03/18 14:29:54.872]:trace1 PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[09/03/18 14:29:54.888]:trace1 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[09/03/18 14:29:54.888]:trace1 PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify-password") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify-password") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify") = TRUE.
[09/03/18 14:29:54.888]:trace1 PT: (if-xpath true "modify-attr[@attr-name='nspmDistributionPassword']") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify-password") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify") = TRUE.
[09/03/18 14:29:54.888]:trace1 PT: (if-xpath true "modify-attr[@attr-name='nspmDistributionPassword']") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20141001_0706" instance="PostgreSQL" version="4.0.0.2">DirXML Driver for JDBC</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="data\users\VKhoury" dest-entry-id="34053" event-id="ID=4,table=HR_PERS" src-dn="ID=4,table=HR_PERS">
<association>ID=4,table=HR_PERS</association>
<modify-attr attr-name="mngrid">
<remove-all-values/>
<add-value>
<value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Filtering out notification-only attributes.
[09/03/18 14:29:54.888]:trace1 PT:Pumping XDS to eDirectory.
[09/03/18 14:29:54.888]:trace1 PT:Performing operation modify for data\users\VKhoury.
[09/03/18 14:29:54.888]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating : context = 1353318507, tempContext = 1353318509
[09/03/18 14:29:54.888]:trace1 PT:Modifying entry data\users\VKhoury.
[09/03/18 14:29:54.888]:trace1 PT:--JCLNT-- \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on tempContext = 1353318509
[09/03/18 14:29:54.888]:trace1 PT:
DirXML Log Event -------------------
Driver: \IDVAULT-TREE\system\driverset1\PostgreSQL
Channel: Publisher
Object: ID=4,table=HR_PERS (data\users\VKhoury)
Status: Error
Message: Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE
[09/03/18 14:29:54.888]:trace1 PT:Fixing up association references.
[09/03/18 14:29:54.888]:trace1 PT:Applying schema mapping policies to output.
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPGSDISYN-smp%-C.
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLJDBCDACL-smp%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CSchema+map%-C.
[09/03/18 14:29:54.888]:trace1 PT:Applying output transformation policies.
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLJDBCDACL-itp-StripReadAttr%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'Strip Description Attribute'.
[09/03/18 14:29:54.888]:trace1 PT: (if-class-name match "indirect.grp|direct.view_grp") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/03/18 14:29:54.888]:trace1 PT:Applying policy: %+C%14CNOVLPGSDISYN-otp-ReformatFax%-C.
[09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
[09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for rule 'User: Reformat fax number as string'.
[09/03/18 14:29:54.888]:trace1 PT: (if-class-name equal "direct.view_usr") = FALSE.
[09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.888]:trace1 PT:Policy returned:
[09/03/18 14:29:54.888]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/03/18 14:29:54.904]:trace1 PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[09/03/18 14:29:54.904]:trace1 PT: Applying to status #1.
[09/03/18 14:29:54.904]:trace1 PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[09/03/18 14:29:54.904]:trace1 PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
[09/03/18 14:29:54.904]:trace1 PT: (if-operation equal "status") = TRUE.
[09/03/18 14:29:54.904]:trace1 PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
[09/03/18 14:29:54.904]:trace1 PT: Rule rejected.
[09/03/18 14:29:54.904]:trace1 PT:Policy returned:
[09/03/18 14:29:54.904]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[09/03/18 14:29:54.904]:trace1 PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An exception occurred: novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
<module>PostgreSQL</module>
<object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
<component>Publisher</component>
</status>
</output>
0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

On 9/3/2018 8:34 AM, vkhoury wrote:
>
> The attribute is added to an auxiliary table named 'IDVAULT'.
> I created an attribute because the existing one is multivalued.


I think you are missing Aaron's point.

In eDirectory, attributes can exist, floating in the ether. You cannot
use them (instantiate them) until they are defined as part of a class.
Aux class is the best choice for your use case.

You are talking about mapping it. Aaron is talking about the eDir
schema itself.



> The trace file is as follows:
> [09/03/18 14:29:54.857]:trace1 PT:Applying policy:
> %+C%14CSchema+map%-C.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping class-name 'hr_pers' to
> 'User'.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'midname' to
> 'Initials'.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'midname' to
> 'Initials'.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'firstname' to
> 'Given Name'.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'firstname' to
> 'Given Name'.
> [09/03/18 14:29:54.857]:trace1 PT: Mapping attr-name 'manager' to
> 'mngrid'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'manager' to
> 'mngrid'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'jobtitle' to
> 'JobTitle'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'jobtitle' to
> 'JobTitle'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'id' to
> 'workforceID'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'id' to
> 'workforceID'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'status' to
> 'Status'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'status' to
> 'Status'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'department' to
> 'Department'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'department' to
> 'Department'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'telephonenumber'
> to 'Telephone Number'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'telephonenumber'
> to 'Telephone Number'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'lastname' to
> 'Surname'.
> [09/03/18 14:29:54.872]:trace1 PT: Mapping attr-name 'lastname' to
> 'Surname'.
> [09/03/18 14:29:54.872]:trace1 PT:Resolving association references.
> [09/03/18 14:29:54.872]:trace1 PT:No event transformation policies.
> [09/03/18 14:29:54.872]:trace1 PT:Applying publisher filter.
> [09/03/18 14:29:54.872]:trace1 PT:Publisher processing modify for
> ID=4,table=HR_PERS.
> [09/03/18 14:29:54.872]:trace1 PT:Reading relevant attributes from
> data\users\VKhoury.
> [09/03/18 14:29:54.872]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <query class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" scope="entry">
> <read-attr attr-name="Department"/>
> <read-attr attr-name="Given Name"/>
> <read-attr attr-name="Initials"/>
> <read-attr attr-name="JobTitle"/>
> <read-attr attr-name="mngrid"/>
> <read-attr attr-name="Status"/>
> <read-attr attr-name="Surname"/>
> <read-attr attr-name="Telephone Number"/>
> <read-attr attr-name="workforceID"/>
> <read-attr attr-name="Object Class"/>
> </query>
> </input>
> </nds>
> [09/03/18 14:29:54.872]:trace1 PT:Pumping XDS to eDirectory.
> [09/03/18 14:29:54.872]:trace1 PT:Performing operation query for
> data\users\VKhoury.
> [09/03/18 14:29:54.872]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating :
> context = 1353318507, tempContext = 1353318509
> [09/03/18 14:29:54.872]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on
> tempContext = 1353318509
> [09/03/18 14:29:54.872]:trace1 PT:Read result:
> [09/03/18 14:29:54.872]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <instance class-name="User" event-id="0"
> qualified-src-dn="O=data\OU=users\CN=VKhoury"
> src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34053">
> <association state="associated">ID=4,table=HR_PERS</association>
> <attr attr-name="Department">
> <value timestamp="1535699431#8" type="string">eng</value>
> </attr>
> <attr attr-name="Given Name">
> <value timestamp="1535699431#4" type="string">Vanessa</value>
> </attr>
> <attr attr-name="Initials">
> <value timestamp="1535699431#3" type="string">Farid</value>
> </attr>
> <attr attr-name="JobTitle">
> <value timestamp="1535701249#2" type="string">manager</value>
> </attr>
> <attr attr-name="Status">
> <value timestamp="1535699431#7" type="int">0</value>
> </attr>
> <attr attr-name="Surname">
> <value timestamp="1535699431#10" type="string">Khoury</value>
> </attr>
> <attr attr-name="Telephone Number">
> <value timestamp="1535699431#9"
> type="teleNumber">70771865</value>
> </attr>
> <attr attr-name="workforceID">
> <value timestamp="1535699431#6" type="string">4</value>
> </attr>
> <attr attr-name="Object Class">
> <value timestamp="1535699431#15" type="string">User</value>
> <value timestamp="1535699431#16" type="string">IDVault</value>
> <value timestamp="1535699431#17" type="string">Organizational
> Person</value>
> <value timestamp="1535699431#18" type="string">Person</value>
> <value timestamp="1535699431#19"
> type="string">ndsLoginProperties</value>
> <value timestamp="1535699431#20" type="string">Top</value>
> <value timestamp="1535699444#6"
> type="string">DirXML-ApplicationAttrs</value>
> </attr>
> </instance>
> <status event-id="0" level="success"></status>
> </output>
> </nds>
> [09/03/18 14:29:54.872]:trace1 PT:Found non-class attribute mngrid.
> [09/03/18 14:29:54.872]:trace1 PT:Optimize Modify returned:
> [09/03/18 14:29:54.872]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.872]:trace1 PT:Applying command transformation
> policies.
> [09/03/18 14:29:54.872]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
> [09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for
> rule 'On User add, provide the default password if no password exists'.
> [09/03/18 14:29:54.872]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.872]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.872]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.872]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-DefaultPwd%-C.
> [09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for
> rule 'On User add, provide the default password if no password exists'.
> [09/03/18 14:29:54.872]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.872]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.872]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.872]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
> [09/03/18 14:29:54.872]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for
> rule 'Block publishing passwords to the Identity Vault when adding an
> object'.
> [09/03/18 14:29:54.872]:trace1 PT: (if-global-variable
> 'enable-password-publish' equal "false") = FALSE.
> [09/03/18 14:29:54.872]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.872]:trace1 PT: Evaluating selection criteria for
> rule 'Block sending modify-password changes to the Identity Vault'.
> [09/03/18 14:29:54.872]:trace1 PT: (if-global-variable
> 'enable-password-publish' equal "false") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Add nspmDistributionAttribute attribute to add operation'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-global-variable
> 'publish-password-to-dp' equal "true") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Change modify-password operations to a modify'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-global-variable
> 'publish-password-to-dp' equal "true") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Block publishing passwords to eDirectory password'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Block sending modify-password changes to the eDirectory
> password'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal
> "modify-password") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to modify #1.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Add operation-data element to password operations'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal
> "modify-password") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify") =
> TRUE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-xpath true
> "modify-attr[@attr-name='nspmDistributionPassword']") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Add payload data to password operations'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "add") =
> FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal
> "modify-password") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-operation equal "modify") =
> TRUE.
> [09/03/18 14:29:54.888]:trace1 PT: (if-xpath true
> "modify-attr[@attr-name='nspmDistributionPassword']") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Filtering out notification-only
> attributes.
> [09/03/18 14:29:54.888]:trace1 PT:Pumping XDS to eDirectory.
> [09/03/18 14:29:54.888]:trace1 PT:Performing operation modify for
> data\users\VKhoury.
> [09/03/18 14:29:54.888]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating :
> context = 1353318507, tempContext = 1353318509
> [09/03/18 14:29:54.888]:trace1 PT:Modifying entry data\users\VKhoury.
> [09/03/18 14:29:54.888]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on
> tempContext = 1353318509
> [09/03/18 14:29:54.888]:trace1 PT:
> DirXML Log Event -------------------
> Driver: \IDVAULT-TREE\system\driverset1\PostgreSQL
> Channel: Publisher
> Object: ID=4,table=HR_PERS (data\users\VKhoury)
> Status: Error
> Message: Code(-9010) An exception occurred:
> novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE
> [09/03/18 14:29:54.888]:trace1 PT:Fixing up association references.
> [09/03/18 14:29:54.888]:trace1 PT:Applying schema mapping policies to
> output.
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPGSDISYN-smp%-C.
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLJDBCDACL-smp%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CSchema+map%-C.
> [09/03/18 14:29:54.888]:trace1 PT:Applying output transformation
> policies.
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLJDBCDACL-itp-StripReadAttr%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'Strip Description Attribute'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-class-name match
> "indirect.grp|direct.view_grp") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPGSDISYN-otp-ReformatFax%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
> [09/03/18 14:29:54.888]:trace1 PT: Evaluating selection criteria for
> rule 'User: Reformat fax number as string'.
> [09/03/18 14:29:54.888]:trace1 PT: (if-class-name equal
> "direct.view_usr") = FALSE.
> [09/03/18 14:29:54.888]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
> </nds>
> [09/03/18 14:29:54.904]:trace1 PT:Applying policy:
> %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
> [09/03/18 14:29:54.904]:trace1 PT: Applying to status #1.
> [09/03/18 14:29:54.904]:trace1 PT: Evaluating selection criteria for
> rule 'Send e-mail for a failed publish password operation'.
> [09/03/18 14:29:54.904]:trace1 PT: (if-global-variable
> 'notify-user-on-password-dist-failure' equal "true") = TRUE.
> [09/03/18 14:29:54.904]:trace1 PT: (if-operation equal "status") =
> TRUE.
> [09/03/18 14:29:54.904]:trace1 PT: (if-xpath true
> "self::status[@level !=
> 'success']/operation-data/password-publish-status") = FALSE.
> [09/03/18 14:29:54.904]:trace1 PT: Rule rejected.
> [09/03/18 14:29:54.904]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.904]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
> </nds>
> [09/03/18 14:29:54.904]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
>
>


0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

Exactly; ignore IDM and go into eDirectory and try to add this attribute
to an object. Normally you will not be able to do it, and not just
because there is no plugin created explicitly for it, but because it will
not show up under the 'Other' sub-tab (under the 'General' tab I believe)
because it is not allowed on any type of object; after all, this is new,
and until it is allowed to be on a type (class) of object in schema, it is
just a lonely attribute with no purpose.

You could also try this via LDAP. Use Apache Directory Studio and go to
your user object and right-click: Add Attribute. Find your attribute, or
type it in, and you'll probably get an error back from Directory Studio
telling you that it is not allowed, but it'll let you try to continue
anyway. You'll then add a value, maybe in the proper format, but
ultimately eDirectory will then tell Directory Studio that there is an
error (the same as IDM) because the attribute is not allowed.

If you first add the auxiliary class which holds the new attribute to the
objectClass list (Add Value in Directory Studio, or the corresponding
option in iManager) then at that time (or later) you will also be able to
add the new attribute to the user.

With all of that written, I do not see why using a multi-valued attribute
is a bad thing; you are probably only managing it via this JDBC driver
from IDM, right? Seems like it might be a lot easier to use default
schema, work past your issue, and possibly handle cases where you think
multiple values may exist, than extending schema, but at the end of the
day either way can work; it is just (probably) more work to extend schema,
especially where this is not an attribute limited to one driver, so now
you must change the microsoft active directory (MAD) driver configuration
as well, not to mention any others that should act based on the user's
manager.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

On 9/3/2018 7:54 AM, vkhoury wrote:
>
> I'm using IDM 4.5. I have a database with a table named 'hr_pers' where
> 'manager' is an attribute with a constraint of foreign key. Since one of
> users can be a manager.
> I was trying to sync this attribute to AD. I realized that the attribute
> is referencing a DN (IDVAULT-TREE\users\data\Name). I added an attribute
> to the vault names 'mngrid' (dsingle valued and of type DN).
> The attribute is added to the filter and to schema mapping.
> But while mapping i have the following error:
> <nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
> <source>
> <product build="20141001_0706" instance="PostgreSQL"
> version="4.0.0.2">DirXML Driver for JDBC</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify class-name="User" dest-dn="data\users\VKhoury"
> dest-entry-id="34053" event-id="ID=4,table=HR_PERS"
> src-dn="ID=4,table=HR_PERS">
> <association>ID=4,table=HR_PERS</association>
> <modify-attr attr-name="mngrid">
> <remove-all-values/>
> <add-value>
> <value type="dn">\IDVAULT-TREE\data\users\PKhoury</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> [09/03/18 14:29:54.888]:trace1 PT:Filtering out notification-only
> attributes.
> [09/03/18 14:29:54.888]:trace1 PT:Pumping XDS to eDirectory.
> [09/03/18 14:29:54.888]:trace1 PT:Performing operation modify for
> data\users\VKhoury.
> [09/03/18 14:29:54.888]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Duplicating :
> context = 1353318507, tempContext = 1353318509
> [09/03/18 14:29:54.888]:trace1 PT:Modifying entry data\users\VKhoury.
> [09/03/18 14:29:54.888]:trace1 PT:--JCLNT--
> \IDVAULT-TREE\system\driverset1\PostgreSQL - Publisher : Calling free on
> tempContext = 1353318509
> [09/03/18 14:29:54.888]:trace1 PT:
> DirXML Log Event -------------------
> Driver: \IDVAULT-TREE\system\driverset1\PostgreSQL
> Channel: Publisher
> Object: ID=4,table=HR_PERS (data\users\VKhoury)
> Status: Error
> Message: Code(-9010) An exception occurred:
> novell.jclient.JCException: modifyEntry -608 ERR_ILLEGAL_ATTRIBUTE
> [09/03/18 14:29:54.888]:trace1 PT:Fixing up association references.
> [09/03/18 14:29:54.888]:trace1 PT:Applying schema mapping policies to
> output.
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLPGSDISYN-smp%-C.
> [09/03/18 14:29:54.888]:trace1 PT:Applying policy:
> %+C%14CNOVLJDBCDACL-smp%-C.
> [09/03/18 14:29:54.888]:trace1 PT: Applying to status #1.
> [09/03/18 14:29:54.888]:trace1 PT:Policy returned:
> [09/03/18 14:29:54.888]:trace1 PT:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status event-id="ID=4,table=HR_PERS" level="error">Code(-9010) An
> exception occurred: novell.jclient.JCException: modifyEntry -608
> ERR_ILLEGAL_ATTRIBUTE<application>DirXML</application>
> <module>PostgreSQL</module>
> <object-dn>ID=4,table=HR_PERS (data\users\VKhoury)</object-dn>
> <component>Publisher</component>
> </status>
> </output>
> </nds>
> I don't know what type of attribute to use in this case.


So several issues here I suspect.

1) 609 illegal attribute makes me think you made the attribute but maybe
did not add it to any Aux classes?

2) You want to store a manager DN in the vault. From AD? Why?

If you have an attr node with @type='dn' then the engine will try to
convert that DN as needed to an associated object.

So lets talk Pub channel. Manager changes in AD. The Manager in AD is a
DN and it comes in as LDAP format. Clearly that is not correct and it is
the LDAP DN for the AD structure, which makes no sense for eDir of the IDV.

So the engine looks at the DN's association value (comes in as
@association-ref="Some GUID value") and sees if any eDir users have a
DirXML-Association with that value and if so, uses the associated
objects eDir DN. I.e. It converted it successfully.

If it cannot find an associated object, it drops the attribute.

So if the AD manager is in the IDV and associated, the engine should
just magically handle it.

This is also a downside of a DN syntax attribute, since the engine
always tries to convert and drops if it fails, so you cannot send a DN
through to a string attribute, since the engine will try to convert it.


0 Likes
vkhoury
New Member.

Re: Code(-9010) An exception occurred: novell.jclient.JCExce



So several issues here I suspect.

1) 609 illegal attribute makes me think you made the attribute but maybe
did not add it to any Aux classes?

2) You want to store a manager DN in the vault. From AD? Why?



1) I made sure the attribute 'mngrid' is added to the auxiliary table 'IDVAULT'. So i don't think this is the issue.
2) I'm not trying to store a manager DN from AD but from PostgreSQL database to the vault. i'M planning later on to use this Dn in order to write the correct 'Objectsid'
in AD. But for now i'm trying to map the manager dn to the vault. Regarding the issue of association, i think the issue is that no association is being found.
However, I don't get it why since the Dn is as follows : \IDVAULT-Tree\users\data\ManagerName
0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

On 09/04/2018 01:04 AM, vkhoury wrote:
>
>> So several issues here I suspect.
>>
>> 1) 609 illegal attribute makes me think you made the attribute but
>> maybe
>> did not add it to any Aux classes?
>>
>> 2) You want to store a manager DN in the vault. From AD? Why?
>>
>>

>
> 1) I made sure the attribute 'mngrid' is added to the auxiliary table
> 'IDVAULT'. So i don't think this is the issue.


The mapping table is not the issue; the issue, as the error you previously
reported shows, is that you have not done something properly w within
eDirectory around schema.

If you have not created an auxiliary class, then that is the problem. If
you have created that auxiliary class and linked the new attribute to it
as an optional attribute, then you should try adding it to the user.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
vkhoury
New Member.

Re: Code(-9010) An exception occurred: novell.jclient.JCExce

why? You mean i have to try adding it to user instead of an auxiliary class?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

On 09/04/2018 02:24 AM, vkhoury wrote:
>
> why? You mean i have to try adding it to user instead of an auxiliary
> class?


If by "it" you mean your attribute, then no you should not do that in
schema. Generally it is best to leave the base/shipped schema alone and
use auxiliary classes in order to add new attributes to existing classes
of objects.

A -609 error means the attribute you are trying to add to an object is
illegal, meaning the object's schema class(es) will not allow you to add
that attribute. This could happen when you try to add something like
DirXML-Act1 to a user object, since that attribute is intended to be on an
IDM driver configuration object. It will also happen with any new attributes.

Geoffrey reiterated that -609 means a schema problem, to which you
responded that you had added the attribute to "auxiliary table IDVAULT",
which I presume means an IDM mapping table. IDM is built on top of
eDirectory, so regardless of how you map attributes within IDM you must
follow the rules of schema defined in code (which largely follow the LDAP
RFCs and state the same thing, thus you cannot add a new mngrid attribute
to a User (inetOrgPerson) class of object unless you first link that
attribute to a class, usually an auxiliary class, and then extend each
given object with that particular auxiliary class (which IDM will do for
you if setup properly).

You can test that the schema side works by using LDAP tools or iManager to
add the attribute to the user. Once that part works, the rest on your IDM
side may be okay, but without success without IDM there is no guarantee
you can get it with IDM, just like without turning a computer on there is
no guarantee you can get a script for that computer to run successfully.
Maybe the computer is already turned on (eDirectory is already setup
properly), but in this thread I have not seen anything confirming that,
and I would start there to make sure everything is ready.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
vkhoury
New Member.

Re: Code(-9010) An exception occurred: novell.jclient.JCExce

ab;2486886 wrote:
On 09/04/2018 02:24 AM, vkhoury wrote:
>
> why? You mean i have to try adding it to user instead of an auxiliary
> class?


If by "it" you mean your attribute, then no you should not do that in
schema. Generally it is best to leave the base/shipped schema alone and
use auxiliary classes in order to add new attributes to existing classes
of objects.

A -609 error means the attribute you are trying to add to an object is
illegal, meaning the object's schema class(es) will not allow you to add
that attribute. This could happen when you try to add something like
DirXML-Act1 to a user object, since that attribute is intended to be on an
IDM driver configuration object. It will also happen with any new attributes.

Geoffrey reiterated that -609 means a schema problem, to which you
responded that you had added the attribute to "auxiliary table IDVAULT",
which I presume means an IDM mapping table. IDM is built on top of
eDirectory, so regardless of how you map attributes within IDM you must
follow the rules of schema defined in code (which largely follow the LDAP
RFCs and state the same thing, thus you cannot add a new mngrid attribute
to a User (inetOrgPerson) class of object unless you first link that
attribute to a class, usually an auxiliary class, and then extend each
given object with that particular auxiliary class (which IDM will do for
you if setup properly).

You can test that the schema side works by using LDAP tools or iManager to
add the attribute to the user. Once that part works, the rest on your IDM
side may be okay, but without success without IDM there is no guarantee
you can get it with IDM, just like without turning a computer on there is
no guarantee you can get a script for that computer to run successfully.
Maybe the computer is already turned on (eDirectory is already setup
properly), but in this thread I have not seen anything confirming that,
and I would start there to make sure everything is ready.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


What i have done is the following:
In Imanager:
I created an attribute called 'mngrid' and i added it to the auxiliary class 'IDVAULT'.
The user schema is extended with this auxiliary class 'IDVAULT'.
In designer i imported the new schema.
Under Publish channel >Schema mapping , i added the new atrribute.
That part worked fine. No errors occured.
I don't get what is missing in my schema.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Code(-9010) An exception occurred: novell.jclient.JCExcepti

On 09/05/2018 02:24 AM, vkhoury wrote:
>
> What i have done is the following:
> In Imanager:
> I created an attribute called 'mngrid' and i added it to the auxiliary
> class 'IDVAULT'.
> The user schema is extended with this auxiliary class 'IDVAULT'.


I presume you mean for your specific VKHoury user from the trace you
added this auxiliary class to the list of the object's current classes; is
that correct? If so, then you should have a list of classes similar to
Top, Person, Organizational Person, ndsLoginProperties, User, and IDVAULT
on that particular user right now.

See if, now that you have done that, you can directly/manually add the
attribute to the user pointing to any old object, maybe even the manager.
Using iManager or Apache Directory Studio should allow this to happen
easily. Be sure you are connected to the IDM server running the driver
directly, so it is better if you can do this via LDAP to be sure since NCP
can change servers on you if it thinks it must. This will rule in/out
schema problems.

> In designer i imported the new schema.
> Under Publish channel >Schema mapping , i added the new atrribute.
> That part worked fine. No errors occured.
> I don't get what is missing in my schema.


It is possible you have a schema inconsistency among servers, but those
are pretty rare these days. Let's see what comes from the test above, and
it may be useful to have an updated trace in case things have changed
slightly since you originally started.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.