UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Vice Admiral
Vice Admiral
345 views

Ecmascript LDAPConnection modify user attribute error

I have to add attribute value inside existing user object.

User: cn=tuser01,ou=Users,ou=Portal,o=testlab

Attribute is "telephoneNumber", value "1212458796"

For this I have below code and at the time of execution I am getting error in Driver trace "JavaException: com.novell.ldap.LDAPException: No Such Attribute"

I have enabled the ndstrace, In ndstrace, I am getting error "DDCModifyEntry failed, err = no such value (-602)"

Code

importPackage(Packages.com.novell.ldap);
importPackage(Packages.com.novell.xml.util);
var tracer = new Packages.com.novell.nds.dirxml.driver.Trace("LDAPSearch");
function ldapModify(host, port, admin_user, password, user_dn, user_attr_value, ssl_trustStore, ssl_trustStorePwd) {
	tracer.trace("Inside ldapModify.", 5);
	tracer.trace("Host: " + host, 5);
	tracer.trace("Port: " + port, 5);
	tracer.trace("Admin User: " + admin_user, 5);
	tracer.trace("User DN: " + user_dn, 5);
	tracer.trace("User Attribute Value: " + user_attr_value, 5);
	tracer.trace("SSL TrustStore Path: " + ssl_trustStore, 5);
	var lc;
	try {
		java.lang.System.setProperty("javax.net.ssl.trustStore", ssl_trustStore);
		java.lang.System.setProperty("javax.net.ssl.trustStorePassword", ssl_trustStorePwd);
		var ssf = new LDAPJSSESecureSocketFactory();
		lc = new LDAPConnection(ssf);
		tracer.trace("New connection object declared properly.", 5);
		lc.connect( host, port );
		lc.bind( LDAPConnection.LDAP_V3, user, new java.lang.String(password).getBytes("UTF8") );
		tracer.trace("LDAP bind completed successfully with credentials.", 5);
		lc.modify(user_dn, new LDAPModification(LDAPModification.ADD, new LDAPAttribute("telephoneNumber", "1212458796")));
		tracer.trace("LDAP Modify completed successfully.", 5);
	} catch(e) {
		tracer.trace("Error In LDAP Modify: " + e.toString(), 5);
		isError = true;
	} finally {
		lc.disconnect();
		tracer.trace("Closing LDAP Connection.", 5);
	}
}

Driver log

[03/08/21 10:06:31.143]:IDVTOEDIR ST:                  token-xpath("es:ldapModify($idv-host, $idv-port, $idv-admin-user, $idv-admin-pwd, $lv-UserLDAP_DN, '', $idv-ssl-truststore-path, $idv-ssl-trustStorePwd)")
[03/08/21 10:06:31.145]:IDVTOEDIR ST:                    LDAPSearch: Inside ldapModify.
[03/08/21 10:06:31.146]:IDVTOEDIR ST:                    LDAPSearch: Port: 636
[03/08/21 10:06:31.146]:IDVTOEDIR ST:                    LDAPSearch: Admin User: cn=admin,ou=sa,ou=Portal,o=testlab
[03/08/21 10:06:31.147]:IDVTOEDIR ST:                    LDAPSearch: User DN: cn=tuser01,ou=Users,ou=Portal,o=testlab
[03/08/21 10:06:31.150]:IDVTOEDIR ST:                    LDAPSearch: SSL TrustStore Path: /opt/netiq/common/jre/lib/security/cacerts
[03/08/21 10:06:31.152]:IDVTOEDIR ST:                    LDAPSearch: New connection object declared properly.
[03/08/21 10:06:31.207]:IDVTOEDIR ST:                    LDAPSearch: LDAP bind completed successfully with credentials.
[03/08/21 10:06:31.213]:IDVTOEDIR ST:                    LDAPSearch: Error In LDAP Modify: JavaException: com.novell.ldap.LDAPException: No Such Attribute
[03/08/21 10:06:31.216]:IDVTOEDIR ST:                    LDAPSearch: Closing LDAP Connection.
[03/08/21 10:06:31.216]:IDVTOEDIR ST:                    Token Value: "com.novell.xsl.extensions.JavaVoid@78c3561b".
[03/08/21 10:06:31.217]:IDVTOEDIR ST:                  Arg Value: "com.novell.xsl.extensions.JavaVoid@78c3561b".

eDirectory ndstrace.log

[2021/03/08 10:06:30.850] New TLS connection 0x1ed90000 from 198.12.5.49:54050, monitor = 0x7ff5a700, index = 7
[2021/03/08 10:06:30.854] Monitor 0x7ff5a700 initiating TLS handshake on connection 0x1ed90000
[2021/03/08 10:06:30.854] (198.12.5.49:54050)(0x0000:0x00) DoTLSHandshake on connection 0x1ed90000
[2021/03/08 10:06:30.901] BIO ctrl called with unknown cmd 7
[2021/03/08 10:06:30.901] (198.12.5.49:54050)(0x0000:0x00) Completed TLS handshake on connection 0x1ed90000
[2021/03/08 10:06:30.903] (198.12.5.49:54050)(0x00a3:0x60) DoBind on connection 0x1ed90000
[2021/03/08 10:06:30.903] (198.12.5.49:54050)(0x00a3:0x60) Treating simple bind with empty DN and no password as anonymous
[2021/03/08 10:06:30.903] (198.12.5.49:54050)(0x00a3:0x60) Bind name:NULL, version:3, authentication:simple
[2021/03/08 10:06:30.903] (198.12.5.49:54050)(0x00a3:0x60) Sending operation result 0:"":"" to connection 0x1ed90000
[2021/03/08 10:06:30.908] (198.12.5.49:54050)(0x00a4:0x63) DoSearch on connection 0x1ed90000
[2021/03/08 10:06:30.908] (198.12.5.49:54050)(0x00a4:0x63) Search request:
	base: "ou=Users,ou=Portal,o=testlab"
	scope:2  dereference:0  sizelimit:1000  timelimit:0  attrsonly:0
	filter: "(&(objectClass=user)(modifyTimestamp>=20210304060000Z))"
	attribute: "cn"
[2021/03/08 10:06:30.911] (198.12.5.49:54050)(0x00a4:0x63) Sending search result entry "cn=tuser01,ou=Users,ou=Portal,o=testlab" to connection 0x1ed90000
[2021/03/08 10:06:30.911] (198.12.5.49:54050)(0x00a4:0x63) Sending search result entry "cn=tuser14,ou=Users,ou=Portal,o=testlab" to connection 0x1ed90000
[2021/03/08 10:06:30.911] (198.12.5.49:54050)(0x00a4:0x63) Sending operation result 0:"":"" to connection 0x1ed90000
[2021/03/08 10:06:30.920] Monitor 0x7ff5a700 found connection 0x1ed90000 ending TLS session
[2021/03/08 10:06:30.921] (198.12.5.49:54050)(0x0000:0x00) DoTLSShutdown on connection 0x1ed90000
[2021/03/08 10:06:30.924] (198.12.5.49:54050)(0x0000:0x00) Connection 0x1ed90000 read failure, setting err = -5874
[2021/03/08 10:06:30.924] Monitor 0x7ff5a700 found connection 0x1ed90000 socket closed, err = -5874, 0 of 0 bytes read
[2021/03/08 10:06:30.924] Monitor 0x7ff5a700 initiating close for connection 0x1ed90000
[2021/03/08 10:06:30.924] Server closing connection 0x1ed90000, socket error = -5874
[2021/03/08 10:06:30.924] Connection 0x1ed90000 closed
[2021/03/08 10:06:31.153] New TLS connection 0x1ed90000 from 198.12.5.49:54052, monitor = 0x7ff5a700, index = 7
[2021/03/08 10:06:31.156] Monitor 0x7ff5a700 initiating TLS handshake on connection 0x1ed90000
[2021/03/08 10:06:31.156] (198.12.5.49:54052)(0x0000:0x00) DoTLSHandshake on connection 0x1ed90000
[2021/03/08 10:06:31.203] BIO ctrl called with unknown cmd 7
[2021/03/08 10:06:31.203] (198.12.5.49:54052)(0x0000:0x00) Completed TLS handshake on connection 0x1ed90000
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) DoBind on connection 0x1ed90000
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Treating simple bind with empty DN and no password as anonymous
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Bind name:NULL, version:3, authentication:simple
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Sending operation result 0:"":"" to connection 0x1ed90000
[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) DoModify on connection 0x1ed90000
[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) modify: dn (cn=tuser01,ou=Users,ou=Portal,o=testlab)
[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) modifications:
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) 	add: telephoneNumber
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) DDCModifyEntry failed, err = no such value (-602)
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) Sending operation result 16:"":"NDS error: no such value (-602)" to connection 0x1ed90000
[2021/03/08 10:06:31.215] Monitor 0x7ff5a700 found connection 0x1ed90000 ending TLS session
[2021/03/08 10:06:31.215] (198.12.5.49:54052)(0x0000:0x00) DoTLSShutdown on connection 0x1ed90000
[2021/03/08 10:06:31.216] Monitor 0x7ff5a700 found connection 0x1ed90000 socket closed, err = -5871, 0 of 0 bytes read
[2021/03/08 10:06:31.216] Monitor 0x7ff5a700 initiating close for connection 0x1ed90000
[2021/03/08 10:06:31.216] Server closing connection 0x1ed90000, socket error = -5871
[2021/03/08 10:06:31.216] Connection 0x1ed90000 closed

I am using IDM 4.7.3.

Labels (1)
5 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

You trying to make a modification after the anonymous bind.

[2021/03/08 10:06:31.203] (198.12.5.49:54052)(0x0000:0x00) Completed TLS handshake on connection 0x1ed90000
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) DoBind on connection 0x1ed90000
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Treating simple bind with empty DN and no password as anonymous
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Bind name:NULL, version:3, authentication:simple
[2021/03/08 10:06:31.205] (198.12.5.49:54052)(0x00a5:0x60) Sending operation result 0:"":"" to connection 0x1ed90000

[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) DoModify on connection 0x1ed90000
[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) modify: dn (cn=tuser01,ou=Users,ou=Portal,o=testlab)
[2021/03/08 10:06:31.209] (198.12.5.49:54052)(0x00a6:0x66) modifications:
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) add: telephoneNumber
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) DDCModifyEntry failed, err = no such value (-602)
[2021/03/08 10:06:31.210] (198.12.5.49:54052)(0x00a6:0x66) Sending operation result 16:"":"NDS error: no such value (-602)" to connection 0x1ed90000

 

Vice Admiral
Vice Admiral

Thanks for the reply.

I am passing the argument to the Ecmascript function for admin password (as Driver's Named Password) and due to some reason this password is not accessible in Ecmascript so that is the main issue I have seen.

Current I have stored that Named Password in Local Variable and pass that variable to the Ecmascript and now this password is accessible in that Ecmascript and working fine for me.

I have two questions given below, please share your view.

1. Why Named Password (used as GCV) is not accessible in Ecmascipt?

2. How can disabled that anonymous bind?

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

I think Alex is correct.  It is not that you tried an anonymous bind on purpose, rather a quirk of the LDAP standard is that a login with auser name, but no password is considered an anonymous bind.

Ergo, you did not send in a password successfully.

 

You say you read a Named Password, stored in a variable and passed in. Alas, I would assume this means the Named Password is empty.

Couple of options to confirm.

1) Named Passwords are per-replica/per-server. So if set on ServerA, but this driver is running on an engine on ServerB will not be there. Confirm thaat you have the correct servers in play and that it is set.

Generally when this happens, the second server is just plain missing the password entirely.

2) Confirm what the password is in the Named Password. Maybe the value was cleared, but the password was not removed from the list.

Two quick ways: a) Add a trace of the local variable.  Which might not work, since in some recent rev of the engine, they seem to persist the <!--is-sensitive--> flag on a Named password set into a variable. 

b) Get Console2 from Alekz in the forums here. (https://sneakycat.biz) trust me, you will love it.  It has a Named password manager.  Allows you to see the passwords for a driver on each server. Set them.  And if you set a GCV on the driver to allow it, will let you display the current values.  Super useful.  Tool is awesome, just plain get it already and save yourself time.

 

 

Vice Admiral
Vice Admiral

I have only one Server, there is no other replica/server.

Yes, Password is in the Named Password which is the reference of GCV (Value is not cleared) and I was passing that GCV to the ECMAScript function, in this situation that password is empty in ECMAScript function, I have used Trace to see the password and it was empty.

I wanted to know how can we disabled that anonymous bind.

0 Likes
Micro Focus Expert
Micro Focus Expert

How are you referencing the Named Password in the call to the ECMAscript function?
(None of the references provided show the original call to the ECMAscript.)

You are indicating that GCV's are used and the Named Password value will not be found in a GCV. The token used in XML should be for "token-named-password" and not "token-global-variable".

A Global Variable argument would look like:

 

<arg-string>
	<token-global-variable name="testPwd"/>
</arg-string>

 

while a Named Password argument would look like:

 

<arg-string>
	<token-named-password name="testPwd"/>
</arg-string>

 

If you provide an example of how the call is being made, that would be helpful.

Cheers,

D

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.