Knowledge Partner
Knowledge Partner

Re: In Identitiy manager bidirectional driver sync not working

Follow the documentation:
https://www.netiq.com/documentation/identity-manager-47-drivers/bidirect_edirectory/data/creating-the-driver-object-in-designer.html#bfvehvc

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
KSEB1 Absent Member.
Absent Member.

Re: In Identitiy manager bidirectional driver sync not worki

Thankyou AB
0 Likes
Knowledge Partner
Knowledge Partner

Re: In Identitiy manager bidirectional driver sync not working

On 5/27/2019 7:36 AM, KSEB wrote:
>
> what i have done is i deleted the user from edirectory.Then i deleted
> the association of this user.The i tried manually migrate from identity
> vault.When trying this the error showing above..
> How to check remote edir rights?


As I wrote last week:
"
Look at the driver config, find the user specified as the authentication
ID and then in the Remote eDir, if you use iManager, use the Rights,
Rights to other objects, and specify this object to see its permissions.
Make sure it can read and write to the object and attributes in the
filter."

This assumes you understand eDirectory permissions. If you do not,
please find someone there who does.

(Since you are not entirely clear on this, for events coming out of that
Remote Edir, into the IDV, the Publisher channel, the permission to
write/read the IDV, are based on the Driver objects Security Equals
attribute, pointing at some object with permissions to work in the IDV
tree. But that is not your error here, just an informative point, since
the next logical question after how are permissions managed in the
remote tree, should be, how are permissions managed in the IDV).

Short version of Permissions:

There are object level (create, delete, write) permissions. Then there
are attribute level permissions. They are distinct and different.

So you might have permissions to modify an attribute (say Internet EMail
Addres) but not create a User. So some thought is required.

You could post a screen shot of what the Rights to Other objects shows,
if you are confused.



0 Likes
KSEB1 Absent Member.
Absent Member.

Re: In Identitiy manager bidirectional driver sync not worki

Thankyou for your valuable information.
0 Likes
KSEB1 Absent Member.
Absent Member.

Re: In Identitiy manager bidirectional driver sync not worki

this is the erro showing when trying to manually migrate
[05/27/19 11:19:05.495]:IDVtoEdir ST:Applying schema mapping policies to input.
[05/27/19 11:19:05.495]:IDVtoEdir ST:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[05/27/19 11:19:05.495]:IDVtoEdir ST:Resolving association references.
[05/27/19 11:19:05.496]:IDVtoEdir ST:Processing returned document.
[05/27/19 11:19:05.496]:IDVtoEdir ST:Processing operation <status> for .
[05/27/19 11:19:05.496]:IDVtoEdir ST:
DirXML Log Event -------------------
Driver: \KSEBIDM\system\driverset1\IDV to Edir
Channel: Subscriber
Object: \KSEBIDM\data\KSEB_Designation\Assistant Engineer\0000002
Status: Error
Message: LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: NDS error: no access (-672)
LDAPException: Matched DN:
[05/27/19 11:19:05.497]:IDVtoEdir ST:End transaction.
[05/27/19 11:19:14.236]:IDVtoEdir PT:IDV to Edir: EdirPublisher - No intermediate response from server... will re-check after 10 Seconds.
0 Likes
KSEB1 Absent Member.
Absent Member.

Re: In Identitiy manager bidirectional driver sync not worki

can anyone please help its urgent it is in production server .My mail id shilginjose@gmail.com
0 Likes
Knowledge Partner
Knowledge Partner

Re: In Identitiy manager bidirectional driver sync not working

On 5/25/2019 2:34 AM, KSEB wrote:
>
> can anyone please help its urgent it is in production server .My mail id
> shilginjose@gmail.com


as Aaron suggested, there are two sets of permissons.

IDV side where the driver gets permission to modify objects in the iDV.
These would be Pub channel events where remote eDir changes are writing
to the IDV.

On the Remote eDir side, you specify an account in the driver
configuration (Authentication ID and password) for Sub channel events to
write to the remote LDAP.

So as Aaron suggested, post a trace of startup. If this worked before,
it seems unlikely the permissions suddenly changed so it could be
totally unrelated.

Look at the driver config, find the user specified as the authetication
ID and then in the Remote eDir, if you use iManager, use the Rights,
Rights to other objects, and specify this object to see its permissions.
Make sure it can read and write to th eobject and attributes in the
filter.


0 Likes
KSEB1 Absent Member.
Absent Member.

Re: In Identitiy manager bidirectional driver sync not worki

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.