Highlighted
Absent Member.
Absent Member.
694 views

LDAP drive

I am trying to get a subtree from eDir to replicate to an openLDAP directory but after resolving a few issues, I'm stuck again. I try to sync a test user but the user doesn't show up in the directory and I don't see any relevant error in the trace. There are some "Invalid DV" errors in the publisher channel for policies than have been disabled. Could those still be causing an issue? I have also set "publication method" in the publisher settings on the driver to "no publisher". Maybe that doesn't do what I think it does but I assume that means is disabled the publisher channel and makes it a one way process. I want this to be one way. Here is my trace:



10/17/2018 
15:20:29 FE764700 DirXML: Luminis EV: Filtered by class or attribute
15:20:29 FE764700 DirXML: Luminis EV: Writing data to cache:
15:20:29 FE764700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
15:20:29 FE764700 DirXML: Luminis EV: Entry ID: 0x35876, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
15:20:29 FE764700 DirXML: Luminis EV: Wrote 96 bytes to cache 357460.TAO
15:20:29 FE764700 DirXML: Luminis EV: Elapsed time: 0.031 milliseconds
15:20:29 FE764700 DirXML: Luminis EV: Committing 96 bytes to cache 357460.TAO
15:20:29 FE764700 DirXML: Luminis EV: Committed 96 bytes to cache 357460.TAO
15:20:29 FE764700 DirXML: Luminis EV: Elapsed time: 0.294 milliseconds
15:20:29 F5DE1700 DirXML: Luminis EV: Read 96 bytes from cache 357460.TAO
15:20:29 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.010 milliseconds
15:20:29 F5DE1700 Drvrs: Luminis ST:Start transaction.
15:20:29 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219254) dn(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
15:20:29 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
15:20:29 F5DE1700 Drvrs: Luminis ST:CN =
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \IDV\lp5\cp\People\testuser.
15:20:29 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \IDV\lp5\cp\People\testuser.
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
15:20:29 F5DE1700 Drvrs: Luminis ST:Performing operation query for \IDV\lp5\cp\People\testuser.
15:20:29 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019761, tempContext = 1162019769
15:20:29 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019769
15:20:29 F5DE1700 Drvrs: Luminis ST:Read result:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
<attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Synthetic add:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<add cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
<status level="success"></status>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying object matching policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-Scoping.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "lp5") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'remember relative position in hierarchy'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-set-op-property("unmatched-src-dn",token-unmatched-src-dn(convert="true")).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-string(token-unmatched-src-dn(convert="true"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-unmatched-src-dn(convert="true")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-set-op-property("attempt-to-match","true").
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-string("true")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text("true")
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "true".
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-DefaultMatching.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by UID'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by UID'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-if().
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Performing else actions.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
15:20:29 F5DE1700 Drvrs: Luminis ST: Query from policy
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Pumping XDS to eDirectory.
15:20:29 F5DE1700 Drvrs: Luminis ST: Performing operation query for \IDV\lp5\cp\People\testuser.
15:20:29 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019761, tempContext = 1162019769
15:20:29 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019769
15:20:29 F5DE1700 Drvrs: Luminis ST: Query from policy result
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
</instance>
<status level="success"></status>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="9",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-dn("uid="+token-substring(start="9",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-substring(start="9",token-op-property("unmatched-src-dn"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-substring(start="9",token-op-property("unmatched-src-dn"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text(",")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=testuser,OU=People,OU=cp,o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST: Query from policy
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=testuser,OU=People,OU=cp,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=testuser,OU=People,OU=cp,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
15:20:29 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=testuser,OU=People,OU=cp,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=testuser,OU=People,OU=cp,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=testuser,OU=People,OU=cp,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: No Such Object (32) No Such Object
LDAPException: Matched DN: ou=People,ou=cp,o=lp5.
Connection will not be reset.
15:20:29 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
15:20:29 F5DE1700 Drvrs: Luminis ST: Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: Resolving association references.
15:20:29 F5DE1700 Drvrs: Luminis ST: Query from policy result
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST: No matches found.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match everything else'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-class-name not-equal "User") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:No match found.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying object creation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-cp-DefaultCreate.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "test user".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = test user".
15:20:29 F5DE1700 Drvrs: Luminis ST:CN = test user
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'User Required Attributes'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'User Required Attributes'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("CN").
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("Surname").
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Organizational Unit Required Attributes'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "Organizational Unit") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying object placement policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-pp-DefaultPlacement.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'test'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'test'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message(token-op-property("unmatched-src-dn")+","+token-global-variable("driver.ldap.base.container")).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-string(token-op-property("unmatched-src-dn")+","+token-global-variable("driver.ldap.base.container"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text(",")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "uniqueID=testuser,OU=People,OU=cp,o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST:uniqueID=testuser,OU=People,OU=cp,o=lp5
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Subscriber Placement Rule'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'Subscriber Placement Rule'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-if().
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Performing else actions.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-set-op-dest-dn(arg-dn(token-op-property("unmatched-src-dn")+","+token-global-variable("driver.ldap.base.container"))).
15:20:29 F5DE1700 Drvrs: Luminis ST: arg-dn(token-op-property("unmatched-src-dn")+","+token-global-variable("driver.ldap.base.container"))
15:20:29 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "uniqueID=testuser,OU=People,OU=cp".
15:20:29 F5DE1700 Drvrs: Luminis ST: token-text(",")
15:20:29 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
15:20:29 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST: Arg Value: "uniqueID=testuser,OU=People,OU=cp,o=lp5".
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Submitting add to subscriber shim.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying command transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-TransformDistPwd.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block empty modify operations'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
10/17/2018
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-CheckPwdGCV.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to passwords when objects are added'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to password modifications'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-AddPwdPayload.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add operation-data element to password subscribe operations'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to a reset password from a failed password publish operation'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to password subscribe operations'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
15:20:29 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="User" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'CN' to 'cn'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying output transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="inetOrgPerson" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' equal "TRUE") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' available) = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
15:20:29 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule rejected.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="inetOrgPerson" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181017212029.011Z" class-name="inetOrgPerson" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">test user</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">user</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
<operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</add>
</input>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Stripping operation data from input document
15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPSub.performAddOperation() Calling getAllSups(inetOrgPerson)
15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAP Add:
dn: uniqueID=testuser,OU=People,OU=cp,o=lp5
uid: testuser
mail: testuser
cn: test user
sn: user
givenname: test
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top

15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPInterface.doLDAPAdd() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN:
15:20:29 F5DE1700 Drvrs: Luminis ST:Restoring operation data to output document
15:20:29 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" level="error">LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: <operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</status>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying input transformation policies.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" level="error">LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: <operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
</status>
</output>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
15:20:29 F5DE1700 Drvrs: Luminis ST:Policy returned:
15:20:29 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
15:20:29 F5DE1700 Drvrs: Luminis ST:Resolving association references.
15:20:29 F5DE1700 Drvrs: Luminis ST:Processing returned document.
15:20:29 F5DE1700 Drvrs: Luminis ST:End transaction.
15:20:29 F5DE1700 DirXML: Luminis EV: Physically purged 96 bytes from cache 357460.TAO
15:20:29 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.297 milliseconds
Labels (1)
0 Likes
9 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: LDAP drive

On 10/17/2018 03:34 PM, bobbintb wrote:
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
> 15:20:29 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
> 15:20:29 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
> 15:20:29 F5DE1700 Drvrs: Luminis ST: Rule selected.
> 15:20:29 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
> 15:20:29 F5DE1700 Drvrs: Luminis ST: Action: do-veto().


You have a policy called 'veto all' that is blocking the event. If you
disable the action, or the rule, then this may continue.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: LDAP drive

I did disable that but the only change I noticed was some of the errors in the trace turned red. I disabled all the policies in the publisher channel and added that veto-all just for reassurance. I assume that publisher setting disables the publisher channel but I don't know exactly so I didn't want to trust it. Maybe I should just delete all the policies in the publisher channel.

Also, I don't know why my thread title is "LDAP drive". Not very descriptive. I started typing the title and got distracted and forgot to finish before I submitted. I edited it right after but it looks like the edit didn't take.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LDAP drive

On 10/18/2018 08:46 AM, bobbintb wrote:
>
> I did disable that but the only change I noticed was some of the errors
> in the trace turned red. I disabled all the policies in the publisher


Have a new trace?

> channel and added that veto-all just for reassurance. I assume that


The "veto all" rule in this case is on the Subscriber channel, not the
Publisher channel, so be sure you distinguish between those two. They may
point to the same actual rule, but the references are in different places,
and that matters for this.

> publisher setting disables the publisher channel but I don't know
> exactly so I didn't want to trust it. Maybe I should just delete all the
> policies in the publisher channel.


Deleting policies will not block events. If you do not want any Publisher
channel events, set the class(es) in the Fitler to Ignore on the Publisher
channel and that should do it by default; remember, the classes, not the
attributes within the classes, will control this, so it's usually just one
or two things to change, not the (possibly) dozens or hundreds of
attributes themselves.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: LDAP drive

On 2018-10-17 23:34, bobbintb wrote:
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
> 15:20:29 F5DE1700 Drvrs: Luminis ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.0.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20181017212029.011Z" class-name="inetOrgPerson" dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5" event-id="devserver#20181017212029#1#1:58aed860-0839-4380-8bbe-60d8ae583908" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
> <add-attr attr-name="cn">
> <value timestamp="1472763230#46" type="string">test user</value>
> </add-attr>
> <add-attr attr-name="givenname">
> <value timestamp="1482333216#11" type="string">test</value>
> </add-attr>
> <add-attr attr-name="mail">
> <value timestamp="1472763230#52" type="string">testuser</value>
> </add-attr>
> <add-attr attr-name="sn">
> <value timestamp="1472763230#55" type="string">user</value>
> </add-attr>
> <add-attr attr-name="uid">
> <value naming="true" timestamp="1472763230#71" type="string">testuser</value>
> </add-attr>
> <operation-data attempt-to-match="true" unmatched-src-dn="uniqueID=testuser,OU=People,OU=cp"/>
> </add>
> </input>
> </nds>
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Stripping operation data from input document
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPSub.performAddOperation() Calling getAllSups(inetOrgPerson)
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAP Add:
> dn: uniqueID=testuser,OU=People,OU=cp,o=lp5
> uid: testuser
> mail: testuser
> cn: test user
> sn: user
> givenname: test
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
>
> 15:20:29 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPInterface.doLDAPAdd() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
> LDAPException: Server Message: invalid DN



Are you sure 'uniqueID' is a valid attribute in your OpenLDAP schema?

--
Norbert
--
Norbert
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: LDAP drive

Well, uniqueID is mapped to uid. Also, my understanding is that there are a number of standard LDAP attributes that eDirectory calls something else and will automatically alias to the LDAP standard name, or something to that effect. One of those is uid. I might be mistaken about that.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: LDAP drive

uniqueID is mapped to uid, but the destDn still contains uniqueID.

dest-dn="uniqueID=testuser,OU=People,OU=cp,o=lp5"

Change this and try again.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LDAP drive

bobbintb;2489089 wrote:
Well, uniqueID is mapped to uid. Also, my understanding is that there are a number of standard LDAP attributes that eDirectory calls something else and will automatically alias to the LDAP standard name, or something to that effect. One of those is uid. I might be mistaken about that.


You're thinking of the automatic name mapping done by eDirectory's LDAP server here? The LDAP driver doesn't assume anything, it uses the schema map just like every other driver.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LDAP drive

dgersic;2489127 wrote:
You're thinking of the automatic name mapping done by eDirectory's LDAP server here? The LDAP driver doesn't assume anything, it uses the schema map just like every other driver.


Shema map not always can help in this situation:
This is not class to class or attribute to attribute mapping.

In this specific situation, this is DN of one system already "mapped" to DN of another system.
Some LDAP systems can support more then one naming attribute (for example in this case CN and uniqueID).
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: LDAP drive

Thank you all. There was another default policy that was a little off in the placement, as you have noticed. I have fixed it and I was able to get the test user through. Thanks again.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.