bobbintb Absent Member.
Absent Member.
526 views

LDAP driver: usercertificate: requires ;binary transfer

I got my LDAP driver working and now something seems to have gone wrong. I am trying to mirror an OU from eDir to openLDAP. I had an OU full of users on openLDAP that I imported from eDir with an LDIFF. I deleted one one user in openLDAP and did a successful migration. I then deleted all the users under that OU in openLDAP to try a full migrate and now I am getting errors. At first I was getting (17) undefined attribute type for pwdAccountLockedTime. I removed the account tracking packages as I don't need them. Then I started getting the same issue for nspmDistributionPassword. I removed the password sync packaged to see if that would get past it and now I am getting the error for usercertificate. I'm not sure what is going on but deleting the users might have caused some unintended consequences. Here is my trace:

10/22/2018 
13:21:59 23269700 DirXML: Luminis EV: Filtered by class or attribute
13:21:59 23269700 DirXML: Luminis EV: Writing data to cache:
13:21:59 23269700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=ISU-IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
13:21:59 23269700 DirXML: Luminis EV: Entry ID: 0x35a74, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
13:21:59 23269700 DirXML: Luminis EV: Wrote 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Elapsed time: 0.022 milliseconds
13:21:59 23269700 DirXML: Luminis EV: Committing 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Committed 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Elapsed time: 0.298 milliseconds
13:21:59 F5DE1700 DirXML: Luminis EV: Read 136 bytes from cache 357460.TAO
13:21:59 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.009 milliseconds
13:21:59 F5DE1700 Drvrs: Luminis ST:Start transaction.
13:21:59 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219764) dn(\T=ISU-IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181022192159.250Z" class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764" timestamp="0#0">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
</sync>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
13:21:59 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
13:21:59 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
13:21:59 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:21:59 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:21:59 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:21:59 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:21:59 F5DE1700 Drvrs: Luminis ST:CN =
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181022192159.250Z" class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764" timestamp="0#0">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
</sync>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:Merging eDirectory and application values.
13:21:59 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\ISU-IDV\lp5\cp\People\testuser" dest-entry-id="219764" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
13:21:59 F5DE1700 Drvrs: Luminis ST:Performing operation query for \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019833, tempContext = 1162019781
13:21:59 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019781
13:21:59 F5DE1700 Drvrs: Luminis ST:Read result:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
<attr attr-name="CN">
<value timestamp="1473537516#22" type="string">test user</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1480018111#10" type="string">test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1473537516#28" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1473537516#31" type="string">user</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Updating application with eDirectory values.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="CN">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Given Name">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Internet EMail Address">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uniqueID">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Facsimile Telephone Number">
13:21:59 F5DE1700 Drvrs: <remove-all-values/>
</modify-attr>
<modify-attr attr-name="Initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="L">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="OU">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Postal Address">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="S">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="SA">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Telephone Number">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="userCertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:No command transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
13:21:59 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to modify #1.
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="CN">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Given Name">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Internet EMail Address">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uniqueID">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Facsimile Telephone Number">
13:21:59 F5DE1700 Drvrs: <remove-all-values/>
</modify-attr>
<modify-attr attr-name="Initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="L">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="OU">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Postal Address">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="S">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="SA">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Telephone Number">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="userCertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'CN' to 'cn'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Description' to 'description'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Facsimile Telephone Number' to 'facsimiletelephonenumber'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Initials' to 'initials'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'L' to 'l'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'OU' to 'ou'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Postal Address' to 'postaladdress'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'S' to 'st'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'SA' to 'street'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Telephone Number' to 'telephonenumber'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Title' to 'title'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'userCertificate' to 'usercertificate'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:21:59 F5DE1700 Drvrs: Luminis ST:No output transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="inetOrgPerson" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="cn">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="givenname">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="mail">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="sn">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uid">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="facsimiletelephonenumber">
<remove-all-values/>
13:21:59 F5DE1700 Drvrs: </modify-attr>
<modify-attr attr-name="initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="l">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="ou">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="postaladdress">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="st">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="street">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="telephonenumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="usercertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Luminis: LDAP Modify: uid=testuser,ou=people,ou=cp,o=lp5
LDAPModification: (operation=replace,(LDAPAttribute: {type='cn', value='test user'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='givenname', value='test'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='mail', value='testuser'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='sn', value='user'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='uid', value='testuser'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='description'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='facsimiletelephonenumber'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='initials'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='l'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='ou'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='postaladdress'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='st'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='street'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='telephonenumber'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='title'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='usercertificate'}))
13:21:59 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN:
13:21:59 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" level="error">LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN: </status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:No input transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" level="error">LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN: </status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:21:59 F5DE1700 Drvrs: Luminis ST:Resolving association references.
13:21:59 F5DE1700 DirXML: Luminis EV: Filtered by loopback detection
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing returned document.
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing operation <status> for .
13:21:59 F5DE1700 Drvrs: Luminis ST:
DirXML Log Event -------------------
Driver: \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis
Channel: Subscriber
Object: \ISU-IDV\lp5\cp\People\testuser
Status: Error
Message: LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN:
13:21:59 F5DE1700 Drvrs: Luminis ST:End transaction.
13:21:59 F5DE1700 DirXML: Luminis EV: Physically purged 136 bytes from cache 357460.TAO
13:21:59 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.271 milliseconds
Labels (1)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: LDAP driver: usercertificate: requires ;binary transfer

If you deleted the users in OpenLDAP then these users should not have
associations, but that is exactly what you have with the beginning of this
trace, so apparently you do not have the associations cleaned out on the
eDirectory/Vault side. As a result, perhaps try deleting the association
for this driver object from the user and try again.

Also, userCertificate is not something I have ever seen moved from eDir to
OpenLDAP in a useful way, so marking it as Ignore on the Subscriber
channel (if not both channels, or removed entirely from the Filter) is
probably a good idea.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAP driver: usercertificate: requires ;binary transfer

ab;2489240 wrote:
If you deleted the users in OpenLDAP then these users should not have
associations, but that is exactly what you have with the beginning of this
trace, so apparently you do not have the associations cleaned out on the
eDirectory/Vault side. As a result, perhaps try deleting the association
for this driver object from the user and try again.


Eh, maybe. If he deleted the users in openLDAP, what's in eDirectory depends on how he set up the publisher channel. I'd have used the publisher <delete> event to clean up the association, but he may have just veto'd it. Or, he may not be getting publisher events at all.


ab;2489240 wrote:

Also, userCertificate is not something I have ever seen moved from eDir to
OpenLDAP in a useful way, so marking it as Ignore on the Subscriber
channel (if not both channels, or removed entirely from the Filter) is
probably a good idea.


Agreed, I don't know why that's in there, but it probably doesn't do anything that's going to be useful.
0 Likes
bobbintb Absent Member.
Absent Member.

Re: LDAP driver: usercertificate: requires ;binary transfer

ab;2489240 wrote:
If you deleted the users in OpenLDAP then these users should not have
associations, but that is exactly what you have with the beginning of this
trace, so apparently you do not have the associations cleaned out on the
eDirectory/Vault side. As a result, perhaps try deleting the association
for this driver object from the user and try again.

Also, userCertificate is not something I have ever seen moved from eDir to
OpenLDAP in a useful way, so marking it as Ignore on the Subscriber
channel (if not both channels, or removed entirely from the Filter) is
probably a good idea.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


Right as always. Those associations always trip me up. I forget they are there until they cause a problem. I'll probably remove that userCertificate thing. It was just in there by default and I don't think I need it. Thanks.
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAP driver: usercertificate: requires ;binary transfer

bobbintb;2489231 wrote:
I got my LDAP driver working and now something seems to have gone wrong. I am trying to mirror an OU from eDir to openLDAP. I had an OU full of users on openLDAP that I imported from eDir with an LDIFF. I deleted one one user in openLDAP and did a successful migration. I then deleted all the users under that OU in openLDAP to try a full migrate and now I am getting errors. At first I was getting (17) undefined attribute type for pwdAccountLockedTime. I removed the account tracking packages as I don't need them. Then I started getting the same issue for nspmDistributionPassword. I removed the password sync packaged to see if that would get past it and now I am getting the error for usercertificate. I'm not sure what is going on but deleting the users might have caused some unintended consequences. Here is my trace:

10/22/2018 
13:21:59 23269700 DirXML: Luminis EV: Filtered by class or attribute
13:21:59 23269700 DirXML: Luminis EV: Writing data to cache:
13:21:59 23269700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=ISU-IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
13:21:59 23269700 DirXML: Luminis EV: Entry ID: 0x35a74, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
13:21:59 23269700 DirXML: Luminis EV: Wrote 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Elapsed time: 0.022 milliseconds
13:21:59 23269700 DirXML: Luminis EV: Committing 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Committed 136 bytes to cache 357460.TAO
13:21:59 23269700 DirXML: Luminis EV: Elapsed time: 0.298 milliseconds
13:21:59 F5DE1700 DirXML: Luminis EV: Read 136 bytes from cache 357460.TAO
13:21:59 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.009 milliseconds
13:21:59 F5DE1700 Drvrs: Luminis ST:Start transaction.
13:21:59 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219764) dn(\T=ISU-IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181022192159.250Z" class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764" timestamp="0#0">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
</sync>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
13:21:59 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
13:21:59 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
13:21:59 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:21:59 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:21:59 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:21:59 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:21:59 F5DE1700 Drvrs: Luminis ST:CN =
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181022192159.250Z" class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764" timestamp="0#0">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
</sync>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:Merging eDirectory and application values.
13:21:59 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\ISU-IDV\lp5\cp\People\testuser" dest-entry-id="219764" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
13:21:59 F5DE1700 Drvrs: Luminis ST:Performing operation query for \ISU-IDV\lp5\cp\People\testuser.
13:21:59 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019833, tempContext = 1162019781
13:21:59 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019781
13:21:59 F5DE1700 Drvrs: Luminis ST:Read result:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association state="migrate">uid=testuser,ou=people,ou=cp,o=lp5</association>
<attr attr-name="CN">
<value timestamp="1473537516#22" type="string">test user</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1480018111#10" type="string">test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1473537516#28" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1473537516#31" type="string">user</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Updating application with eDirectory values.
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="CN">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Given Name">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Internet EMail Address">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uniqueID">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Facsimile Telephone Number">
13:21:59 F5DE1700 Drvrs: <remove-all-values/>
</modify-attr>
<modify-attr attr-name="Initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="L">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="OU">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Postal Address">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="S">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="SA">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Telephone Number">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="userCertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:No command transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
13:21:59 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to modify #1.
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="CN">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Given Name">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Internet EMail Address">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uniqueID">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Facsimile Telephone Number">
13:21:59 F5DE1700 Drvrs: <remove-all-values/>
</modify-attr>
<modify-attr attr-name="Initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="L">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="OU">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Postal Address">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="S">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="SA">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Telephone Number">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="userCertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'CN' to 'cn'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Description' to 'description'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Facsimile Telephone Number' to 'facsimiletelephonenumber'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Initials' to 'initials'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'L' to 'l'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'OU' to 'ou'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Postal Address' to 'postaladdress'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'S' to 'st'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'SA' to 'street'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Telephone Number' to 'telephonenumber'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Title' to 'title'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'userCertificate' to 'usercertificate'.
13:21:59 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:21:59 F5DE1700 Drvrs: Luminis ST:No output transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="inetOrgPerson" event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" from-merge="true" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\ISU-IDV\lp5\cp\People\testuser" src-entry-id="219764">
<association>uid=testuser,ou=people,ou=cp,o=lp5</association>
<modify-attr attr-name="cn">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#22" type="string">test user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="givenname">
<remove-all-values/>
<add-value>
<value timestamp="1480018111#10" type="string">test</value>
</add-value>
</modify-attr>
<modify-attr attr-name="mail">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#28" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="sn">
<remove-all-values/>
<add-value>
<value timestamp="1473537516#31" type="string">user</value>
</add-value>
</modify-attr>
<modify-attr attr-name="uid">
<remove-all-values/>
<add-value>
<value naming="true" timestamp="1473537516#47" type="string">testuser</value>
</add-value>
</modify-attr>
<modify-attr attr-name="description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="facsimiletelephonenumber">
<remove-all-values/>
13:21:59 F5DE1700 Drvrs: </modify-attr>
<modify-attr attr-name="initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="l">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="ou">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="postaladdress">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="st">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="street">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="telephonenumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="usercertificate">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Luminis: LDAP Modify: uid=testuser,ou=people,ou=cp,o=lp5
LDAPModification: (operation=replace,(LDAPAttribute: {type='cn', value='test user'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='givenname', value='test'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='mail', value='testuser'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='sn', value='user'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='uid', value='testuser'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='description'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='facsimiletelephonenumber'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='initials'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='l'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='ou'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='postaladdress'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='st'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='street'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='telephonenumber'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='title'}))
LDAPModification: (operation=replace,(LDAPAttribute: {type='usercertificate'}))
13:21:59 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN:
13:21:59 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" level="error">LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN: </status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:No input transformation policies.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:21:59 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:21:59 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:21:59 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181022192159#1#1:3a3e4e8f-c40e-40da-8661-8f4e3e3a0ec4" level="error">LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN: </status>
</output>
</nds>
13:21:59 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:21:59 F5DE1700 Drvrs: Luminis ST:Resolving association references.
13:21:59 F5DE1700 DirXML: Luminis EV: Filtered by loopback detection
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing returned document.
13:21:59 F5DE1700 Drvrs: Luminis ST:Processing operation <status> for .
13:21:59 F5DE1700 Drvrs: Luminis ST:
DirXML Log Event -------------------
Driver: \ISU-IDV\isu\services\ISU-VaultDriverSet\Luminis
Channel: Subscriber
Object: \ISU-IDV\lp5\cp\People\testuser
Status: Error
Message: LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
LDAPException: Server Message: usercertificate: requires ;binary transfer
LDAPException: Matched DN:
13:21:59 F5DE1700 Drvrs: Luminis ST:End transaction.
13:21:59 F5DE1700 DirXML: Luminis EV: Physically purged 136 bytes from cache 357460.TAO
13:21:59 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.271 milliseconds


It's just a thought, but having read your several threads on the LDAP driver here, you may want to back up a step and start over with just the default setup. Stop hacking out random policies, removing default packages, and generally beating it with a stick. Get the basics working, understand what they're doing, then modify from there. The LDAP driver isn't one of the more complicated ones, and should basically just work for setting up a simple sync of users.
0 Likes
bobbintb Absent Member.
Absent Member.

Re: LDAP driver: usercertificate: requires ;binary transfer

dgersic;2489294 wrote:
It's just a thought, but having read your several threads on the LDAP driver here, you may want to back up a step and start over with just the default setup. Stop hacking out random policies, removing default packages, and generally beating it with a stick. Get the basics working, understand what they're doing, then modify from there. The LDAP driver isn't one of the more complicated ones, and should basically just work for setting up a simple sync of users.


Yeah, that's kind of what I've been doing and planning. I started with the default set up trying to get the basic working but had some issues. Now that I've worked those out and have a better understand of it, I'll redo it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.