Highlighted
Knowledge Partner
Knowledge Partner
226 views

Looking for errors in check-object-password

Slowly working on a project here, I'm looking to collect sample errors from the iManager function that checks a user object's password against the connected systems. In trace, you see something like this:

 

[07/14/20 09:17:44.640]:DriverName ST:Remote Interface Driver: Sending...
[07/14/20 09:17:44.640]:DriverName ST:
<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Advanced" version="4.8.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <input>
    <check-object-password event-id="user-agent-check-password">
      <association>8f7db04f1782d940923c1180de232dd9</association>
      <password><!-- content suppressed --></password>
    </check-object-password>
  </input>
</nds>
[07/14/20 09:17:44.640]:DriverName ST:Remote Interface Driver: Document sent.
[07/14/20 09:17:44.640]:DriverName ST:Remote Interface Driver: Waiting for receive...
[07/14/20 09:17:45.392]:DriverName ST:Remote Interface Driver: Received
[07/14/20 09:17:45.393]:DriverName ST:
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20180125_120000" instance="\Tree\Container\DriverSet\DriverName" version="4.1.2.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status event-id="user-agent-check-password" level="error" type="driver-general">Check password connection validation.Bind failed because of one or more of the following errors.The user's account has expired.<ldap-err ldap-rc="49" ldap-rc-name="LDAP_INVALID_CREDENTIALS">
        <client-err ldap-rc="49" ldap-rc-name="LDAP_INVALID_CREDENTIALS">Invalid Credentials</client-err>
        <server-err>8009030C: LdapErr: DSID-0C090595, comment: AcceptSecurityContext error, data 701, v3839</server-err>
        <server-err-ex win32-rc="-2146893044"/>
      </ldap-err>
    </status>
  </output>
</nds>

 

 

This one is, of course Active Directory. I have the eDir-to-eDir driver as well. I'd like to see what some of the other drivers that support password verification (manifest includes "<capability name="password-check"/>").

AzureAD, LDAP, and the BiDir driver would be especially interesting. But any you have access to and can post a trace snippet of would be helpful.

 

Labels (1)
3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Bumping this back to the top. Anyone with a working driver that can do a password sync check with iManager and post the level 3 trace snippet of the reply?
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Hi.

Currently all I have is an AD-driver at hand, so here it goes:

[08/18/20 09:05:43.398]:AD-DRIVER ST:Remote Interface Driver: Sending...
[08/18/20 09:05:43.399]:AD-DRIVER ST:
<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Advanced" version="4.7.1.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <input>
    <check-object-password event-id="user-agent-check-password">
      <association>myAssociation</association>
      <password><!-- content suppressed --></password>
    </check-object-password>
  </input>
</nds>
[08/18/20 09:05:43.406]:AD-DRIVER ST:Remote Interface Driver: Document sent.
[08/18/20 09:05:43.406]:AD-DRIVER ST:Remote Interface Driver: Waiting for receive...
[08/18/20 09:05:43.433]:AD-DRIVER ST:Remote Interface Driver: Received
[08/18/20 09:05:43.435]:AD-DRIVER ST:
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20180125_120000" instance="\IDM-TREE\system\driverset1\AD-DRIVER" version="4.1.1.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status event-id="user-agent-check-password" level="success"/>
  </output>
</nds>

Best regards

Marcus

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Thanks Marcus. As far as I can tell, all of them return the same status / success document if the user's password checks ok. I'm looking for the status / error document returned by each driver, since it seems to be shim specific what it kicks back when the user's password (vault) does not match the user's password in the connected system.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.