Highlighted
Absent Member.
Absent Member.
1487 views

No CN on LDAP driver default policy

I got past the connection issue I was having in a previous post but now am having a policy issue. In the creation transform, the default policy for the LDAP driver has a ruled named "User Required Attributes" that will veto if the operational attribute CN is not available. My trace shows that is the policy that is vetoing the operation. I did a trace output message right before that rule and the CN is indeed empty but I don't know why. The object I am testing with definitely has a CN attribute. I can disable the rule but then I get the same issue with the nspmDistributionPassword. I checked the filter and the schema mapping. They are mapped and set to synchronize in the filter properly by default. I don't know why this default policy doesn't seem to be working. I'm just trying to set up basic replication to openLDAP. Any suggestions?
Labels (1)
0 Likes
21 Replies
Highlighted
Absent Member.
Absent Member.

I also saw "http://support.novell.com/docs/Tids/Solutions/10085947.html" in the trace and then found this:

http://support.novell.com/docs/Tids/Solutions/10085947.html

There is indeed a space in the CN but the solution is to get rid of the space. Not really a viable solution.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

bobbintb;2488905 wrote:
I got past the connection issue I was having in a previous post but now am having a policy issue. In the creation transform, the default policy for the LDAP driver has a ruled named "User Required Attributes" that will veto if the operational attribute CN is not available. My trace shows that is the policy that is vetoing the operation. I did a trace output message right before that rule and the CN is indeed empty but I don't know why. The object I am testing with definitely has a CN attribute. I can disable the rule but then I get the same issue with the nspmDistributionPassword. I checked the filter and the schema mapping. They are mapped and set to synchronize in the filter properly by default. I don't know why this default policy doesn't seem to be working. I'm just trying to set up basic replication to openLDAP. Any suggestions?


Hi Bob,
It will be easy to troubleshoot your issue, if you will provide driver trace (trace level 3+).

Alex
0 Likes
Highlighted
Absent Member.
Absent Member.

Yes, of course. Don't know what I was thinking:

13:37:49 F9558700 DirXML: Luminis EV: Filtered by class or attribute
13:37:49 F9558700 DirXML: Luminis EV: Writing data to cache:
13:37:49 F9558700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
13:37:49 F9558700 DirXML: Luminis EV: Entry ID: 0x35876, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
13:37:49 F9558700 DirXML: Luminis EV: Wrote 96 bytes to cache 357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Elapsed time: 0.015 milliseconds
13:37:49 F9558700 DirXML: Luminis EV: Committing 96 bytes to cache 357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Committed 96 bytes to cache 357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Elapsed time: 0.316 milliseconds
13:37:49 F5DE1700 DirXML: Luminis EV: Read 96 bytes from cache 357460.TAO
13:37:49 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.010 milliseconds
13:37:49 F5DE1700 Drvrs: Luminis ST:Start transaction.
13:37:49 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219254) dn(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
13:37:49 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:37:49 F5DE1700 Drvrs: Luminis ST:CN =
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
13:37:49 F5DE1700 Drvrs: Luminis ST:Performing operation query for \IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019691, tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST:Driver object has insufficient rights to read \IDV\lp5\cp\People\testuser#CN.
13:37:49 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST:Read result:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
<attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Synthetic add:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object matching policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-Scoping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-DefaultMatching.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by UID'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by UID'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-if().
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing else actions.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Pumping XDS to eDirectory.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing operation query for \IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019691, tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
</instance>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text(",")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=,o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
13:37:49 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: No matches found.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by CN'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by CN'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-if().
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing else actions.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("cn=")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text(",")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "cn=,o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
10/15/2018
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
13:37:49 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: No matches found.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match everything else'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name not-equal "User") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:No match found.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object creation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-cp-DefaultCreate.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:37:49 F5DE1700 Drvrs: Luminis ST:CN =
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object placement policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-pp-DefaultPlacement.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Subscriber Placement Rule'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Submitting add to subscriber shim.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying command transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-TransformDistPwd.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block empty modify operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-CheckPwdGCV.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to passwords when objects are added'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to password modifications'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-AddPwdPayload.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add operation-data element to password subscribe operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to a reset password from a failed password publish operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to password subscribe operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
13:37:49 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying output transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' equal "TRUE") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson" event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPSub.performAddOperation() No destination DN because a placement rule did not match.
13:37:49 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying input transformation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST:Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST:Processing returned document.
13:37:49 F5DE1700 Drvrs: Luminis ST:End transaction.
13:37:49 F5DE1700 DirXML: Luminis EV: Physically purged 96 bytes from cache 357460.TAO
13:37:49 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.922 milliseconds
0 Likes
Highlighted
Absent Member.
Absent Member.

bobbintb <bobbintb@no-mx.forums.microfocus.com> wrote:
>

Yes, of course. Don't know what I was thinking:


Code:
--------------------
13:37:49 F9558700 DirXML: Luminis EV: Filtered by class or attribute
13:37:49 F9558700 DirXML: Luminis EV: Writing data to cache:
13:37:49 F9558700 DirXML: Luminis EV: Event:
type(RESYNC_ENTRY)timestamp(0#0)object(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
13:37:49 F9558700 DirXML: Luminis EV: Entry ID: 0x35876, Verb: 0,
Entry flags: 0x0001, Obituary flags: 0x0000
13:37:49 F9558700 DirXML: Luminis EV: Wrote 96 bytes to cache 357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Elapsed time: 0.015 milliseconds
13:37:49 F9558700 DirXML: Luminis EV: Committing 96 bytes to cache
357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Committed 96 bytes to cache
357460.TAO
13:37:49 F9558700 DirXML: Luminis EV: Elapsed time: 0.316 milliseconds
13:37:49 F5DE1700 DirXML: Luminis EV: Read 96 bytes from cache 357460.TAO
13:37:49 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.010 milliseconds
13:37:49 F5DE1700 Drvrs: Luminis ST:Start transaction.
13:37:49 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219254)
dn(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1)
class-name(null)
13:37:49 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying event transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN =
"+token-op-attr("CN")).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-string("CN =
"+token-op-attr("CN"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:37:49 F5DE1700 Drvrs: Luminis ST:CN =
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for
\IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from
\IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser"
dest-entry-id="219254" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
13:37:49 F5DE1700 Drvrs: Luminis ST:Performing operation query for
\IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST:--JCLNT--
\IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context =
1162019691, tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST:Driver object has insufficient rights
to read \IDV\lp5\cp\People\testuser#CN.
13:37:49 F5DE1700 Drvrs: Luminis ST:--JCLNT--
\IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext
= 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST:Read result:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
<attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Synthetic add:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object matching policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-sub-mp-Scoping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'remember relative position in hierarchy'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree
"isu\data\users") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-sub-mp-DefaultMatching.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'match Users by UID'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by UID'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-if().
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.subPlacementType' equal "flat") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing else actions.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action:
do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
13:37:49 F5DE1700 Drvrs: Luminis ST:
arg-node-set(token-entitlement("Account"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser"
dest-entry-id="219254" scope="entry">
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Pumping XDS to eDirectory.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing operation query for
\IDV\lp5\cp\People\testuser.
13:37:49 F5DE1700 Drvrs: Luminis ST: --JCLNT--
\IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context =
1162019691, tempContext = 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST: --JCLNT--
\IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext
= 1162019747
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
</instance>
<status level="success"></status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action:
do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
13:37:49 F5DE1700 Drvrs: Luminis ST:
arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-op-property("unmatched-src-dn")
13:37:49 F5DE1700 Drvrs: Luminis
ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text(",")
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-global-variable("driver.ldap.base.container")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=,o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to
output.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to
'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to
'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying output transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber
shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection -
Connect to the server
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Host name:
florence01.isos.isu.edu
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation()
res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
13:37:49 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying input transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to
input.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: No matches found.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'match Users by CN'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by CN'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-if().
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.subPlacementType' equal "flat") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Performing else actions.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action:
do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
13:37:49 F5DE1700 Drvrs: Luminis ST:
arg-node-set(token-entitlement("Account"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action:
do-find-matching-object(scope="entry",arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
13:37:49 F5DE1700 Drvrs: Luminis ST:
arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("cn=")
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-substring(start="3",token-op-property("unmatched-src-dn"))
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-op-property("unmatched-src-dn")
13:37:49 F5DE1700 Drvrs: Luminis
ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text(",")
13:37:49 F5DE1700 Drvrs: Luminis ST:
token-global-variable("driver.ldap.base.container")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "cn=,o=lp5".
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to
output.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to
'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to
'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying output transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber
shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0"
scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection -
Connect to the server
10/15/2018
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Host name:
florence01.isos.isu.edu
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
13:37:49 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation()
res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
13:37:49 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying input transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to
input.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST: Query from policy result
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST: No matches found.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'match everything else'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-class-name not-equal "User") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:No match found.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object creation policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-sub-cp-DefaultCreate.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN =
"+token-op-attr("CN")).
13:37:49 F5DE1700 Drvrs: Luminis ST: arg-string("CN =
"+token-op-attr("CN"))
13:37:49 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
13:37:49 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
13:37:49 F5DE1700 Drvrs: Luminis ST: Token Value: "".
13:37:49 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
13:37:49 F5DE1700 Drvrs: Luminis ST:CN =
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying object placement policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-sub-pp-DefaultPlacement.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Subscriber Placement Rule'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree
"isu\data\users") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Submitting add to subscriber shim.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying command transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLPWDSYNC-sub-ctp-TransformDistPwd.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Convert adds of the nspmDistributionPassword attribute to password
elements'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr
'nspmDistributionPassword' available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Block modifies for failed password publish operations if reset
password is false'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'reset-external-password-on-failure' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Convert modifies of a nspmDistributionPassword attribute to a modify
password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Block empty modify operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLPWDSYNC-sub-ctp-CheckPwdGCV.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Block subscribing to passwords when objects are added'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Block subscribing to password modifications'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLPWDSYNC-sub-ctp-AddPwdPayload.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Add operation-data element to password subscribe operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal
"modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Add payload data to a reset password from a failed password publish
operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal
"modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Add payload data to password subscribe operations'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal
"modify-password") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only
attributes.
13:37:49 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to
output.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="User"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to
'givenname'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail
Address' to 'mail'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to
'uid'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to
'inetOrgPerson'.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying output transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'Send e-mail for a failed publish password operation'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPASTS-otp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime'
equal "TRUE") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Disable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on add'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime'
available) = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'openLDAP - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") =
FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'iPlanet - Enable account on modify'.
13:37:49 F5DE1700 Drvrs: Luminis ST: (if-global-variable
'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule rejected.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber
shim:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015193749.583Z" class-name="inetOrgPerson"
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser"
src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71"
type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Luminis:
LDAPSub.performAddOperation() No destination DN because a placement rule
did not match.
13:37:49 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
level="error">No destination DN because a placement rule did not
match.</status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying input transformation
policies.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPASTS-itp-SetAccountStatus.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status
event-id="devserver#20181015193749#1#1:81100556-83e0-46f8-afe8-56051081e083"
level="error">No destination DN because a placement rule did not
match.</status>
</output>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
13:37:49 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for
rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Rule selected.
13:37:49 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
13:37:49 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to
input.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy:
NOVLLDAPDCFG-GroupMemberMapping.
13:37:49 F5DE1700 Drvrs: Luminis ST:Policy returned:
13:37:49 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis"
version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
13:37:49 F5DE1700 Drvrs: Luminis ST:Resolving association references.
13:37:49 F5DE1700 Drvrs: Luminis ST:Processing returned document.
13:37:49 F5DE1700 Drvrs: Luminis ST:End transaction.
13:37:49 F5DE1700 DirXML: Luminis EV: Physically purged 96 bytes from
cache 357460.TAO
13:37:49 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.922 milliseconds
--------------------


--
bobbintb
------------------------------------------------------------------------
bobbintb's Profile: https://forums.novell.com/member.php?userid=139970
View this thread: https://forums.novell.com/showthread.php?t=509705

>


Hi.

Check your security equals on the driver.

From the trace:
Driver object has insufficient rights

--
Best regards
Marcus
0 Likes
Highlighted
Absent Member.
Absent Member.

Ah, ok. Well, I set the security equivalencies and that fixed part of the issue. It now correctly shows the CN but it still vetoes on the nspmDistributionPassword rule. That attribute is set to synchronize on the subscriber channel on the filter. I disabled the rule temporarily but the user still never gets created. I am still seeing "No destination DN because a placement rule did not match".

Here is a new trace:
10/15/2018 
14:42:39 2457C700 DirXML: Luminis EV: Filtered by class or attribute
14:42:39 2457C700 DirXML: Luminis EV: Writing data to cache:
14:42:39 2457C700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
14:42:39 2457C700 DirXML: Luminis EV: Entry ID: 0x35876, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
14:42:39 2457C700 DirXML: Luminis EV: Wrote 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Elapsed time: 0.035 milliseconds
14:42:39 2457C700 DirXML: Luminis EV: Committing 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Committed 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Elapsed time: 0.355 milliseconds
14:42:39 F5DE1700 DirXML: Luminis EV: Read 96 bytes from cache 357460.TAO
14:42:39 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.010 milliseconds
14:42:39 F5DE1700 Drvrs: Luminis ST:Start transaction.
14:42:39 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219254) dn(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
14:42:39 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
14:42:39 F5DE1700 Drvrs: Luminis ST:CN =
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
14:42:39 F5DE1700 Drvrs: Luminis ST:Performing operation query for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019744, tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST:Read result:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
<attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Synthetic add:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object matching policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-Scoping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-DefaultMatching.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by UID'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by UID'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-if().
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing else actions.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Pumping XDS to eDirectory.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing operation query for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019744, tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
</instance>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text(",")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=,o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
14:42:39 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: No matches found.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by CN'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by CN'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-if().
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing else actions.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("cn=")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text(",")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "cn=,o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
10/15/2018
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
14:42:39 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: No matches found.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match everything else'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name not-equal "User") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:No match found.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object creation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-cp-DefaultCreate.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "Test User".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = Test User".
14:42:39 F5DE1700 Drvrs: Luminis ST:CN = Test User
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'User Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'User Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("CN").
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("Surname").
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Organizational Unit Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "Organizational Unit") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object placement policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-pp-DefaultPlacement.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Subscriber Placement Rule'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Submitting add to subscriber shim.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying command transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-TransformDistPwd.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block empty modify operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-CheckPwdGCV.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to passwords when objects are added'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to password modifications'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-AddPwdPayload.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add operation-data element to password subscribe operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to a reset password from a failed password publish operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to password subscribe operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
14:42:39 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'CN' to 'cn'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' equal "TRUE") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPSub.performAddOperation() No destination DN because a placement rule did not match.
14:42:39 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST:Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST:Processing returned document.
14:42:39 F5DE1700 Drvrs: Luminis ST:End transaction.
14:42:39 F5DE1700 DirXML: Luminis EV: Physically purged 96 bytes from cache 357460.TAO
14:42:39 F5DE1700 DirXML: Luminis EV: Elapsed time: 1.372 milliseconds
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

bobbintb;2488914 wrote:
Ah, ok. Well, I set the security equivalencies and that fixed part of the issue. It now correctly shows the CN but it still vetoes on the nspmDistributionPassword rule. That attribute is set to synchronize on the subscriber channel on the filter. I disabled the rule temporarily but the user still never gets created. I am still seeing "No destination DN because a placement rule did not match".

Here is a new trace:
10/15/2018 
14:42:39 2457C700 DirXML: Luminis EV: Filtered by class or attribute
14:42:39 2457C700 DirXML: Luminis EV: Writing data to cache:
14:42:39 2457C700 DirXML: Luminis EV: Event: type(RESYNC_ENTRY)timestamp(0#0)object(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser:User)
14:42:39 2457C700 DirXML: Luminis EV: Entry ID: 0x35876, Verb: 0, Entry flags: 0x0001, Obituary flags: 0x0000
14:42:39 2457C700 DirXML: Luminis EV: Wrote 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Elapsed time: 0.035 milliseconds
14:42:39 2457C700 DirXML: Luminis EV: Committing 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Committed 96 bytes to cache 357460.TAO
14:42:39 2457C700 DirXML: Luminis EV: Elapsed time: 0.355 milliseconds
14:42:39 F5DE1700 DirXML: Luminis EV: Read 96 bytes from cache 357460.TAO
14:42:39 F5DE1700 DirXML: Luminis EV: Elapsed time: 0.010 milliseconds
14:42:39 F5DE1700 Drvrs: Luminis ST:Start transaction.
14:42:39 F5DE1700 Drvrs: Luminis ST:type(resync-entry)entry-id(219254) dn(\T=IDV\O=lp5\OU=cp\OU=People\uniqueID=testuser) class-id(-1) class-name(null)
14:42:39 F5DE1700 Drvrs: Luminis ST:Processing events for transaction.
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying event transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: test.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to sync #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = ".
14:42:39 F5DE1700 Drvrs: Luminis ST:CN =
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
</sync>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Subscriber processing sync for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:Reading relevant attributes from \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Pumping XDS to eDirectory.
14:42:39 F5DE1700 Drvrs: Luminis ST:Performing operation query for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019744, tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST:--JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST:Read result:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
<attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</attr>
<attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</attr>
<attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</attr>
<attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</attr>
<attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Synthetic add:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object matching policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-Scoping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-mp-DefaultMatching.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by UID'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by UID'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-if().
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing else actions.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\IDV\lp5\cp\People\testuser" dest-entry-id="219254" scope="entry">
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Pumping XDS to eDirectory.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing operation query for \IDV\lp5\cp\People\testuser.
14:42:39 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Duplicating : context = 1162019744, tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST: --JCLNT-- \IDV\isu\services\ISU-VaultDriverSet\Luminis : Calling free on tempContext = 1162019757
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254">
<association state="manual"></association>
</instance>
<status level="success"></status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text(",")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=,o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="uid=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
14:42:39 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: No matches found.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match Users by CN'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'match Users by CN'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-if().
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating conditions.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.subPlacementType' equal "flat") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Performing else actions.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-implement-entitlement(arg-node-set(token-entitlement("Account"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-node-set(token-entitlement("Account"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-entitlement("Account")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-dn("cn="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("cn=")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "".
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text(",")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "cn=,o=lp5".
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to query #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" dest-dn="cn=,o=lp5" event-id="0" scope="entry">
<search-class class-name="inetOrgPerson"/>
<read-attr/>
</query>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: OpenLDAPConnection - Connect to the server
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Opening SSL connection
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Host name: florence01.isos.isu.edu
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Port: 636
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: DN: cn=Manager,o=lp5
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Protocol version=3
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: SDK version=4.6
10/15/2018
14:42:39 F5DE1700 Drvrs: Luminis ST: Luminis: Query.queryOperation() res.next() Error: LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid DN
LDAPException: Matched DN: .
Resetting connection.
14:42:39 F5DE1700 Drvrs: Luminis ST: SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="0" level="success"/>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST: Query from policy result
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST: No matches found.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'match everything else'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name not-equal "User") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:No match found.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object creation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-cp-DefaultCreate.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'output'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-trace-message("CN = "+token-op-attr("CN")).
14:42:39 F5DE1700 Drvrs: Luminis ST: arg-string("CN = "+token-op-attr("CN"))
14:42:39 F5DE1700 Drvrs: Luminis ST: token-text("CN = ")
14:42:39 F5DE1700 Drvrs: Luminis ST: token-op-attr("CN")
14:42:39 F5DE1700 Drvrs: Luminis ST: Token Value: "Test User".
14:42:39 F5DE1700 Drvrs: Luminis ST: Arg Value: "CN = Test User".
14:42:39 F5DE1700 Drvrs: Luminis ST:CN = Test User
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'User Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "User") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'User Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("CN").
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto-if-op-attr-not-available("Surname").
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Organizational Unit Required Attributes'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-class-name equal "Organizational Unit") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying object placement policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-sub-pp-DefaultPlacement.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Subscriber Placement Rule'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-src-dn in-subtree "isu\data\users") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Submitting add to subscriber shim.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying command transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-TransformDistPwd.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block empty modify operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-CheckPwdGCV.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to passwords when objects are added'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Block subscribing to password modifications'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-sub-ctp-AddPwdPayload.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add operation-data element to password subscribe operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to a reset password from a failed password publish operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Add payload data to password subscribe operations'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-password available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify-password") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Filtering out notification-only attributes.
14:42:39 F5DE1700 Drvrs: Luminis ST:Fixing up association references.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to output.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="User" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="CN">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: No mapping for class-name 'User'.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'CN' to 'cn'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Given Name' to 'givenname'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'Surname' to 'sn'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping attr-name 'uniqueID' to 'uid'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Mapping class-name 'User' to 'inetOrgPerson'.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying output transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "status") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-otp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to add #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' equal "TRUE") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Disable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on add'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "add") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-op-attr 'pwdAccountLockedTime' available) = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'openLDAP - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "pwdAccountLockedTime") = TRUE.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-operation equal "modify") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'iPlanet - Enable account on modify'.
14:42:39 F5DE1700 Drvrs: Luminis ST: (if-global-variable 'drv.acctTrk.statusAttr' equal "nsaccountlock") = FALSE.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule rejected.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Submitting document to subscriber shim:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20181015204239.557Z" class-name="inetOrgPerson" event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" qualified-src-dn="O=lp5\OU=cp\OU=People\uniqueID=testuser" src-dn="\IDV\lp5\cp\People\testuser" src-entry-id="219254" timestamp="0#0">
<add-attr attr-name="cn">
<value timestamp="1472763230#46" type="string">Test User</value>
</add-attr>
<add-attr attr-name="givenname">
<value timestamp="1482333216#11" type="string">Test</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1472763230#52" type="string">testuser</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1472763230#55" type="string">User</value>
</add-attr>
<add-attr attr-name="uid">
<value naming="true" timestamp="1472763230#71" type="string">testuser</value>
</add-attr>
</add>
</input>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Luminis: LDAPSub.performAddOperation() No destination DN because a placement rule did not match.
14:42:39 F5DE1700 Drvrs: Luminis ST:SubscriptionShim.execute() returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying input transformation policies.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-itp-SetAccountStatus.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="devserver#20181015204239#1#1:f0cf05d7-f327-4bb5-b614-d705cff027f3" level="error">No destination DN because a placement rule did not match.</status>
</output>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: veto all.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying to status #1.
14:42:39 F5DE1700 Drvrs: Luminis ST: Evaluating selection criteria for rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Rule selected.
14:42:39 F5DE1700 Drvrs: Luminis ST: Applying rule 'veto all'.
14:42:39 F5DE1700 Drvrs: Luminis ST: Action: do-veto().
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying schema mapping policies to input.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-GroupMemberMapping.
14:42:39 F5DE1700 Drvrs: Luminis ST:Policy returned:
14:42:39 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170208_0947" instance="Luminis" version="4.0.1.0">Identity Manager Driver for LDAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output/>
</nds>
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPASTS-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST:Applying policy: NOVLLDAPDCFG-smp.
14:42:39 F5DE1700 Drvrs: Luminis ST:Resolving association references.
14:42:39 F5DE1700 Drvrs: Luminis ST:Processing returned document.
14:42:39 F5DE1700 Drvrs: Luminis ST:End transaction.
14:42:39 F5DE1700 DirXML: Luminis EV: Physically purged 96 bytes from cache 357460.TAO
14:42:39 F5DE1700 DirXML: Luminis EV: Elapsed time: 1.372 milliseconds



Your test user does not seem to have a universal password.

There's a query for the object, including nspmDistributionPassword. The returned data from eDirectory does not include the password that should be there.

Then things go sideways in the matching rule, but that's probably a result of whatever it was that you disabled. It's trying to parse data that isn't there, which then fails. Go enable it again.
0 Likes
Highlighted
Absent Member.
Absent Member.

I disabled it because it was failing. The default policy was set to veto if there was no nspmDistributionPassword. I figured I'd tackle that issue later and just try to get a user in so I disabled that policy. Now it is not placing the user because it's not meeting the if statement in the default placement policy for some reason. Basically, I'm trying to sync just one O under the root of the tree.
0 Likes
Highlighted
Absent Member.
Absent Member.

It looks like the default policy is not constructing the DN properly. It is returning ",o=lp5" because the token property "unmatched-src-dn" has no value. I don't know how to fix this.
0 Likes
Highlighted
Absent Member.
Absent Member.

Ok, the default policies seem to be pulling some GCVs from the driver set for eDirectory that are incorrect so it was not setting that value properly I fixed that part but now have something that looks strange that might not be user error:

16:41:18 F5DE1700 Drvrs: Luminis ST: Token Value: {}.
16:41:18 F5DE1700 Drvrs: Luminis ST: Arg Value: {}.
16:41:18 F5DE1700 Drvrs: Luminis ST: Action: do-find-matching-object(scope="entry",arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))).
16:41:18 F5DE1700 Drvrs: Luminis ST: arg-dn("uid="+token-substring(start="3",token-op-property("unmatched-src-dn"))+","+token-global-variable("driver.ldap.base.container"))
16:41:18 F5DE1700 Drvrs: Luminis ST: token-text("uid=")
16:41:18 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
16:41:18 F5DE1700 Drvrs: Luminis ST: token-substring(start="3",token-op-property("unmatched-src-dn"))
16:41:18 F5DE1700 Drvrs: Luminis ST: token-op-property("unmatched-src-dn")
16:41:18 F5DE1700 Drvrs: Luminis ST: Token Value: "uniqueID=testuser,OU=People,OU=cp".
16:41:18 F5DE1700 Drvrs: Luminis ST: Arg Value: "uniqueID=testuser,OU=People,OU=cp".
16:41:18 F5DE1700 Drvrs: Luminis ST: Token Value: "queID=testuser,OU=People,OU=cp".
16:41:18 F5DE1700 Drvrs: Luminis ST: token-text(",")
16:41:18 F5DE1700 Drvrs: Luminis ST: token-global-variable("driver.ldap.base.container")
16:41:18 F5DE1700 Drvrs: Luminis ST: Token Value: "o=lp5".
16:41:18 F5DE1700 Drvrs: Luminis ST: Arg Value: "uid=queID=testuser,OU=People,OU=cp,o=lp5".
16:41:18 F5DE1700 Drvrs: Luminis ST: Query from policy
16:41:18 F5DE1700 Drvrs: Luminis ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="uid=queID=testuser,OU=People,OU=cp,o=lp5" scope="entry">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>


For some reason "uniqueID=testuser,OU=People,OU=cp" gets turned into "uid=queID=testuser,OU=People,OU=cp,o=lp5". Any idea why? I know the schema maps uniqueID in eDir to uid in openLDAP but there seems to some weird issue with doing so.
0 Likes
Highlighted
Absent Member.
Absent Member.

I meant "uniqueID=testuser,OU=People,OU=cp" gets turned into "uid=queID=testuser,OU=People,OU=cp".
0 Likes
Highlighted
Absent Member.
Absent Member.

On second thought, since the original issue is resolved, perhaps I should start a new thread.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.