ccikara Absent Member.
Absent Member.
577 views

PWNotify Driver


Hi all,

I am getting LDAP connection errors on the PWNotify driver.
TRACE: 'PWNotify.txt - 4shared.com - document sharing - download'
(http://www.4shared.com/document/dhEopSD1/PWNotify.html)

I have configured my LDAP server as ldaps://ldap1.company.ac.za:636,
then the CN of the user that can connect to that LDAP server, this is an
admin user BTW, and I have given the password for the user.
I have left the TLS keystore blank as I want to use the IDM engine
keystore as eDir is using the default CA...

I tested the connection parameters in Apache Directory studio and
everything works fine with the connect, although I do need to accept a
certificate...

BUT I keep getting:

<nds dtdversion="4.0">
<source>
<product instance="PWNotify" version="4.0.1.1">DirXML Loopback
Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="success" type="notification">Password Expiration
Notification<br/>
<LastRunTime>1970-01-01 00:00:00</LastRunTime>
<ThisRunTime>2011-11-25 15:25:06</ThisRunTime>
<Notification1>
<From>2011-11-29 15:25:06</From>
<To..>2011-12-10 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification1>
<Notification2>
<From>2011-11-27 15:25:06</From>
<To..>2011-11-29 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification2>
<Notification3>
<From>2011-11-25 15:25:06</From>
<To..>2011-11-27 15:25:06</To..>
<status level="error">JavaException: com.novell.ldap.LDAPException:
Connect Error</status>
</Notification3>
</status>
</input>
</nds>


This should be simple correct?
Thanks in advance


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=448721

Labels (1)
0 Likes
4 Replies
ccikara Absent Member.
Absent Member.

Re: PWNotify Driver


P.S.
I do not seem to get any connection errors when it comes to the Grace
Login Remaining section of the driver...

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.1.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20111125133958.398Z" class-name="User"
event-id="UKZNID#20111125133958#4#1:3fc28a59-d8d9-4f4b-9cbb-598ac23fd9d8"
qualified-src-dn="O=UDW\OU=STU\CN=210532222"
src-dn="\UN\UDW\STU\210532222" src-entry-id="41864"
timestamp="1322228396#9">
<modify-attr attr-name="Login Grace Remaining">
<remove-all-values/>
<add-value>
<value type="counter">8</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=448721

0 Likes
Knowledge Partner
Knowledge Partner

Re: PWNotify Driver

On 11/25/2011 8:46 AM, ccikara wrote:
>
> Hi all,
>
> I am getting LDAP connection errors on the PWNotify driver.
> TRACE: 'PWNotify.txt - 4shared.com - document sharing - download'
> (http://www.4shared.com/document/dhEopSD1/PWNotify.html)



So I ran through this with a client, and threw my hands up. Aaron at
NTS figured it out!

Do you have the UserApp driver installed on this engine server?

It turns out the xcd-all.jar file (part of the User App driver) includes
the LDAP classes that the ECMA function calls. Normally they are
provided by the ldap.jar file as part of the LDAP driver. But the
versions provided in the xcd-all.jar do not work with the ECMA version.

There is a bug with details, but basically if this engine server is NOT
running the User App driver, you can delete the file. IDM 4 and higher
will have the LDAP classes removed from the JAR file to avoid the
conflict in the future.

I cannot find the bug # right now. Aaron might be able to provide it.


> I have configured my LDAP server as ldaps://ldap1.company.ac.za:636,
> then the CN of the user that can connect to that LDAP server, this is an
> admin user BTW, and I have given the password for the user.
> I have left the TLS keystore blank as I want to use the IDM engine
> keystore as eDir is using the default CA...
>
> I tested the connection parameters in Apache Directory studio and
> everything works fine with the connect, although I do need to accept a
> certificate...
>
> BUT I keep getting:
>
> <nds dtdversion="4.0">
> <source>
> <product instance="PWNotify" version="4.0.1.1">DirXML Loopback
> Driver</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <status level="success" type="notification">Password Expiration
> Notification<br/>
> <LastRunTime>1970-01-01 00:00:00</LastRunTime>
> <ThisRunTime>2011-11-25 15:25:06</ThisRunTime>
> <Notification1>
> <From>2011-11-29 15:25:06</From>
> <To..>2011-12-10 15:25:06</To..>
> <status level="error">JavaException: com.novell.ldap.LDAPException:
> Connect Error</status>
> </Notification1>
> <Notification2>
> <From>2011-11-27 15:25:06</From>
> <To..>2011-11-29 15:25:06</To..>
> <status level="error">JavaException: com.novell.ldap.LDAPException:
> Connect Error</status>
> </Notification2>
> <Notification3>
> <From>2011-11-25 15:25:06</From>
> <To..>2011-11-27 15:25:06</To..>
> <status level="error">JavaException: com.novell.ldap.LDAPException:
> Connect Error</status>
> </Notification3>
> </status>
> </input>
> </nds>
>
>
> This should be simple correct?
> Thanks in advance
>
>


0 Likes
ccikara Absent Member.
Absent Member.

Re: PWNotify Driver


Thanks for the reply!!!

The UserApp is installed on the same engine server...
But I am using IDM 4.0.1 SE...

You said this bug would be solved with IDM 4 by removing the classes
from the Jar file correct? Does that mean it should work on IDM 4?

Any suggestions on what else I can do?
I tried the Password Expiration Notification job that "comes" with IDM,
but I seem to keep getting different results, one implementation it
works and another it doesn't...

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=448721

0 Likes
Knowledge Partner
Knowledge Partner

Re: PWNotify Driver

On 11/25/2011 9:46 AM, ccikara wrote:
>
> Thanks for the reply!!!
>
> The UserApp is installed on the same engine server...
> But I am using IDM 4.0.1 SE...
>
> You said this bug would be solved with IDM 4 by removing the classes
> from the Jar file correct? Does that mean it should work on IDM 4?


So the class called by the ECMA version is available in two JAR files.
One is working, one is broken. Alas, it seems to load the broken one
first.

https://bugzilla.novell.com/show_bug.cgi?id=663378

So if I read that right, there are two issues. One, make the classes
the same and it sort of goes away. This is supposed to be fixed in IDM4
SP1. The other approach is leave them just in ldap.jar and remove them
from xcd-all.jar and it is hard to tell what patch level that is fixed in.

Regardless, it looks like this should work fine in IDM 4.01 in which
case, you might need an incident with Novell to figure out what is going
wrong in this case. Or else it could just be a bad file copy? Or of
course, something else totally unrelated.


> Any suggestions on what else I can do?
> I tried the Password Expiration Notification job that "comes" with IDM,
> but I seem to keep getting different results, one implementation it
> works and another it doesn't...


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.