Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
tschloesser Super Contributor.
Super Contributor.
251 views

Permission Onbarding Job not working


Hi,

during testing we found that for some reason the automatc creation of
ressources is not working with the Permission OnboardingJob.

We simply were experimenting on this feature on a standard AD driver
with the default NEtIQ packages.

Further digging into the problem we found in the level 3 log of the job,
that the job claims not to be able to read the permission mapping object
with error 672!

After hat we checked the edir rights of either the uaadmin user and the
job, and found that eDirectory is reporting for either supervisor rights
to the whole tree!

The strange thing is that we see this issue in one environment where in
a similar environment (cloned virtual servers) it is working.

Any suggestion what to look at?

Thanks!


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55718

Labels (1)
0 Likes
1 Reply
tschloesser Super Contributor.
Super Contributor.

Re: Permission Onbarding Job not working


Hers the log data provieded for the job:
[04/14/16 02:23:22.748]:PermissionOnboarding JT:Worker thread for job
'\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding' starting.
[04/14/16 02:23:22.849]:PermissionOnboarding JT:Worker thread for job
'\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding' exiting.
[04/14/16 02:23:22.871]:PermissionOnboarding JT:Worker thread for job
'\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding' starting.
[04/14/16 02:23:22.871]:PermissionOnboarding JT:InitIDMJob: Executing
Permissing Onboarding Job
[04/14/16 02:23:22.873]:PermissionOnboarding JT:Received command
document from job.
[04/14/16 02:23:22.873]:PermissionOnboarding JT:
<nds dtdversion="2.0">
<input>
<query class-name="DirXML-Resource"
dest-dn="\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionEntMapping" scope="entry">
<search-class class-name="DirXML-Resource"/>
<read-attr attr-name="DirXML-Data"/>
<read-attr attr-name="cn"/>
<operation-data data-collection-query="true"/>
</query>
</input>
</nds>
[04/14/16 02:23:22.873]:PermissionOnboarding JT:Pumping XDS to
eDirectory.
[04/14/16 02:23:22.873]:PermissionOnboarding JT:Performing operation
query for \IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionEntMapping.
[04/14/16 02:23:22.874]:PermissionOnboarding JT:--JCLNT-- Job
\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding : Duplicating : context = 1495859491,
tempContext = 1495859456
[04/14/16 02:23:22.874]:PermissionOnboarding JT:--JCLNT-- Job
\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding : Calling free on tempContext = 1495859456
[04/14/16 02:23:22.875]:PermissionOnboarding JT:Result of job command:
[04/14/16 02:23:22.875]:PermissionOnboarding JT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="DirXML-Resource"
qualified-src-dn="O=system\CN=driverset1\CN=Custom Entitlement Service
Driver\CN=PermissionEntMapping"
src-dn="\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionEntMapping" src-entry-id="34053">
<operation-data data-collection-query="true"/>
<attr attr-name="DirXML-Data">
<value timestamp="1460618750#30" type="octet">.......</value>
</attr>
<attr attr-name="CN">
<value naming="true" timestamp="1421790838#251"
type="string">PermissionEntMapping</value>
</attr>
</instance>
<status level="success"><operation-data
data-collection-query="true"/>
</status>
</output>
</nds>
[04/14/16 02:23:22.878]:PermissionOnboarding JT:InitIDMJob: Failed to
evaluate XPath Node Expression. Exception: null
[04/14/16 02:23:22.878]:PermissionOnboarding JT:InitIDMJob: Unable to
read permission mapping object, No Access (-672)
[04/14/16 02:23:22.878]:PermissionOnboarding JT:
Job Final result -------------------
Job: \IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding
Status: Error
Message: Unable to read permission mapping object, No Access
(-672)
Code: -672
[04/14/16 02:23:22.879]:PermissionOnboarding JT:Worker thread for job
'\IDVAULT-TREE\system\driverset1\Custom Entitlement Service
Driver\PermissionOnboarding' exiting.


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55718

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.