Anonymous_User Absent Member.
Absent Member.
127 views

RMA: An error occurred while loading authorizations


Hi,

Trying to load authorizations for notesAccount2 on a Lotus Notes driver
from RMA (Role Mapping Administrator) it fails with the error:
"An error occurred while loading authorizations"

Looking at the idmmap.log on Tomcat, we see the error:

Thread-275 2014-06-03 12:46:57,598 ERROR
[com.novell.rolemap.server.impl.ldap.util.IdmQuery:processQueryResponse]
Error querying application roles for entitlement:
CN=notesAccount2,CN=DrvNotes,CN=driverset1,O=system:DrvNotes
Thread-275 2014-06-03 12:46:57,599 ERROR
[com.novell.rolemap.server.impl.ldap.util.IdmQuery:processQueryResponse]
Failed to parse query result: null
java.lang.IllegalArgumentException
at
com.novell.rolemap.server.impl.db.persist.HibernateDAO.substituteQuery(HibernateDAO.java:208)
at
com.novell.rolemap.server.impl.db.persist.HibernateDAO.queryUnique(HibernateDAO.java:238)
at
com.novell.rolemap.server.impl.db.persist.QueryResultDAO.getQueryResultNoLabels(QueryResultDAO.java:138)
at
com.novell.rolemap.server.impl.ldap.util.IdmQuery.processQueryResponse(IdmQuery.java:566)
at
com.novell.rolemap.server.impl.ldap.util.IdmQuery.submit(IdmQuery.java:262)
at
com.novell.rolemap.server.impl.ldap.util.IdmLogicalSystem.submitQueries(IdmLogicalSystem.java:157)
at
com.novell.rolemap.server.impl.ldap.util.IdmEntitlement.submitQueries(IdmEntitlement.java:659)
at
com.novell.rolemap.server.impl.ldap.util.EntitlementUtil.loadQueryResultsForLogicalSystem(EntitlementUtil.java:421)
at
com.novell.rolemap.server.impl.service.ConfigurationManager$LoadThread.run(ConfigurationManager.java:1347)


So I suspect the problem is with a malformed query result from the
driver.

The following is an abstract from the Lotus Notes Driver trace:

INJECTED DOCUMENT:
<nds dtdversion="2.0">
<input>
<query class-name="NotesSystem" scope="subtree">
<search-class class-name="NotesSystem"/>
<read-attr attr-name="NotesSystemDescription"/>
<read-attr attr-name="NotesSystemDisplayName"/>
<read-attr attr-name="NotesSystemValue"/>
<operation-data>
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</query>
</input>
</nds>


AFTER EXCUTING THE NOVLNOTEENT-OTP-ENTITLEMENTSIMPL POLICY, THE RESULT
IS (I DON'T LIKE THE 5 BLANK LINES BEFORE \"SEARCH-CLASS\"):

<nds dtdversion="2.0">
<input>
<query event-id="query-driver-ident" scope="entry">





<search-class class-name="__driver_identification_class__"/>
<read-attr/>
<operation-data UserAccountEntitlementQuery="">
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</query>
</input>
</nds>


AND FINALLY, WHAT I SUSPECT IS THE RESULTING DOCUMENT SENT TO RMA IS:

<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20120601_170505" instance="DrvNotes"
version="3.5.9">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="__driver_identification_class__"
event-id="query-driver-ident">
<attr attr-name="driver-id">
<value type="string">NOTES</value>
</attr>
<attr attr-name="driver-version">
<value type="string">3.5.9</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">4</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
<operation-data UserAccountEntitlementQuery="">
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</instance>
<instance class-name="NotesSystem" src-dn="">
<attr attr-name="NotesSystemDisplayName">
<value>Account for Notes System</value>
</attr>
<attr attr-name="NotesSystemDescription">
<value>User account in Notes System.</value>
</attr>
<attr attr-name="NotesSystemValue">
<value>Notes System</value>
</attr>
</instance>
</output>
</nds>


I'm almost sure we have not changed anything from the default Lotus
Notes driver entitlements packages.

Does anyone have any idea or see if is there something missing?

Regards
Jose Luis


--
jlrodriguez
------------------------------------------------------------------------
jlrodriguez's Profile: https://forums.netiq.com/member.php?userid=359
View this thread: https://forums.netiq.com/showthread.php?t=51008

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: RMA: An error occurred while loading authorizations

jlrodriguez,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.