Anonymous_User Absent Member.
Absent Member.
411 views

Restoring uaadmin provAdmin role

The symptoms and the fix:

We struggled for 2 days on why User Application wouldn't restore the provisioning admin and other default roles, even with the xmldata reset trick.

Error message in Role and Resource Service Driver logs:

Code:
--------------------
[04/03/14 13:55:43.841]:Role and Resource Service Driver ST:
DirXML Log Event -------------------
Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
Channel: Subscriber
Status: Success
Message: Transitioned request status from 0 to 30
DN: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20140403135543-7477dda454f243779bbee19512c1dfa2-0
[04/03/14 13:55:43.847]:Role and Resource Service Driver ST:Processing operation <status> for .
[04/03/14 13:55:43.849]:Role and Resource Service Driver ST:
DirXML Log Event -------------------
Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
Channel: Subscriber
Status: Error
Message: Unable to add assigned role to identity
Role: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level20\CN=System\CN=provAdmin
Identity: O=CSC\OU=Users\CN=uaadmin
Reason: novell.jclient.JCException: openStream -602 ERR_NO_SUCH_VALUE
[04/03/14 13:55:43.869]:Role and Resource Service Driver ST:Processing operation <status> for .
[04/03/14 13:55:43.872]:Role and Resource Service Driver ST:
DirXML Log Event -------------------
Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
Channel: Subscriber
Status: Success
Message: Transitioned request status from 30 to 80
DN: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20140403135543-7477dda454f243779bbee19512c1dfa2-0

--------------------

Used these instructions for the reset:
https://www.netiq.com/communities/cool-solutions/user-app-roles-failing-apply-administrators/

The clues finally emerged from looking at ndstrace logs and numerous retries at the reset.

Solution: Delete the attribute DirXML-EntitlementRef from uaadmin object.

-Joni / CSC
Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Restoring uaadmin provAdmin role

On 04/03/2014 09:16 AM, Joni Nevalainen wrote:
> The symptoms and the fix:
>
> We struggled for 2 days on why User Application wouldn't restore the provisioning admin and other default roles, even with the xmldata reset trick.
>
> Error message in Role and Resource Service Driver logs:
>
> Code:
> --------------------
> [04/03/14 13:55:43.841]:Role and Resource Service Driver ST:
> DirXML Log Event -------------------
> Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
> Channel: Subscriber
> Status: Success
> Message: Transitioned request status from 0 to 30
> DN: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20140403135543-7477dda454f243779bbee19512c1dfa2-0
> [04/03/14 13:55:43.847]:Role and Resource Service Driver ST:Processing operation <status> for .
> [04/03/14 13:55:43.849]:Role and Resource Service Driver ST:
> DirXML Log Event -------------------
> Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
> Channel: Subscriber
> Status: Error
> Message: Unable to add assigned role to identity
> Role: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level20\CN=System\CN=provAdmin
> Identity: O=CSC\OU=Users\CN=uaadmin
> Reason: novell.jclient.JCException: openStream -602 ERR_NO_SUCH_VALUE
> [04/03/14 13:55:43.869]:Role and Resource Service Driver ST:Processing operation <status> for .
> [04/03/14 13:55:43.872]:Role and Resource Service Driver ST:
> DirXML Log Event -------------------
> Driver: \CSCTEST\system\driverset1\Role and Resource Service Driver
> Channel: Subscriber
> Status: Success
> Message: Transitioned request status from 30 to 80
> DN: O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20140403135543-7477dda454f243779bbee19512c1dfa2-0
>
> --------------------
>
> Used these instructions for the reset:
> https://www.netiq.com/communities/cool-solutions/user-app-roles-failing-apply-administrators/
>
> The clues finally emerged from looking at ndstrace logs and numerous retries at the reset.
>
> Solution: Delete the attribute DirXML-EntitlementRef from uaadmin object.
>
> -Joni / CSC
>

Greetings,
You can not have any Resources and Entitlements mapped to our
default "Administrator" Roles. If you have done this, then you need to
remove them asap. This is completely unsupported.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Knowledge Partner
Knowledge Partner

Re: Restoring uaadmin provAdmin role

> Greetings,
> You can not have any Resources and Entitlements mapped to our
> default "Administrator" Roles. If you have done this, then you need to
> remove them asap. This is completely unsupported.


What level are the system roles? (I forget offhand). Would it be
supported to build a Role that includes the system roles as child roles?


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Restoring uaadmin provAdmin role

Geoffrey Carman wrote:

> What level are the system roles? (I forget offhand).


Aren't they level 20?

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Restoring uaadmin provAdmin role

On 4/3/2014 10:46 AM, Alex McHugh wrote:
> Geoffrey Carman wrote:
>
>> What level are the system roles? (I forget offhand).

>
> Aren't they level 20?


One could argue they ought to be Level 10 since they grant specific
permissions, but who ever thinks of them that way? 🙂



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.