Anonymous_User Absent Member.
Absent Member.
765 views

Sentinel Identity Tracking Driver


Hey All,

Having a look at Sentinel, and have configured several event sources,
all IDM and eDirectory to report into Sentinel. All good so far.

I'd like to install the Sentinel Identity Tracking Driver, and have done
so in a development environment. I have attempted to configure the
driver and upon start up see an error starting the following;

[07/30/14 15:06:34.561]:Sentinel Identity Tracking ST:SentinelSub:
execute
[07/30/14 15:06:34.562]:Sentinel Identity Tracking ST:SentinelSub: GET :
https://sentinelserver:8443/SentinelRESTServices/objects/schema
[07/30/14 15:06:34.600]:Sentinel Identity Tracking
ST:SubscriptionShim.execute() returned:
[07/30/14 15:06:34.600]:Sentinel Identity Tracking ST:
<nds dtdversion="2.0">
<source>
<product build="22" instance="Sentinel Identity Tracking"
version="2.0.0.0"/>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="query-driver-ident"
level="retry">com.netiq.idm.sentinel.shim.error.RetryConnectException:
Unable to connect to the Sentinel server: Connection error
The underlying error is
com.novell.sentinel.client.bean.BeanSerializationException:
com.novell.sentinel.json.java.JSONParserImpl$JSONParsePositionException:
Line 1, column 414: error from JSON handler: Invalid value name
'value-format' for object type 'attr-schema'

Is there any configuration required in IDM or Sentinel prior to starting
the driver? I've tried to find any steps or other that I have missed but
haven't had any luck as yet.


--
gbatty1
------------------------------------------------------------------------
gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=51435

Labels (1)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Sentinel 7?
IDM 4.0.2?

Patched with 'IDM 4.0.2 Sentinel Driver version 4.0.0.0'
(http://download.novell.com/protected/Summary.jsp?buildid=7SNQSpTZtKQ~)
and followed instructions about copy client libraries?


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


btw, you also aware that Sentinel IdT is licensed separately?

Just because a customer owns Sentinel 7 and IDM 4, doesn't mean they get
a connector that joins the two for free (can you sense the irritation in
my typing?)... I think its rediculous, but that's how it rolls...


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Brand new install of Sentinel 7.2, with IDM SE 4.0.2.

I've just created a new driver from Designer, and checked but have no
further package updates related to the driver...

Not so concerned about the licensing for the moment, as I'm more looking
at what the product and driver is capable of. Although it would have
been nice not to have to pay extra for the driver 🙂


--
gbatty1
------------------------------------------------------------------------
gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Knowledge Partner
Knowledge Partner

Re: Sentinel Identity Tracking Driver

On 7/30/2014 7:39 AM, gbatty1 wrote:
>
> Brand new install of Sentinel 7.2, with IDM SE 4.0.2.
>
> I've just created a new driver from Designer, and checked but have no
> further package updates related to the driver...
>
> Not so concerned about the licensing for the moment, as I'm more looking
> at what the product and driver is capable of. Although it would have
> been nice not to have to pay extra for the driver 🙂


The core here, is to transfer the contents of DirXML-Accounts to
Sentinel, for Identity Injection, via REST.

So sounds like the getSchema() function call is failing, based on your
error:

The underlying error is
com.novell.sentinel.client.bean.BeanSerializationException:
com.novell.sentinel.json.java.JSONParserImpl$JSONParsePositionException:
Line 1, column 414: error from JSON handler: Invalid value name
'value-format' for object type 'attr-schema'

So my guess is that with 7.2 they might have changed the REST interface?
Specifically what it returns as schema?

Looks like it is parsing wrong.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


[image: http://www.novell.com/common/img/hdr/nlogo.gif]
'This is Your Open EnterpriseTM'
(http://www.novell.com/company/brochure.html)
IDM 4.0.2 Sentinel Driver version 4.0.0.0
This document (*5161731*) -is provided subject to the disclaimer at
the end of this document.-
patches this patch supersedes This patch does
not supersede any other patches.
patches that supersede this patch This patch is
not superseded by any other patches.

patch attributes Security patch: No
Priority: Optional
Distribution Type: Field Test File
'http://download.novell.com/Download?buildid=7SNQSpTZtKQ~'
(http://download.novell.com/Download?buildid=7SNQSpTZtKQ%7E)
document Revision: 2
Document ID: 5161731
Creation Date: 2013-05-07 12:35:07
Modified Date: 2013-05-13 09:16:49
technical support This Field Test File is supported by Novell
Technical Services.

abstract Patch update for Novell Identity Manager 4.0 -
4.0.2 Sentinel Driver. The patch will take the Sentinel Driver to
version 4.0.0.0. You must have IDM 4.0.1 or later to use this patch.
This patch is not supported on IDM 3.x. or 4.0 systems.


details *Overview: *
Sentinel Driver patch for the Identity Manager versions 4.0.1 or
higher.
Driver version will be updated to 4.0.0.0.
*System Requirements: *
Novell Identity Manager 4.0.1, 4.02, and higher
*Installation: *
_Windows_with_IDM_Engine_Installed_
1. Stop all drivers.
2. Browse to the *<Extracted_Patch>\nt* patch folder.
3. Copy the following files from the patch to the
*(drive):\Novell\NDS\lib* directory:
*SentinelRESTShim.jar*
*sentinel-client-base.jar*
*sentinel-client-base-java.jar*
*sentinel-client-beans.jar*
4. Cycle eDirectory.
_Windows_with_Remote_Loader_Installed_
1. Stop Sentinel driver.
2. Stop Sentinel remote loader instance.
3. Browse to the *<Extracted_Patch>\nt* patch folder.
4. Copy the following files from the patch to the
*(drive):\Novell\NDS\lib* directory:
*SentinelRESTShim.jar*
*sentinel-client-base.jar*
*sentinel-client-base-java.jar*
*sentinel-client-beans.jar*
5. Start Sentinel remote loader instance.
6. Start Sentinel driver.
_Linux_
As root:
1. Stop all drivers.
2. Browse to the root of the extracte patch folder
3. Install the new rpm
*rpm -U (image-path)/netiq-DXMLsentinel-REST-4.0.0.0-7.noarch.rpm*
4. Cycle eDirectory
*Technical Support Information:*
Current Fixes:
- Obtain numeric Tenant ID from server when available. Bug 757079
- Updates the IDM shim for Sentinel to include necessary client .jar
files from Sentinel 7.1




file contents Compressed File Name:
IDM402_SENTINEL_4000.tar.gz


Files Included
Size
Date


IDM402_SENTINEL_4000/netiq-DXMLsentinel-REST-4.0.0.0-9.noarch.rpm
2.3 MB (2506820)
2013-05-20 10:58:29


IDM402_SENTINEL_4000/sentinel-shim-jars.zip
2.3 MB (2504154)
2013-05-20 10:59:06


IDM402_SENTINEL_4000/nt/SentinelRESTShim.jar
482.1 KB (493767)
2013-05-17 10:00:44


IDM402_SENTINEL_4000/nt/sentinel-client-base-java.jar
87.4 KB (89541)
2013-05-17 10:00:44


IDM402_SENTINEL_4000/nt/sentinel-client-base.jar
235.5 KB (241215)
2013-05-17 10:00:44


IDM402_SENTINEL_4000/nt/sentinel-client-beans.jar
1.8 MB (1921467)
2013-05-17 10:00:44


readme_5161731.html
N/A
2013-05-24 15:47:14


disclaimer The Origin of this information may be internal or
external to Novell. Novell makes all reasonable efforts to verify this
information. However, the information provided in this document is for
your information only. Novell makes no explicit or implied claims to the
validity of this information. Any trademarks referenced in this
document are the property of their respective owners. Consult your
product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

© 2007 Novell, Inc. All Rights Reserved.


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Knowledge Partner
Knowledge Partner

Re: Sentinel Identity Tracking Driver

> Current Fixes:
> - Obtain numeric Tenant ID from server when available. Bug 757079
> - Updates the IDM shim for Sentinel to include necessary client .jar
> files from Sentinel 7.1



That seems quite relevant...


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


As long as client libraries are updated with current version.... 7.2
release also renamed the client libraries with version number, so makes
it more fun making sure you only have 1 copy of the right ones.....


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Knowledge Partner
Knowledge Partner

Re: Sentinel Identity Tracking Driver

On 7/31/2014 12:57 AM, ScorpionSting wrote:
>
> As long as client libraries are updated with current version.... 7.2
> release also renamed the client libraries with version number, so makes
> it more fun making sure you only have 1 copy of the right ones.....


But in Java, file name is almost irrelevant. Did they version the class
names as well?



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Thanks guys,

The patch seems to have resolved the error which is great.

The comments regarding the DirXML-Accounts has thrown me a little and
I'm unfamiliar with this attribute. We have the attribute, but no users
have this attribute on their user objects.

Do we need policy to write this attribute / value? Should it be already
set?


--
gbatty1
------------------------------------------------------------------------
gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Each driver template has policies for "Account Tracking" which is
controlled via driver GCVs...

When Account Tracking is configured and turned on, the driver will write
the DirXML-Accounts attributes relating to its connected system. The
Sentinel IdT driver then copies that data into "Accounts" which are
attached to the "Identity" in Sentinel...


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Thanks again.

On an AD, eDir etc driver, I don't see any GCV setup for Account
Tracking. What I'm reading suggests it should already be there.

I'm obviously missed some prerequisite step..


--
gbatty1
------------------------------------------------------------------------
gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Identity Tracking Driver


Sounds like you might have had an old driver that has migrated through
versions and not had the template reapplied.....

Using Designer, just dump a template for your driver (AD, eDir, etc) and
you'll see that there is a section in the GCV....
Then there are the policies that action the GCV....these are linked from
the library, but are prefixed with lib-AccountTracking-xxxx and are
included in the Input, Output, and Publisher Command...

Be careful though, eDir uses V1 libraries, but AD uses V2....


Code:
--------------------
<linkage-item dn="lib-AccountTracking-Publish-itp-V1.Lib-Policy.IDM.admin" order="0" policy-set="1" policy-set-name="Input"/>
<linkage-item dn="lib-AccountTracking-WriteAccounts-itp-V1.Lib-Policy.IDM.admin" order="1" policy-set="1" policy-set-name="Input"/>
<linkage-item dn="lib-AccountTracking-Subscribe-otp-V1.Lib-Policy.IDM.admin" order="1" policy-set="2" policy-set-name="Output"/>
<linkage-item dn="lib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1.Lib-Policy.IDM.admin" order="5" policy-set="11" policy-set-name="Publisher Command"/>
--------------------


Versus:


Code:
--------------------
<linkage-item dn="lib-AccountTracking-Publish-itp-V2.Lib-Policy.IDM.admin" order="1" policy-set="1" policy-set-name="Input"/>
<linkage-item dn="lib-AccountTracking-WriteAccounts-itp-V2.Lib-Policy.IDM.admin" order="2" policy-set="1" policy-set-name="Input"/>
<linkage-item dn="lib-AccountTracking-Subscribe-otp-V2.Lib-Policy.IDM.admin" order="4" policy-set="2" policy-set-name="Output"/>
<linkage-item dn="lib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V2.Lib-Policy.IDM.admin" order="8" policy-set="11" policy-set-name="Publisher Command"/>
--------------------


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=51435

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.