Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
lvaradha Absent Member.
Absent Member.
597 views

Start Workflow(Role Request Driver) from IDM Driver Policy


User Application version 3.7
AD Driver version 3.5.14
IDM 3.6.1

I want to migrate existing user from AD to eDirectory.
I am using UserApplication Role and Resource to provision any *new*
users to AD resource.
configuration in User Application
AD Role -->Resource 1 --> User Account (AD entitlement)
AD Group Role -->Resource 2-->Group (AD Group entitlement)

I am doing migartion of user from AD to eDirectory through "Migrate
user in Identity vault" option in iManager. During the migration i have
a driver policy to start the workflow in UserApplication.
This workflow is used to grant the AD Role for the user i am migrating.


I am getting the error in the driver trace log

DirXML Log Event -------------------
Driver:
\HAVIGS-DEV\havigs\Services\IDM\Havigs-DriverSet\NullDriver
Channel: Subscriber
Status: Error
Message: Code(-9194) Error in
vnd.nds.stream://novell-DEV/havigs/Services/IDM/Novell-DriverSet/NullDriver/Subscriber/Start+Role+WorkFlow-Initial+User+Migration#XmlData:12
: Couldn't start workflow
'CN=AutoRoleRequestEntitlementWorkflow,CN=RequestDefs,CN=AppConfig,CN=UserApplication,CN=DriverSet,OU=IDM,OU=Services,O=novell'
for recipient 'CN=arane,OU=APMEA,OU=Internal,OU=Users,O=novell':
java.rmi.ConnectException: Connection refused


The workflow property is created as below

Start
|
|
RoleRequest ( Source : Pointing to "AD Role", Traget: recipient)
|
|
finish


The RoleRequest activity is taking the recipient in AD DN format i
believe. How i can make this to work. Any one have any idea on this?


--
lvaradha
------------------------------------------------------------------------
lvaradha's Profile: http://forums.novell.com/member.php?userid=77512
View this thread: http://forums.novell.com/showthread.php?t=453687

Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Start Workflow(Role Request Driver) from IDM Driver Policy

On 3/20/2012 3:16 PM, lvaradha wrote:
>
> User Application version 3.7
> AD Driver version 3.5.14
> IDM 3.6.1
>
> I want to migrate existing user from AD to eDirectory.
> I am using UserApplication Role and Resource to provision any *new*
> users to AD resource.
> configuration in User Application
> AD Role -->Resource 1 --> User Account (AD entitlement)
> AD Group Role -->Resource 2-->Group (AD Group entitlement)
>
> I am doing migartion of user from AD to eDirectory through "Migrate
> user in Identity vault" option in iManager. During the migration i have
> a driver policy to start the workflow in UserApplication.
> This workflow is used to grant the AD Role for the user i am migrating.
>



The error you are getting is that the Start Workflow token is making a
SOAP call to the UA SOAP endpoint to call the startWorkflow SOAP function.

So the engine is not connecting to the User App. This might be a bad
URL. A bad firewall blocking the connection in between or the like.

Bad usernames give different errors (403 Prohibited errors, usually).


> I am getting the error in the driver trace log
>
> DirXML Log Event -------------------
> Driver:
> \HAVIGS-DEV\havigs\Services\IDM\Havigs-DriverSet\NullDriver
> Channel: Subscriber
> Status: Error
> Message: Code(-9194) Error in
> vnd.nds.stream://novell-DEV/havigs/Services/IDM/Novell-DriverSet/NullDriver/Subscriber/Start+Role+WorkFlow-Initial+User+Migration#XmlData:12
> : Couldn't start workflow
> 'CN=AutoRoleRequestEntitlementWorkflow,CN=RequestDefs,CN=AppConfig,CN=UserApplication,CN=DriverSet,OU=IDM,OU=Services,O=novell'
> for recipient 'CN=arane,OU=APMEA,OU=Internal,OU=Users,O=novell':
> java.rmi.ConnectException: Connection refused
>
>
> The workflow property is created as below
>
> Start
> |
> |
> RoleRequest ( Source : Pointing to "AD Role", Traget: recipient)
> |
> |
> finish
>
>
> The RoleRequest activity is taking the recipient in AD DN format i
> believe. How i can make this to work. Any one have any idea on this?
>
>


0 Likes
mkijewsk
New Member.

Re: Start Workflow(Role Request Driver) from IDM Driver Policy


Does the policy rule that starts the workflow have the right authorized
user DN and authorized user password? It looks like a rights issue to
me.


--
mkijewsk
------------------------------------------------------------------------
mkijewsk's Profile: http://forums.novell.com/member.php?userid=42277
View this thread: http://forums.novell.com/showthread.php?t=453687

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Start Workflow(Role Request Driver) from IDM Driver Policy

On 03/20/2012 03:56 PM, mkijewsk wrote:
>
> Does the policy rule that starts the workflow have the right authorized
> user DN and authorized user password? It looks like a rights issue to
> me.
>
>

Greetings,
The error you are receiving as Geoffrey has outlined is normally
because either something in the URL for the User Application is
incorrect (case does matter), you have a firewall blocking, or you
running the Application Server on https and have not installed the
Application Server's certificate in the cacerts file of the jre that the
IDM Engine is running on.

--
Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Knowledge Partner
Knowledge Partner

Re: Start Workflow(Role Request Driver) from IDM Driver Policy

On 3/20/2012 9:26 PM, Steven Williams wrote:
> On 03/20/2012 03:56 PM, mkijewsk wrote:
>>
>> Does the policy rule that starts the workflow have the right authorized
>> user DN and authorized user password? It looks like a rights issue to
>> me.
>>
>>

> Greetings,
> The error you are receiving as Geoffrey has outlined is normally because
> either something in the URL for the User Application is incorrect (case
> does matter), you have a firewall blocking, or you running the
> Application Server on https and have not installed the Application
> Server's certificate in the cacerts file of the jre that the IDM Engine
> is running on.


Rights issues (bad password, wrong user, no user, etc) generate a 403
HTTP Forbidden error.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.