ChrisKnudsen
New Member.
558 views

Trubble with move-event on bi-directional eDir driver

Hello

Im having some troubles moving users in a connected eDirectory without idm-engine installed with the bi-directional eDir driver.

Im syncronizing organisational units and users from a eDirectory with idm engine installet to an eDirectory with no idm engine.
Afterwards im trying to move some of the useres after the initial add event witch funtions fine, the move fails.

Any help would be much appriciated.

Im getting the error "EDIRSub.performMoveOperation() No association key for move operation.".

<actions>
<do-set-local-variable name="lPreviousUserContainer" scope="policy">
<arg-node-set>
<token-resolve datastore="dest">
<arg-association>
<token-association/>
</arg-association>
</token-resolve>
</arg-node-set>
</do-set-local-variable>
<do-set-local-variable name="lAftnr" scope="policy">
<arg-string>
<token-src-attr class-name="User" name="XATTRIBAftNr"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lDestOU" scope="policy">
<arg-node-set>
<token-query class-name="Organizational Unit">
<arg-match-attr name="Description">
<arg-value type="string">
<token-local-variable name="lAftnr"/>
</arg-value>
</arg-match-attr>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="regex" name="lDestOU" op="equal">.+</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-move-dest-object class-name="User" when="after">
<arg-dn>
<token-local-variable name="lPreviousUserContainer"/>
</arg-dn>
<arg-dn>
<token-xpath expression="$lDestOU/@src-dn"/>
</arg-dn>
</do-move-dest-object>
</arg-actions>
<arg-actions>
<do-delete-dest-object class-name="User"/>
</arg-actions>
</do-if>
</actions>
</rule>


[HTML]
[09/06/18 13:51:06.820]:EDIRMETAToMDM01 ST: Action: do-move-dest-object(class-name="User",when="after",arg-dn(token-local-variable("lPreviousUserContainer")),arg-dn(token-xpath("$lDestOU/@src-dn"))).
[09/06/18 13:51:06.821]:EDIRMETAToMDM01 ST: arg-dn(token-local-variable("lPreviousUserContainer"))
[09/06/18 13:51:06.821]:EDIRMETAToMDM01 ST: token-local-variable("lPreviousUserContainer")
[09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST: Token Value: "cn=testuser173,ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST: Arg Value: "cn=testuser173,ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST: arg-dn(token-xpath("$lDestOU/@src-dn"))
[09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST: token-xpath("$lDestOU/@src-dn")
[09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST: Token Value: "ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST: Arg Value: "ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.824]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.824]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20180906115106.389Z" class-name="User" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" qualified-src-dn="O=dk\OU=users\CN=testuser173" src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707" timestamp="1536234666#5">
<association state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
<modify-attr attr-name="XATTRIBAftNr">
<remove-value>
<value timestamp="1536234213#5" type="string">10490909090</value>
</remove-value>
<add-value>
<value timestamp="1536234666#5" type="string">201201201</value>
</add-value>
</modify-attr>
</modify>
<move class-name="User" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/06/18 13:51:06.827]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVEDIR2AENT-sub-ctp-TagEvent%-C.
[09/06/18 13:51:06.828]:EDIRMETAToMDM01 ST: Applying to modify #1.
[09/06/18 13:51:06.832]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement change (Delete Option)'.
[09/06/18 13:51:06.833]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.833]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "delete") = TRUE.
[09/06/18 13:51:06.834]:EDIRMETAToMDM01 ST: (if-class-name match "user|inetorgperson") = TRUE.
[09/06/18 13:51:06.834]:EDIRMETAToMDM01 ST: (if-operation match "add|modify|delete|status") = TRUE.
[09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: (if-entitlement 'Account' changing) = FALSE.
[09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement change (Disable Option)'.
[09/06/18 13:51:06.836]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.836]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "disable") = FALSE.
[09/06/18 13:51:06.837]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.837]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement remove (Delete Option)'.
[09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "delete") = TRUE.
[09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-class-name match "user|inetorgperson|person") = TRUE.
[09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: (if-operation match "delete") = FALSE.
[09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: Applying to move #2.
[09/06/18 13:51:06.840]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement change (Delete Option)'.
[09/06/18 13:51:06.840]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "delete") = TRUE.
[09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-class-name match "user|inetorgperson") = TRUE.
[09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-operation match "add|modify|delete|status") = FALSE.
[09/06/18 13:51:06.842]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.842]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement change (Disable Option)'.
[09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "disable") = FALSE.
[09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Account Entitlement remove (Delete Option)'.
[09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.Account' equal "true") = TRUE.
[09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: (if-global-variable 'drv.entitlement.remove' equal "delete") = TRUE.
[09/06/18 13:51:06.845]:EDIRMETAToMDM01 ST: (if-class-name match "user|inetorgperson|person") = TRUE.
[09/06/18 13:51:06.845]:EDIRMETAToMDM01 ST: (if-operation match "delete") = FALSE.
[09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20180906115106.389Z" class-name="User" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" qualified-src-dn="O=dk\OU=users\CN=testuser173" src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707" timestamp="1536234666#5">
<association state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
<modify-attr attr-name="XATTRIBAftNr">
<remove-value>
<value timestamp="1536234213#5" type="string">10490909090</value>
</remove-value>
<add-value>
<value timestamp="1536234666#5" type="string">201201201</value>
</add-value>
</modify-attr>
</modify>
<move class-name="User" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2DFC-sub-ctp-TransformLoginExpTime%-C.
[09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST: Applying to modify #1.
[09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Transform changes to loginExpirationTime'.
[09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: (if-operation equal "modify") = TRUE.
[09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: (if-op-attr 'Login Expiration Time' changing) = FALSE.
[09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: Applying to move #2.
[09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Transform changes to loginExpirationTime'.
[09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: (if-operation equal "modify") = FALSE.
[09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20180906115106.389Z" class-name="User" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" qualified-src-dn="O=dk\OU=users\CN=testuser173" src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707" timestamp="1536234666#5">
<association state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
<modify-attr attr-name="XATTRIBAftNr">
<remove-value>
<value timestamp="1536234213#5" type="string">10490909090</value>
</remove-value>
<add-value>
<value timestamp="1536234666#5" type="string">201201201</value>
</add-value>
</modify-attr>
</modify>
<move class-name="User" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/06/18 13:51:06.857]:EDIRMETAToMDM01 ST:Filtering out notification-only attributes.
[09/06/18 13:51:06.857]:EDIRMETAToMDM01 ST: Filtered out <modify-attr attr-name='XATTRIBAftNr'>.
[09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST: Filtered out <modify class-name='User'>.
[09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST:Fixing up association references.
[09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST:Applying schema mapping policies to output.
[09/06/18 13:51:06.859]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[09/06/18 13:51:06.859]:EDIRMETAToMDM01 ST: Mapping class-name 'User' to 'inetOrgPerson'.
[09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST:Applying output transformation policies.
[09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2ENT-otp-EntitlementsImpl%-C.
[09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST: Applying to move #1.
[09/06/18 13:51:06.861]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Intercept outbound queries for eDirAccount'.
[09/06/18 13:51:06.861]:EDIRMETAToMDM01 ST: (if-class-name equal "eDirAccount") = FALSE.
[09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/06/18 13:51:06.863]:EDIRMETAToMDM01 ST:Applying policy: %+C%14Cpwc-sub-otp-transformMoves%-C.
[09/06/18 13:51:06.864]:EDIRMETAToMDM01 ST: Applying to move #1.
[09/06/18 13:51:06.864]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Change Parent on Move to Association'.
[09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: (if-operation equal "move") = TRUE.
[09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: Rule selected.
[09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: Applying rule 'Change Parent on Move to Association'.
[09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST: Action: do-set-local-variable("lv_destDN",scope="policy",token-xpath("./parent/@dest-dn")).
[09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST: arg-string(token-xpath("./parent/@dest-dn"))
[09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST: token-xpath("./parent/@dest-dn")
[09/06/18 13:51:06.867]:EDIRMETAToMDM01 ST: Token Value: "ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.867]:EDIRMETAToMDM01 ST: Arg Value: "ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action: do-strip-xpath("self::move/parent").
[09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action: do-append-xml-element("parent","self::move").
[09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action: do-append-xml-element("association","self::move/parent").
[09/06/18 13:51:06.869]:EDIRMETAToMDM01 ST: Action: do-append-xml-text("self::move/parent/association","$lv_destDN$").
[09/06/18 13:51:06.869]:EDIRMETAToMDM01 ST: arg-string("$lv_destDN$")
[09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST: token-text("$lv_destDN$")
[09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST: Expanded variable reference '$lv_destDN$' to 'ou=Plejehjem,ou=org,o=dk'.
[09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST: Arg Value: "ou=Plejehjem,ou=org,o=dk".
[09/06/18 13:51:06.871]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.871]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent>
<association>ou=Plejehjem,ou=org,o=dk</association>
</parent>
</move>
</input>
</nds>
[09/06/18 13:51:06.873]:EDIRMETAToMDM01 ST:Submitting document to subscriber shim:
[09/06/18 13:51:06.873]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk" event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent>
<association>ou=Plejehjem,ou=org,o=dk</association>
</parent>
</move>
</input>
</nds>
[09/06/18 13:51:06.875]:EDIRMETAToMDM01 ST:EDIRMETAToMDM01: EDIRSub.performMoveOperation() No association key for move operation.
[09/06/18 13:51:06.875]:EDIRMETAToMDM01 ST:SubscriptionShim.execute() returned:
[09/06/18 13:51:06.876]:EDIRMETAToMDM01 ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="EDIRMETAToMDM01" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" level="error">No association key for move operation.</status>
</output>
</nds>
[09/06/18 13:51:06.877]:EDIRMETAToMDM01 ST:Applying input transformation policies.
[09/06/18 13:51:06.877]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2ENT-itp-InitEntitlementConfigurationResource%-C.
[09/06/18 13:51:06.878]:EDIRMETAToMDM01 ST: Applying to status #1.
[09/06/18 13:51:06.878]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Make sure we only run once and when we're ready'.
[09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: (if-local-variable 'objectClass' match ".+") = TRUE.
[09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: (if-local-variable 'entConfigInitialized' equal "true") = TRUE.
[09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: Rule selected.
[09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST: Applying rule 'Make sure we only run once and when we're ready'.
[09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST: Action: do-break().
[09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.881]:EDIRMETAToMDM01 ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="EDIRMETAToMDM01" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" level="error">No association key for move operation.</status>
</output>
</nds>
[09/06/18 13:51:06.882]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLAUDTENTC-itp-SendEntitlementsEvents%-C.
[09/06/18 13:51:06.882]:EDIRMETAToMDM01 ST: Applying to status #1.
[09/06/18 13:51:06.883]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
[09/06/18 13:51:06.883]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: (if-op-property 'accountAction' equal "accountCreateByEntitlementGrant") = FALSE.
[09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
[09/06/18 13:51:06.885]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.885]:EDIRMETAToMDM01 ST: (if-xpath true "./operation-data/entitlement-impl/@state = '0'") = FALSE.
[09/06/18 13:51:06.886]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.886]:EDIRMETAToMDM01 ST: (if-op-property 'accountAction' equal "accountDeleteByEntitlementRevoke") = FALSE.
[09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
[09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: (if-op-property 'accountAction' equal "accountDisableByEntitlementRevoke") = FALSE.
[09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
[09/06/18 13:51:06.889]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.889]:EDIRMETAToMDM01 ST: (if-op-property 'accountAction' equal "accountEnableByEntitlementGrant") = FALSE.
[09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Generate Audit Event'.
[09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: (if-operation equal "status") = TRUE.
[09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST: (if-local-variable 'auditEventID' available) = FALSE.
[09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.892]:EDIRMETAToMDM01 ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="EDIRMETAToMDM01" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" level="error">No association key for move operation.</status>
</output>
</nds>
[09/06/18 13:51:06.893]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2ENT-itp-EntitlementsImpl%-C.
[09/06/18 13:51:06.893]:EDIRMETAToMDM01 ST: Applying to status #1.
[09/06/18 13:51:06.894]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Intercept eDirAccount (tagged identity query) query response'.
[09/06/18 13:51:06.895]:EDIRMETAToMDM01 ST: (if-local-variable 'AccountEntitlementQuery' equal "true") = FALSE.
[09/06/18 13:51:06.895]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements that need to be granted'.
[09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: (if-operation equal "add-association") = FALSE.
[09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: Rule rejected.
[09/06/18 13:51:06.897]:EDIRMETAToMDM01 ST:Policy returned:
[09/06/18 13:51:06.897]:EDIRMETAToMDM01 ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="EDIRMETAToMDM01" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00" level="error">No association key for move operation.</status>
</output>
</nds>
[09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Applying schema mapping policies to input.
[09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Resolving association references.
[09/06/18 13:51:06.900]:EDIRMETAToMDM01 ST:Processing returned document.
[09/06/18 13:51:06.900]:EDIRMETAToMDM01 ST:Processing operation <status> for .
[09/06/18 13:51:06.901]:EDIRMETAToMDM01 ST:
DirXML Log Event -------------------
Driver: \FMKMETA\dk\services\idm\Driver Set\EDIRMETAToMDM01
Channel: Subscriber
Object: \FMKMETA\dk\users\testuser173
Status: Error
Message: No association key for move operation.

[/HTML]
Labels (1)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Trubble with move-event on bi-directional eDir driver

On 9/6/2018 8:34 AM, ChrisKnudsen wrote:
>
> Hello
>
> Im having some troubles moving users in a connected eDirectory without
> idm-engine installed with the bi-directional eDir driver.
>
> Im syncronizing organisational units and users from a eDirectory with
> idm engine installet to an eDirectory with no idm engine.
> Afterwards im trying to move some of the useres after the initial add
> event witch funtions fine, the move fails.
>
> Any help would be much appriciated.
>
> Im getting the error "EDIRSub.performMoveOperation() No association key
> for move operation.".
>
> Code:
> --------------------
>
> <actions>
> <do-set-local-variable name="lPreviousUserContainer" scope="policy">
> <arg-node-set>
> <token-resolve datastore="dest">
> <arg-association>
> <token-association/>
> </arg-association>
> </token-resolve>
> </arg-node-set>
> </do-set-local-variable>
> <do-set-local-variable name="lAftnr" scope="policy">
> <arg-string>
> <token-src-attr class-name="User" name="XATTRIBAftNr"/>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lDestOU" scope="policy">
> <arg-node-set>
> <token-query class-name="Organizational Unit">
> <arg-match-attr name="Description">
> <arg-value type="string">
> <token-local-variable name="lAftnr"/>
> </arg-value>
> </arg-match-attr>
> </token-query>
> </arg-node-set>
> </do-set-local-variable>
> <do-if>
> <arg-conditions>
> <and>
> <if-local-variable mode="regex" name="lDestOU" op="equal">.+</if-local-variable>
> </and>
> </arg-conditions>
> <arg-actions>
> <do-move-dest-object class-name="User" when="after">
> <arg-dn>
> <token-local-variable name="lPreviousUserContainer"/>
> </arg-dn>
> <arg-dn>
> <token-xpath expression="$lDestOU/@src-dn"/>
> </arg-dn>
> </do-move-dest-object>
> </arg-actions>
> <arg-actions>
> <do-delete-dest-object class-name="User"/>
> </arg-actions>
> </do-if>
> </actions>
> </rule>
>
> --------------------
>
>
>
>
> [09/06/18 13:51:06.820]:EDIRMETAToMDM01 ST: Action:
> do-move-dest-object(class-name="User",when="after",arg-dn(token-local-variable("lPreviousUserContainer")),arg-dn(token-xpath("$lDestOU/@src-dn"))).
> [09/06/18 13:51:06.821]:EDIRMETAToMDM01 ST:
> arg-dn(token-local-variable("lPreviousUserContainer"))
> [09/06/18 13:51:06.821]:EDIRMETAToMDM01 ST:
> token-local-variable("lPreviousUserContainer")
> [09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST: Token Value:
> "cn=testuser173,ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST: Arg Value:
> "cn=testuser173,ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.822]:EDIRMETAToMDM01 ST:
> arg-dn(token-xpath("$lDestOU/@src-dn"))
> [09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST:
> token-xpath("$lDestOU/@src-dn")
> [09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST: Token Value:
> "ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.823]:EDIRMETAToMDM01 ST: Arg Value:
> "ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.824]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.824]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify cached-time="20180906115106.389Z" class-name="User"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> qualified-src-dn="O=dk\OU=users\CN=testuser173"
> src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707"
> timestamp="1536234666#5">
> <association
> state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
> <modify-attr attr-name="XATTRIBAftNr">
> <remove-value>
> <value timestamp="1536234213#5"
> type="string">10490909090</value>
> </remove-value>
> <add-value>
> <value timestamp="1536234666#5"
> type="string">201201201</value>
> </add-value>
> </modify-attr>
> </modify>
> <move class-name="User"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.827]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVEDIR2AENT-sub-ctp-TagEvent%-C.
> [09/06/18 13:51:06.828]:EDIRMETAToMDM01 ST: Applying to modify #1.
> [09/06/18 13:51:06.832]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement change (Delete Option)'.
> [09/06/18 13:51:06.833]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.833]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "delete") = TRUE.
> [09/06/18 13:51:06.834]:EDIRMETAToMDM01 ST: (if-class-name match
> "user|inetorgperson") = TRUE.
> [09/06/18 13:51:06.834]:EDIRMETAToMDM01 ST: (if-operation match
> "add|modify|delete|status") = TRUE.
> [09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: (if-entitlement
> 'Account' changing) = FALSE.
> [09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.835]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement change (Disable Option)'.
> [09/06/18 13:51:06.836]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.836]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "disable") = FALSE.
> [09/06/18 13:51:06.837]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.837]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement remove (Delete Option)'.
> [09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "delete") = TRUE.
> [09/06/18 13:51:06.838]:EDIRMETAToMDM01 ST: (if-class-name match
> "user|inetorgperson|person") = TRUE.
> [09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: (if-operation match
> "delete") = FALSE.
> [09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.839]:EDIRMETAToMDM01 ST: Applying to move #2.
> [09/06/18 13:51:06.840]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement change (Delete Option)'.
> [09/06/18 13:51:06.840]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "delete") = TRUE.
> [09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-class-name match
> "user|inetorgperson") = TRUE.
> [09/06/18 13:51:06.841]:EDIRMETAToMDM01 ST: (if-operation match
> "add|modify|delete|status") = FALSE.
> [09/06/18 13:51:06.842]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.842]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement change (Disable Option)'.
> [09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "disable") = FALSE.
> [09/06/18 13:51:06.843]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Account Entitlement remove (Delete Option)'.
> [09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.Account' equal "true") = TRUE.
> [09/06/18 13:51:06.844]:EDIRMETAToMDM01 ST: (if-global-variable
> 'drv.entitlement.remove' equal "delete") = TRUE.
> [09/06/18 13:51:06.845]:EDIRMETAToMDM01 ST: (if-class-name match
> "user|inetorgperson|person") = TRUE.
> [09/06/18 13:51:06.845]:EDIRMETAToMDM01 ST: (if-operation match
> "delete") = FALSE.
> [09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.846]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify cached-time="20180906115106.389Z" class-name="User"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> qualified-src-dn="O=dk\OU=users\CN=testuser173"
> src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707"
> timestamp="1536234666#5">
> <association
> state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
> <modify-attr attr-name="XATTRIBAftNr">
> <remove-value>
> <value timestamp="1536234213#5"
> type="string">10490909090</value>
> </remove-value>
> <add-value>
> <value timestamp="1536234666#5"
> type="string">201201201</value>
> </add-value>
> </modify-attr>
> </modify>
> <move class-name="User"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2DFC-sub-ctp-TransformLoginExpTime%-C.
> [09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST: Applying to modify #1.
> [09/06/18 13:51:06.850]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Transform changes to loginExpirationTime'.
> [09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: (if-operation equal
> "modify") = TRUE.
> [09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: (if-op-attr 'Login
> Expiration Time' changing) = FALSE.
> [09/06/18 13:51:06.851]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: Applying to move #2.
> [09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Transform changes to loginExpirationTime'.
> [09/06/18 13:51:06.852]:EDIRMETAToMDM01 ST: (if-operation equal
> "modify") = FALSE.
> [09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.853]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <modify cached-time="20180906115106.389Z" class-name="User"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> qualified-src-dn="O=dk\OU=users\CN=testuser173"
> src-dn="\FMKMETA\dk\users\testuser173" src-entry-id="383707"
> timestamp="1536234666#5">
> <association
> state="associated">5B2A69B7D0AC3F4BBDF25B2A69B7D0AC</association>
> <modify-attr attr-name="XATTRIBAftNr">
> <remove-value>
> <value timestamp="1536234213#5"
> type="string">10490909090</value>
> </remove-value>
> <add-value>
> <value timestamp="1536234666#5"
> type="string">201201201</value>
> </add-value>
> </modify-attr>
> </modify>
> <move class-name="User"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.857]:EDIRMETAToMDM01 ST:Filtering out
> notification-only attributes.
> [09/06/18 13:51:06.857]:EDIRMETAToMDM01 ST: Filtered out <modify-attr
> attr-name='XATTRIBAftNr'>.
> [09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST: Filtered out <modify
> class-name='User'>.
> [09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST:Fixing up association
> references.
> [09/06/18 13:51:06.858]:EDIRMETAToMDM01 ST:Applying schema mapping
> policies to output.
> [09/06/18 13:51:06.859]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2DFC-smp%-C.
> [09/06/18 13:51:06.859]:EDIRMETAToMDM01 ST: Mapping class-name 'User'
> to 'inetOrgPerson'.
> [09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST:Applying output
> transformation policies.
> [09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2ENT-otp-EntitlementsImpl%-C.
> [09/06/18 13:51:06.860]:EDIRMETAToMDM01 ST: Applying to move #1.
> [09/06/18 13:51:06.861]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Intercept outbound queries for eDirAccount'.
> [09/06/18 13:51:06.861]:EDIRMETAToMDM01 ST: (if-class-name equal
> "eDirAccount") = FALSE.
> [09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.862]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <move class-name="inetOrgPerson"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.863]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14Cpwc-sub-otp-transformMoves%-C.
> [09/06/18 13:51:06.864]:EDIRMETAToMDM01 ST: Applying to move #1.
> [09/06/18 13:51:06.864]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Change Parent on Move to Association'.
> [09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: (if-operation equal
> "move") = TRUE.
> [09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: Rule selected.
> [09/06/18 13:51:06.865]:EDIRMETAToMDM01 ST: Applying rule 'Change
> Parent on Move to Association'.
> [09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST: Action:
> do-set-local-variable("lv_destDN",scope="policy",token-xpath("./parent/@dest-dn")).
> [09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST:
> arg-string(token-xpath("./parent/@dest-dn"))
> [09/06/18 13:51:06.866]:EDIRMETAToMDM01 ST:
> token-xpath("./parent/@dest-dn")
> [09/06/18 13:51:06.867]:EDIRMETAToMDM01 ST: Token Value:
> "ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.867]:EDIRMETAToMDM01 ST: Arg Value:
> "ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action:
> do-strip-xpath("self::move/parent").
> [09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action:
> do-append-xml-element("parent","self::move").
> [09/06/18 13:51:06.868]:EDIRMETAToMDM01 ST: Action:
> do-append-xml-element("association","self::move/parent").
> [09/06/18 13:51:06.869]:EDIRMETAToMDM01 ST: Action:
> do-append-xml-text("self::move/parent/association","$lv_destDN$").
> [09/06/18 13:51:06.869]:EDIRMETAToMDM01 ST:
> arg-string("$lv_destDN$")
> [09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST:
> token-text("$lv_destDN$")
> [09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST: Expanded variable
> reference '$lv_destDN$' to 'ou=Plejehjem,ou=org,o=dk'.
> [09/06/18 13:51:06.870]:EDIRMETAToMDM01 ST: Arg Value:
> "ou=Plejehjem,ou=org,o=dk".
> [09/06/18 13:51:06.871]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.871]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <move class-name="inetOrgPerson"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent>
> <association>ou=Plejehjem,ou=org,o=dk</association>
> </parent>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.873]:EDIRMETAToMDM01 ST:Submitting document to
> subscriber shim:
> [09/06/18 13:51:06.873]:EDIRMETAToMDM01 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.5.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <move class-name="inetOrgPerson"
> dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
> <parent>
> <association>ou=Plejehjem,ou=org,o=dk</association>
> </parent>
> </move>
> </input>
> </nds>
> [09/06/18 13:51:06.875]:EDIRMETAToMDM01 ST:EDIRMETAToMDM01:
> EDIRSub.performMoveOperation() No association key for move operation.
> [09/06/18 13:51:06.875]:EDIRMETAToMDM01 ST:SubscriptionShim.execute()
> returned:
> [09/06/18 13:51:06.876]:EDIRMETAToMDM01 ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20170831_0108" instance="EDIRMETAToMDM01"
> version="4.0.3.0">Identity Manager Bi-directional Driver for
> eDirectory</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> level="error">No association key for move operation.</status>
> </output>
> </nds>
> [09/06/18 13:51:06.877]:EDIRMETAToMDM01 ST:Applying input transformation
> policies.
> [09/06/18 13:51:06.877]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2ENT-itp-InitEntitlementConfigurationResource%-C.
> [09/06/18 13:51:06.878]:EDIRMETAToMDM01 ST: Applying to status #1.
> [09/06/18 13:51:06.878]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Make sure we only run once and when we're ready'.
> [09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: (if-local-variable
> 'objectClass' match ".+") = TRUE.
> [09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: (if-local-variable
> 'entConfigInitialized' equal "true") = TRUE.
> [09/06/18 13:51:06.879]:EDIRMETAToMDM01 ST: Rule selected.
> [09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST: Applying rule 'Make sure
> we only run once and when we're ready'.
> [09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST: Action: do-break().
> [09/06/18 13:51:06.880]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.881]:EDIRMETAToMDM01 ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20170831_0108" instance="EDIRMETAToMDM01"
> version="4.0.3.0">Identity Manager Bi-directional Driver for
> eDirectory</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> level="error">No association key for move operation.</status>
> </output>
> </nds>
> [09/06/18 13:51:06.882]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLAUDTENTC-itp-SendEntitlementsEvents%-C.
> [09/06/18 13:51:06.882]:EDIRMETAToMDM01 ST: Applying to status #1.
> [09/06/18 13:51:06.883]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule '00031200 - Account Create By Entitlement Grant'.
> [09/06/18 13:51:06.883]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: (if-op-property
> 'accountAction' equal "accountCreateByEntitlementGrant") = FALSE.
> [09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.884]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
> [09/06/18 13:51:06.885]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.885]:EDIRMETAToMDM01 ST: (if-xpath true
> "./operation-data/entitlement-impl/@state = '0'") = FALSE.
> [09/06/18 13:51:06.886]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.886]:EDIRMETAToMDM01 ST: (if-op-property
> 'accountAction' equal "accountDeleteByEntitlementRevoke") = FALSE.
> [09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
> [09/06/18 13:51:06.887]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: (if-op-property
> 'accountAction' equal "accountDisableByEntitlementRevoke") = FALSE.
> [09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.888]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule '00031203 - Account Enable By Entitlement Grant'.
> [09/06/18 13:51:06.889]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.889]:EDIRMETAToMDM01 ST: (if-op-property
> 'accountAction' equal "accountEnableByEntitlementGrant") = FALSE.
> [09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Generate Audit Event'.
> [09/06/18 13:51:06.890]:EDIRMETAToMDM01 ST: (if-operation equal
> "status") = TRUE.
> [09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST: (if-local-variable
> 'auditEventID' available) = FALSE.
> [09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.891]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.892]:EDIRMETAToMDM01 ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20170831_0108" instance="EDIRMETAToMDM01"
> version="4.0.3.0">Identity Manager Bi-directional Driver for
> eDirectory</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> level="error">No association key for move operation.</status>
> </output>
> </nds>
> [09/06/18 13:51:06.893]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2ENT-itp-EntitlementsImpl%-C.
> [09/06/18 13:51:06.893]:EDIRMETAToMDM01 ST: Applying to status #1.
> [09/06/18 13:51:06.894]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Intercept eDirAccount (tagged identity query) query
> response'.
> [09/06/18 13:51:06.895]:EDIRMETAToMDM01 ST: (if-local-variable
> 'AccountEntitlementQuery' equal "true") = FALSE.
> [09/06/18 13:51:06.895]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: Evaluating selection
> criteria for rule 'Check target of add-association for group membership
> entitlements that need to be granted'.
> [09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: (if-operation equal
> "add-association") = FALSE.
> [09/06/18 13:51:06.896]:EDIRMETAToMDM01 ST: Rule rejected.
> [09/06/18 13:51:06.897]:EDIRMETAToMDM01 ST:Policy returned:
> [09/06/18 13:51:06.897]:EDIRMETAToMDM01 ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20170831_0108" instance="EDIRMETAToMDM01"
> version="4.0.3.0">Identity Manager Bi-directional Driver for
> eDirectory</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <status
> event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00"
> level="error">No association key for move operation.</status>
> </output>
> </nds>
> [09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Applying schema mapping
> policies to input.
> [09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Applying policy:
> %+C%14CNOVLEDIR2DFC-smp%-C.
> [09/06/18 13:51:06.899]:EDIRMETAToMDM01 ST:Resolving association
> references.
> [09/06/18 13:51:06.900]:EDIRMETAToMDM01 ST:Processing returned
> document.
> [09/06/18 13:51:06.900]:EDIRMETAToMDM01 ST:Processing operation <status>
> for .
> [09/06/18 13:51:06.901]:EDIRMETAToMDM01 ST:
> DirXML Log Event -------------------
> Driver: \FMKMETA\dk\services\idm\Driver Set\EDIRMETAToMDM01
> Channel: Subscriber
> Object: \FMKMETA\dk\users\testuser173
> Status: Error
> Message: No association key for move operation.



First thing to try, in your do-move, is instead of specifying the DN,
specify the association. Especially since it is complaining of a
missing association.

<move class-name="User"
dest-dn="cn=testuser173,ou=Plejehjem,ou=org,o=dk"
event-id="meta6#20180906115106#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<parent dest-dn="ou=Plejehjem,ou=org,o=dk"/>
</move>

Specifically no <association> node in your move event.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Trubble with move-event on bi-directional eDir driver

Your operation starts out with a modify that has an association, but when
you create the move it does not have one, and you must have an association
for this move to work so IDM knows which object to move to the new
location. Perhaps try specifying the object by its association, since you
have that currently.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
ChrisKnudsen
New Member.

Re: Trubble with move-event on bi-directional eDir driver

If i change the rule to what you suggest I get a Nullpointer error.

My best guess is that the user is only associated backwards to the eDir with the idm engine? eventhough the user was put in the destination tree by the driver?

</do-add-association>
<do-move-dest-object class-name="User" direct="true">
<arg-association>
<token-association/>
</arg-association>
<arg-dn>
<token-xpath expression="$lDestOU/@src-dn"/>
</arg-dn>
</do-move-dest-object>





09/07/18 08:33:34.932]:EDIRMETAToMDM01 ST: Action: do-move-dest-object(class-name="User",direct="true",arg-association(token-association()),arg-dn(token-xpath("$lDestOU/@src-dn"))).
[09/07/18 08:33:34.932]:EDIRMETAToMDM01 ST: arg-association(token-association())
[09/07/18 08:33:34.933]:EDIRMETAToMDM01 ST: token-association()
[09/07/18 08:33:34.933]:EDIRMETAToMDM01 ST: Token Value: "34BF79B0476F2D42A9AA34BF79B0476F".
[09/07/18 08:33:34.934]:EDIRMETAToMDM01 ST: Arg Value: "34BF79B0476F2D42A9AA34BF79B0476F".
[09/07/18 08:33:34.934]:EDIRMETAToMDM01 ST: arg-dn(token-xpath("$lDestOU/@src-dn"))
[09/07/18 08:33:34.935]:EDIRMETAToMDM01 ST: token-xpath("$lDestOU/@src-dn")
[09/07/18 08:33:34.935]:EDIRMETAToMDM01 ST: Token Value: "ou=Hjemmeplejen,ou=org,o=dk".
[09/07/18 08:33:34.935]:EDIRMETAToMDM01 ST: Arg Value: "ou=Hjemmeplejen,ou=org,o=dk".
[09/07/18 08:33:34.936]:EDIRMETAToMDM01 ST: Direct command from policy
[09/07/18 08:33:34.936]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="User" event-id="meta6#20180907063334#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<association>34BF79B0476F2D42A9AA34BF79B0476F</association>
<parent dest-dn="ou=Hjemmeplejen,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/07/18 08:33:34.938]:EDIRMETAToMDM01 ST: Fixing up association references.
[09/07/18 08:33:34.938]:EDIRMETAToMDM01 ST: Applying schema mapping policies to output.
[09/07/18 08:33:34.938]:EDIRMETAToMDM01 ST: Applying policy: %+C%14CNOVLEDIR2DFC-smp%-C.
[09/07/18 08:33:34.939]:EDIRMETAToMDM01 ST: Mapping class-name 'User' to 'inetOrgPerson'.
[09/07/18 08:33:34.939]:EDIRMETAToMDM01 ST: Applying output transformation policies.
[09/07/18 08:33:34.940]:EDIRMETAToMDM01 ST: Applying policy: %+C%14CNOVLEDIR2ENT-otp-EntitlementsImpl%-C.
[09/07/18 08:33:34.940]:EDIRMETAToMDM01 ST: Applying to move #1.
[09/07/18 08:33:34.940]:EDIRMETAToMDM01 ST: Evaluating selection criteria for rule 'Intercept outbound queries for eDirAccount'.
[09/07/18 08:33:34.941]:EDIRMETAToMDM01 ST: (if-class-name equal "eDirAccount") = FALSE.
[09/07/18 08:33:34.941]:EDIRMETAToMDM01 ST: Rule rejected.
[09/07/18 08:33:34.942]:EDIRMETAToMDM01 ST: Policy returned:
[09/07/18 08:33:34.942]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" event-id="meta6#20180907063334#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<association>34BF79B0476F2D42A9AA34BF79B0476F</association>
<parent dest-dn="ou=Hjemmeplejen,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/07/18 08:33:34.943]:EDIRMETAToMDM01 ST: Applying policy: %+C%14Cpwc-sub-otp-transformMoves%-C.
[09/07/18 08:33:34.944]:EDIRMETAToMDM01 ST: Applying to move #1.
[09/07/18 08:33:34.944]:EDIRMETAToMDM01 ST: Policy returned:
[09/07/18 08:33:34.945]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" event-id="meta6#20180907063334#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<association>34BF79B0476F2D42A9AA34BF79B0476F</association>
<parent dest-dn="ou=Hjemmeplejen,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/07/18 08:33:34.946]:EDIRMETAToMDM01 ST: Submitting document to subscriber shim:
[09/07/18 08:33:34.946]:EDIRMETAToMDM01 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.5.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<move class-name="inetOrgPerson" event-id="meta6#20180907063334#1#1:5b2917d2-004e-4c49-a00b-d217295b4e00">
<association>34BF79B0476F2D42A9AA34BF79B0476F</association>
<parent dest-dn="ou=Hjemmeplejen,ou=org,o=dk"/>
</move>
</input>
</nds>
[09/07/18 08:33:34.949]:EDIRMETAToMDM01 ST: Processing returned document.
[09/07/18 08:33:34.949]:EDIRMETAToMDM01 ST: Processing operation <status> for .
[09/07/18 08:33:34.949]:EDIRMETAToMDM01 ST:
DirXML Log Event -------------------
Driver: \FMKMETA\dk\services\idm\Driver Set\EDIRMETAToMDM01
Channel: Subscriber
Object: \FMKMETA\dk\users\testuser173
Status: Error
Message: Code(-9010) An exception occurred: java.lang.NullPointerException

[09/07/18 08:33:35.116]:EDIRMETAToMDM01 ST: Direct command from policy result
[09/07/18 08:33:35.116]:EDIRMETAToMDM01 ST:
0 Likes
ukrause Super Contributor.
Super Contributor.

Re: Trubble with move-event on bi-directional eDir driver

in addition: We had the same problem. In your document the object to be moved is associated. The way the driver works is, that it will make a query based on the association to detect the objects. Now for your new parent object there is no association. That is the reason for your error message. Make an query against the destination for the parent object. This will give you the "association" you can use in your move
0 Likes
ChrisKnudsen
New Member.

Re: Trubble with move-event on bi-directional eDir driver

That was a very informative answer thank you!

Im now able to move users and start my weekend 🙂
0 Likes
Knowledge Partner
Knowledge Partner

Re: Trubble with move-event on bi-directional eDir driver

On 9/7/2018 2:54 AM, ukrause wrote:
>
> in addition: We had the same problem. In your document the object to be
> moved is associated. The way the driver works is, that it will make a
> query based on the association to detect the objects. Now for your new
> parent object there is no association. That is the reason for your error
> message. Make an query against the destination for the parent object.
> This will give you the "association" you can use in your move


Rephrased to simplify... The target OU you are moving too, needs to be
refered to by its association.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Trubble with move-event on bi-directional eDir driver

Hi Chris,
Another thing that I can see in your trace: attempt to move object before then this object created.

</do-add-association>
<do-move-dest-object class-name="User" direct="true">
<arg-association>
<token-association/>
</arg-association>
<arg-dn>
<token-xpath expression="$lDestOU/@src-dn"/>
</arg-dn>
</do-move-dest-object>


According to your explanation, you trying to move users after creation, but you starting move directly (before than object will created in eDirectory)

Afterwards im trying to move some of the useres after the initial add event witch funtions fine, the move fails.


If you have to put new user in specific container, I can recommend to avoid move operation and put your placement logic in your driver publisher placement policy.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.