UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Lieutenant
Lieutenant
905 views

Where, Oh Where Has DirXML-DriverStartOption Gone?

Hello!

Can you tell me where I can find the startup information for a driver?

I am writing a script to extract some information from drivers. One of the pieces of information I'd like to capture about a driver is the its startup status. I've looked t serveral of my drivers, and DirXML-DriverStartOption no longer appears to be used, as it is absent from my drivers. We're running IDM 4.7.1.

Thanks,
Jack Stewart
University of Michigan
Labels (1)
0 Likes
10 Replies
Lieutenant
Lieutenant

Hi everyone,

FYI, I can only seem to retrieve DirXML-DriverStartOption via LDAP under limited and confusing circumstances. There doesn't seem to be a consistency about how I can retrieve the attribute.

This search:

ldapsearch -h server -D cn=admin -W -Z -b "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)' DirXML-DriverStartOption

retrieves the value, but an equivalent search in Perl does not.

$results2 = $ldap->search (
base => 'cn=DriverSet,ou=IDM,o=services',
scope => 'sub',
filter => 'cn=' . $cn
);

Also, if I attempt to retreive all the attributes on the object via ldapsearch, DirXML-DriverStartOption is not returned in the results. For example:

ldapsearch -h server -D cn=admin,o=services -W -Z -b "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)' > drivername.txt

Any ideas?

Thanks, Jack
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 09/27/2018 01:06 PM, mjstew wrote:
>
> Hi everyone,
>
> FYI, I can only seem to retrieve DirXML-DriverStartOption via LDAP under
> limited and confusing circumstances. There doesn't seem to be a
> consistency about how I can retrieve the attribute.
>
> This search:
>
> ldapsearch -h server -D cn=admin -W -Z -b
> "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)'
> DirXML-DriverStartOption


Explicitly requesting works for attributes AND properties.

> retrieves the value, but an equivalent search in Perl does not.
>
> $results2 = $ldap->search (
> base => 'cn=DriverSet,ou=IDM,o=services',
> scope => 'sub',
> filter => 'cn=' . $cn
> );


NOT explicitly requesting means you only get attributes.

> Also, if I attempt to retreive all the attributes on the object via
> ldapsearch, DirXML-DriverStartOption is not returned in the results.
> For example:


Not explicitly requesting again.

> ldapsearch -h server -D cn=admin,o=services -W -Z -b
> "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)'
>> drivername.txt


Try requesting '+' (a plus sign) to see if that gives you all that you
want. An asterisk (*) means all attributes ,and a plus sign (+) means all
properties, or you can request things individually or with a list of
attributes/properties.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Hi Jack,
You mentioned, that you looking for solution for IDM4.7 (that also mean you have eDir9.x).
In this case, you can use "new" LDAP monitoring functionality (cn=Monitor)
You will have access to driver information, when you will point to the driver object with base cn=Monitor.

ldapsearch -H ldaps://xxx.xxx.xxx.xxx:636 -x -D "cn=admin,ou=xxx" -W -b "cn=Azure2LS,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -s sub -a always "(objectClass=*)" "cn" "driver-state" "objectClass"
0 Likes
Lieutenant
Lieutenant

Aaron,

You seem to imply that DirXML-DriverStartOption is a property rather than an attribute. Is that true? Honestly, I've never heard of there being a difference in LDAP searches, nor have I ever seen a request like you're suggesting, (objectClass=+).

Also the followinig Perl LDAP search does not work:

$results2 = $ldap->search (
base => $results->dn,
scope => 'base',
filter => '(objectClass=+)',
attrs => $attrs
);


Nor does it work with *.

I am still confused as to why I am unable to retrieve this attribute/property.

Thanks, Jack
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 09/27/2018 02:46 PM, mjstew wrote:
>
> You seem to imply that DirXML-DriverStartOption is a property rather
> than an attribute. Is that true? Honestly, I've never heard of there


I do not know that it is, or is not, but that's my theory based on your
evidence. I do not have access to an environment to check right now.

> being a difference in LDAP searches, nor have I ever seen a request like
> you're suggesting, (objectClass=+).


No no, use the + or the * in the attribute list, not in the filter. Leave
the filter as it was because objectClass=+ is crazy. 🙂

> Also the followinig Perl LDAP search does not work:
>
> $results2 = $ldap->search (
> base => $results->dn,
> scope => 'base',
> filter => '(objectClass=+)',
> attrs => $attrs
> );
>
> Nor does it work with *.
>
> I am still confused as to why I am unable to retrieve this
> attribute/property.


Try the ldapsearch command but use + instead of DirXML-DriverStartOption
to see if you can return all properties, which will include the GUID,
creation and modification timestamps, the localEntryID, etc.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Knowledge Partner Knowledge Partner
Knowledge Partner

mjstew wrote:

> You seem to imply that DirXML-DriverStartOption is a property rather
> than an attribute. Is that true? Honestly, I've never heard of there
> being a difference in LDAP searches


From the ldapsearch man page:

"If ldapsearch finds one or more entries, the attributes specified by
attrs are returned. If * is listed, all user attributes are returned. If + is
listed, all operational attributes are returned. If no attrs are listed, all
user attributes are returned. If only 1.1 is listed, no attributes will be
returned."

"Operational attributes" is what Aaron called "properties" earlier.

Now when you look at the schema definition:

( 2.16.840.1.113719.1.14.4.1.13 NAME 'DirXML-DriverStartOption' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1'
X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )

you'll notice "USAGE directoryOperation", which is what sorts attributes into
the "user" and "operational" categories.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 9/28/2018 3:39 AM, Lothar Haeger wrote:
> mjstew wrote:
>
>> You seem to imply that DirXML-DriverStartOption is a property rather
>> than an attribute. Is that true? Honestly, I've never heard of there
>> being a difference in LDAP searches

>
> From the ldapsearch man page:
>
> "If ldapsearch finds one or more entries, the attributes specified by
> attrs are returned. If * is listed, all user attributes are returned. If + is
> listed, all operational attributes are returned. If no attrs are listed, all
> user attributes are returned. If only 1.1 is listed, no attributes will be
> returned."
>
> "Operational attributes" is what Aaron called "properties" earlier.
>
> Now when you look at the schema definition:
>
> ( 2.16.840.1.113719.1.14.4.1.13 NAME 'DirXML-DriverStartOption' SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE
> directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1'
> X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )
>
> you'll notice "USAGE directoryOperation", which is what sorts attributes into
> the "user" and "operational" categories.


I never noticed that about this attribute before. Good catch. Also did
not know about the * and + difference in attribute list. Good ones!

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Geoffrey Carman wrote:

> Also did not know about the * and + difference in attribute list.


....and you can even use them both at the same time for maximum information
overload! Just remember to include * in single quotes to prevent globbing and
spoil the effect.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 09/28/2018 06:42 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>> Also did not know about the * and + difference in attribute list.

>
> ...and you can even use them both at the same time for maximum information
> overload! Just remember to include * in single quotes to prevent globbing and
> spoil the effect.


Yes, though just to be fair to people using something like Apache
Directory Studio (rather than ldapsearch commands or Perl), you only need
to quote to avoid globbing when globbing is possible, meaning at the shell
(usually Bash).

For more background, the '*' is special to the shell, as I think we all
know, even when passed as an unquoted parameter to a command . If you do
not quote it, then Bash expands it to match everything non-hidden in the
current directory, and that mostly means a bunch of files like test.txt,
or readme.out, or whatever. Those are then passed to ldapsearch, so in
ndstrace you can easily see that somebody forgot to quote their '*'
because they appear to be requesting a lot of weird attributes, like
test.txt, and readme.out, and such. Pretty comical, as long as you're not
in a hurry.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

mjstew;2488147 wrote:
Hi everyone,

FYI, I can only seem to retrieve DirXML-DriverStartOption via LDAP under limited and confusing circumstances. There doesn't seem to be a consistency about how I can retrieve the attribute.

This search:

ldapsearch -h server -D cn=admin -W -Z -b "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)' DirXML-DriverStartOption

retrieves the value, but an equivalent search in Perl does not.

$results2 = $ldap->search (
base => 'cn=DriverSet,ou=IDM,o=services',
scope => 'sub',
filter => 'cn=' . $cn
);

Also, if I attempt to retreive all the attributes on the object via ldapsearch, DirXML-DriverStartOption is not returned in the results. For example:

ldapsearch -h server -D cn=admin,o=services -W -Z -b "cn=DriverName,cn=DriverSet,ou=IDM,o=services" -s base '(objectClass=*)' > drivername.txt

Any ideas?

Thanks, Jack


Server specific attribute, maybe it's not returned unless you ask for it specifically. You may also need to use an extension to get it from each configured server for the driverset.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.