kmaule Absent Member.
Absent Member.
202 views

eDir Bi-Directional driver


All the sudden in the middle of testing new policies I'm seeing the
following in the IDM Server trace:
> Status: Success
> 15:09:28 XYZ PT:XYZ-TEST eDir: OpenLDAPConnection - Connect to the
> server
> 15:09:28 XYZ PT:XYZ-TEST eDir: Opening clear text connection
> 15:09:28 XYZ PT:XYZ-TEST eDir: WARNING !!! WARNING !!! WARNING !!!
> 15:09:28 XYZ PT:XYZ-TEST eDir: You are using a clear-text connection.
> 15:09:28 XYZ PT:XYZ-TEST eDir: The user password will be sent in
> plain-text, which can be sniffed easily.
> 15:09:28 XYZ PT:XYZ-TEST eDir: It is recommended to use SSL to secure
> the connection.
>
> 15:09:28 XYZ PT:XYZ-TEST eDir: Host name: 10.28.55.39
> 15:09:28 XYZ PT:XYZ-TEST eDir: Port: 389
> 15:09:28 XYZ PT:XYZ-TEST eDir: DN: cn=IDM_ADMIN_PROXY,o=services
> 15:09:28 XYZ PT:XYZ-TEST eDir: Protocol version=3
> 15:09:28 XYZ PT:XYZ-TEST eDir: SDK version=4.5
> 15:09:28 XYZ PT:XYZ-TEST eDir: EdirPublisher - Initiating agent
> registration...
> 15:09:28 XYZ PT:XYZ-TEST eDir: LDAPInterface.registerDriverInstance() :
> Exception occured while registration - Other
> 15:09:28 LDAPException: Other (80) Other
> 15:09:28 LDAPException: Server Message: insufficient space (-1)
> 15:09:28 LDAPException: Matched DN:
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPResponse.getResultException(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
> Source)
> 15:09:28
> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
> Source)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.LDAPInterface.registerDriverInstance(LDAPInterface.java:1119)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EdirPublisher.register(EdirPublisher.java:84)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EdirPublisher.WaitAndRestoreConnection(EdirPublisher.java:617)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.driver.edir.EDIRPublicationShim.start(EDIRPublicationShim.java:101)
> 15:09:28
> 15:09:28 at
> com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:542)
> 15:09:28
> 15:09:28 at java.lang.Thread.run(Unknown Source)


And the following on the target eDir server LDAP trace:
> 15:09:25 New cleartext connection 0x14cb0330 from 10.30.188.160:61384,
> monitor = 0x798, index = 3
> 15:09:25 DoBind on connection 0x14cb0330
> 15:09:25 Bind name:cn=IDM_ADMIN_PROXY,o=services, version:3,
> authentication:simple
> 15:09:25 Sending operation result 0:"":"" to connection 0x14cb0330
> 15:09:25 DoExtended on connection 0x14cb0330
> 15:09:25 DoExtended: Extension Request OID:
> 2.16.840.1.113719.1.14.100.200
> 15:09:25 Sending operation result 80:"":"insufficient space (-1)" to
> connection 0x14cb0330
> 15:09:55 DoExtended on connection 0x14cb0330


It is a test tree for development, all servers are Windows, no change
after target server eDir restart and reboots. Changed it from 636 to
port 389 but no difference. Target server is only server in the tree
and holds the one and only partition that exists.

Turns out that it was a wonky rule that caused all the mayhem.


--
kmaule
------------------------------------------------------------------------
kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=55252

Labels (1)
0 Likes
2 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: eDir Bi-Directional driver

On 1/26/2016 10:34 AM, kmaule wrote:
>
> All the sudden in the middle of testing new policies I'm seeing the
> following in the IDM Server trace:
>> Status: Success
>> 15:09:28 XYZ PT:XYZ-TEST eDir: OpenLDAPConnection - Connect to the
>> server
>> 15:09:28 XYZ PT:XYZ-TEST eDir: Opening clear text connection
>> 15:09:28 XYZ PT:XYZ-TEST eDir: WARNING !!! WARNING !!! WARNING !!!
>> 15:09:28 XYZ PT:XYZ-TEST eDir: You are using a clear-text connection.
>> 15:09:28 XYZ PT:XYZ-TEST eDir: The user password will be sent in
>> plain-text, which can be sniffed easily.
>> 15:09:28 XYZ PT:XYZ-TEST eDir: It is recommended to use SSL to secure
>> the connection.
>>
>> 15:09:28 XYZ PT:XYZ-TEST eDir: Host name: 10.28.55.39
>> 15:09:28 XYZ PT:XYZ-TEST eDir: Port: 389
>> 15:09:28 XYZ PT:XYZ-TEST eDir: DN: cn=IDM_ADMIN_PROXY,o=services
>> 15:09:28 XYZ PT:XYZ-TEST eDir: Protocol version=3
>> 15:09:28 XYZ PT:XYZ-TEST eDir: SDK version=4.5
>> 15:09:28 XYZ PT:XYZ-TEST eDir: EdirPublisher - Initiating agent
>> registration...
>> 15:09:28 XYZ PT:XYZ-TEST eDir: LDAPInterface.registerDriverInstance() :
>> Exception occured while registration - Other
>> 15:09:28 LDAPException: Other (80) Other
>> 15:09:28 LDAPException: Server Message: insufficient space (-1)
>> 15:09:28 LDAPException: Matched DN:
>> 15:09:28
>> 15:09:28 at com.novell.ldap.LDAPResponse.getResultException(Unknown
>> Source)
>> 15:09:28
>> 15:09:28 at com.novell.ldap.LDAPResponse.chkResultCode(Unknown
>> Source)
>> 15:09:28
>> 15:09:28 at com.novell.ldap.LDAPConnection.chkResultCode(Unknown
>> Source)
>> 15:09:28
>> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
>> Source)
>> 15:09:28
>> 15:09:28 at com.novell.ldap.LDAPConnection.extendedOperation(Unknown
>> Source)
>> 15:09:28
>> 15:09:28 at
>> com.novell.nds.dirxml.driver.edir.LDAPInterface.registerDriverInstance(LDAPInterface.java:1119)
>> 15:09:28
>> 15:09:28 at
>> com.novell.nds.dirxml.driver.edir.EdirPublisher.register(EdirPublisher.java:84)
>> 15:09:28
>> 15:09:28 at
>> com.novell.nds.dirxml.driver.edir.EdirPublisher.WaitAndRestoreConnection(EdirPublisher.java:617)
>> 15:09:28
>> 15:09:28 at
>> com.novell.nds.dirxml.driver.edir.EDIRPublicationShim.start(EDIRPublicationShim.java:101)
>> 15:09:28
>> 15:09:28 at
>> com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:542)
>> 15:09:28
>> 15:09:28 at java.lang.Thread.run(Unknown Source)

>
> And the following on the target eDir server LDAP trace:
>> 15:09:25 New cleartext connection 0x14cb0330 from 10.30.188.160:61384,
>> monitor = 0x798, index = 3
>> 15:09:25 DoBind on connection 0x14cb0330
>> 15:09:25 Bind name:cn=IDM_ADMIN_PROXY,o=services, version:3,
>> authentication:simple
>> 15:09:25 Sending operation result 0:"":"" to connection 0x14cb0330
>> 15:09:25 DoExtended on connection 0x14cb0330
>> 15:09:25 DoExtended: Extension Request OID:
>> 2.16.840.1.113719.1.14.100.200
>> 15:09:25 Sending operation result 80:"":"insufficient space (-1)" to
>> connection 0x14cb0330
>> 15:09:55 DoExtended on connection 0x14cb0330

>
> It is a test tree for development, all servers are Windows, no change
> after target server eDir restart and reboots. Changed it from 636 to
> port 389 but no difference. Target server is only server in the tree
> and holds the one and only partition that exists.
>
> Turns out that it was a wonky rule that caused all the mayhem.


What did the rule do? I am guessing, ITP or OTP and it blocked some of
the startup events? If you veto all events, then the <init-params> event
is also vetoed, which is bad.


0 Likes
kmaule Absent Member.
Absent Member.

Re: eDir Bi-Directional driver


I think it was when I left out the usual "if class name = User, if
operation = modify" conditions.


--
kmaule
------------------------------------------------------------------------
kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=55252

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.