Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
2102 views

eDir bidirectional driver password sync on migrate

Hi I've set up the edir bidirectional driver (9.0.3) for one-way sync edir->vault (all attributes ignore for sub in filter. Passwoerd sync options: IDM accepts passwords, use distribution passwords) everything is working fine including password sync except when I migrate users (into vault), passwords fail to migrate. However if i create a new user manually in eDir and set the password, the password is also synced just fine and if the user himself changes the password it also works. This is working in my test environment where I have ChangeLog/eDir driver 9.0.2 running with eDirectory 9.0.3
Universal password are enabled for the users I'm trying to sycn and users are configured to be able to retrieve their own passwords (allowing the sync user/iManager user initiating the sync to retrieve password had no effect).
The ChangeLog module (9.0.3) is installed on the only eDirectory(version 8.8 SP8) server in the tree. I'm running IDM 4.6.1 on eDir 9.0.4.
the sync user has rights equal to admin.

I get this error when I migrate users into IDM, any ideas why?
[10/24/2017 14:26:12.384] Bi-directional eDirectory ST:Bi-directional eDirectory: Querying for the GUID : GUID is 80961252D45A464EFD8B80961252D45A
[10/24/2017 14:26:12.385] Bi-directional eDirectory ST:Bi-directional eDirectory: ERROR : Unexpected error while retreiving password information. Reason :
[10/24/2017 14:26:12.385] LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
[10/24/2017 14:26:12.385] LDAPException: Server Message: 17 (0x11)
[10/24/2017 14:26:12.385] LDAPException: Matched DN:
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.LDAPInterface.getPasswordRequest(LDAPInterface.java:1277)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EdirXdsUtil.checkUpdatePasswordAttrs(EdirXdsUtil.java:1288)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.Query.queryOperation(Query.java:447)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EDIRSubscriber.subscriberQueryOperation(EDIRSubscriber.java:866)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EDIRSubscriptionShim.execute(EDIRSubscriptionShim.java:238)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:470)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:304)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber$SubscriberAppQueryProcessor.query(Subscriber.java:2347)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Transformer.readObject(Transformer.java:1338)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher$SyncProcessor.process(Publisher.java:1339)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.processEvent(Publisher.java:880)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.processEvents(Publisher.java:782)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.execute(Publisher.java:466)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber$QueryProcessor.process(Subscriber.java:2123)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.processEvent(Subscriber.java:1156)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.processEvents(Subscriber.java:969)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Driver.submitTransaction(Driver.java:865)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.submitTransaction(DriverEntry.java:1158)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.processCachedTransaction(DriverEntry.java:1042)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.eventLoop(DriverEntry.java:850)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.run(DriverEntry.java:627)
[10/24/2017 14:26:12.385] at java.lang.Thread.run(Thread.java:748)
Labels (1)
0 Likes
16 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

I do not think I have seen that error before, but I would recommend
posting the full trace leading up to the error. You can increase logging
levels on the remote side via the driver config which will then show up in
the remote system's ndstrace output if you enable the appropriate filters,
and that may give us a clue as well, though since this is not a changelog
event per se I would focus on the engine and shim more than the changelog
part at this point (the trace should help there). I would also try
getting ndstrace output from the remote side with +TIME +TAGS +LDAP since
there may be something we can see there about the extended operation being
unrecognized.

If you have time, perhaps also try other tools that retrieve passwords,
such as Jim Willeke's DumpPasswordInformation.jar, to see if it works
against the same user.

https://www.netiq.com/communities/cool-solutions/cool_tools/password-information-tool/

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Absent Member.
Absent Member.

Level 5 trace, if that helps:
[10/24/2017 14:26:12.356] Bi-directional eDirectory EV: Writing data to cache:
[10/24/2017 14:26:12.356] Bi-directional eDirectory EV: Event: type(MIGRATE_APP)timestamp(0#0)
[10/24/2017 14:26:12.356] Bi-directional eDirectory EV: Wrote 210 bytes to cache 33070.TAO
[10/24/2017 14:26:12.356] Bi-directional eDirectory EV: Elapsed time: 0.019 milliseconds
[10/24/2017 14:26:12.356] Bi-directional eDirectory EV: Committing 210 bytes to cache 33070.TAO
[10/24/2017 14:26:12.363] Bi-directional eDirectory EV: Committed 210 bytes to cache 33070.TAO
[10/24/2017 14:26:12.363] Bi-directional eDirectory EV: Elapsed time: 6.388 milliseconds
[10/24/2017 14:26:12.371] Bi-directional eDirectory EV: Read 210 bytes from cache 33070.TAO
[10/24/2017 14:26:12.371] Bi-directional eDirectory EV: Elapsed time: 0.013 milliseconds
[10/24/2017 14:26:12.371] Bi-directional eDirectory ST:Start transaction.
[10/24/2017 14:26:12.371] Bi-directional eDirectory ST:type(custom-event)
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Processing events for transaction.
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="CN">
<value>TestUser</value>
</search-attr>
</query>
</input>
</nds>
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:No event transformation policies.
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Subscriber processing query for .
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Querying application for objects to migrate.
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Converting <query> to <query-ex>
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Fixing up association references.
[10/24/2017 14:26:12.372] Bi-directional eDirectory ST:Applying schema mapping policies to output.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:Applying policy: NOVLEDIR2DFC-smp.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Mapping attr-name 'CN' to 'cn'.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Mapping class-name 'User' to 'inetOrgPerson'.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Mapping class-name 'User' to 'inetOrgPerson'.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:Applying output transformation policies.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Applying to query-ex #1.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:Policy returned:
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query-ex class-name="inetOrgPerson" event-id="0" max-result-count="50" scope="subtree">
<search-class class-name="inetOrgPerson"/>
<search-attr attr-name="cn">
<value>TestUser</value>
</search-attr>
<read-attr/>
</query-ex>
</input>
</nds>
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:Submitting document to subscriber shim:
[10/24/2017 14:26:12.373] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query-ex class-name="inetOrgPerson" event-id="0" max-result-count="50" scope="subtree">
<search-class class-name="inetOrgPerson"/>
<search-attr attr-name="cn">
<value>TestUser</value>
</search-attr>
<read-attr/>
</query-ex>
</input>
</nds>
[10/24/2017 14:26:12.374] Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Search
base=
scope=2
filter=(&(|(objectclass=inetOrgPerson))(&(cn=TestUser)))
attrs=[1.1]
attrsOnly=true
[10/24/2017 14:26:12.377] Bi-directional eDirectory ST:Bi-directional eDirectory: Query.queryOperation() result=dn: cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: Person
objectclass: ndsLoginProperties
objectclass: Top
[10/24/2017 14:26:12.377] Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Search
base=cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation
scope=0
filter=null
attrs=[GUID]
attrsOnly=false
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Bi-directional eDirectory: Querying for the GUID : GUID is 80961252D45A464EFD8B80961252D45A
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:SubscriptionShim.execute() returned:
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="Bi-directional eDirectory" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="inetOrgPerson" event-id="0" src-dn="cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation">
<association state="associated">80961252D45A464EFD8B80961252D45A</association>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Applying input transformation policies.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Applying policy: NOVLPWDSYNC-itp-EmailOnFailedPwdSub.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Applying to instance #1.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Applying to status #2.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Policy returned:
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20170831_0108" instance="Bi-directional eDirectory" version="4.0.3.0">Identity Manager Bi-directional Driver for eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="inetOrgPerson" event-id="0" src-dn="cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation">
<association state="associated">80961252D45A464EFD8B80961252D45A</association>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Applying schema mapping policies to input.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Applying policy: NOVLEDIR2DFC-smp.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST: Mapping class-name 'inetOrgPerson' to 'User'.
[10/24/2017 14:26:12.378] Bi-directional eDirectory ST:Resolving association references.
[10/24/2017 14:26:12.379] Bi-directional eDirectory ST:Found 1 objects to migrate.
[10/24/2017 14:26:12.379] Bi-directional eDirectory ST:No event transformation policies.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:No associated objects.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Applying publisher filter.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Publisher processing sync for cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Reading relevant attributes from 80961252D45A464EFD8B80961252D45A.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" scope="entry">
<association>80961252D45A464EFD8B80961252D45A</association>
<read-attr attr-name="assistant"/>
<read-attr attr-name="assistantPhone"/>
<read-attr attr-name="businessCategory"/>
<read-attr attr-name="children"/>
<read-attr attr-name="city"/>
<read-attr attr-name="CN"/>
<read-attr attr-name="co"/>
<read-attr attr-name="company"/>
<read-attr attr-name="costCenter"/>
<read-attr attr-name="costCenterDescription"/>
<read-attr attr-name="departmentNumber"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="directReports"/>
<read-attr attr-name="EMail Address"/>
<read-attr attr-name="employeeStatus"/>
<read-attr attr-name="employeeType"/>
<read-attr attr-name="Equivalent To Me"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Full Name"/>
<read-attr attr-name="Generational Qualifier"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Group Membership"/>
<read-attr attr-name="homeCity"/>
<read-attr attr-name="homeEmailAddress"/>
<read-attr attr-name="homeFax"/>
<read-attr attr-name="homePhone"/>
<read-attr attr-name="homePostalAddress"/>
<read-attr attr-name="homeState"/>
<read-attr attr-name="homeZipCode"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="instantMessagingID"/>
[10/24/2017 14:26:12.380] <read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="jackNumber"/>
<read-attr attr-name="jobCode"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Language"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="Mailbox ID"/>
<read-attr attr-name="Mailbox Location"/>
<read-attr attr-name="mailstop"/>
<read-attr attr-name="manager"/>
<read-attr attr-name="managerWorkforceID"/>
<read-attr attr-name="mobile"/>
<read-attr attr-name="NSCP:employeeNumber"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="nsRoleDN"/>
<read-attr attr-name="O"/>
<read-attr attr-name="otherPhoneNumber"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="pager"/>
<read-attr attr-name="personalMobile"/>
<read-attr attr-name="personalTitle"/>
<read-attr attr-name="photo"/>
<read-attr attr-name="Physical Delivery Office Name"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="Postal Code"/>
<read-attr attr-name="Postal Office Box"/>
<read-attr attr-name="preferredDeliveryMethod"/>
<read-attr attr-name="preferredName"/>
<read-attr attr-name="registeredAddress"/>
<read-attr attr-name="roomNumber"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Security Equals"/>
<read-attr attr-name="See Also"/>
<read-attr attr-name="siteLocation"/>
<read-attr attr-name="spouse"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="teletexTerminalIdentifier"/>
[10/24/2017 14:26:12.380] <read-attr attr-name="telexNumber"/>
<read-attr attr-name="Timezone"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="tollFreePhoneNumber"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
<read-attr attr-name="vehicleInformation"/>
<read-attr attr-name="workforceID"/>
</query>
</input>
</nds>
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Fixing up association references.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Applying schema mapping policies to output.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Applying policy: NOVLEDIR2DFC-smp.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'CN' to 'cn'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Description' to 'description'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'EMail Address' to 'eMailAddress'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Equivalent To Me' to 'equivalentToMe'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Facsimile Telephone Number' to 'facsimiletelephonenumber'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Full Name' to 'fullName'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Generational Qualifier' to 'generationQualifier'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Given Name' to 'givenname'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Group Membership' to 'groupMembership'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Initials' to 'initials'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'L' to 'l'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Login Disabled' to 'loginDisabled'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Mailbox ID' to 'mailboxID'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Mailbox Location' to 'mailboxLocation'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'OU' to 'ou'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Physical Delivery Office Name' to 'physicalDeliveryOfficeName'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Postal Address' to 'postaladdress'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Postal Code' to 'postalCode'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Postal Office Box' to 'postOfficeBox'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'S' to 'st'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'SA' to 'street'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Security Equals' to 'securityEquals'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Surname' to 'sn'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Telephone Number' to 'telephonenumber'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'Title' to 'title'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'uniqueID' to 'uid'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping attr-name 'userCertificate' to 'usercertificate'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Mapping class-name 'User' to 'inetOrgPerson'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Applying output transformation policies.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Applying policy: NOVLPWDSYNC-otp-EmailOnFailedPwdPub.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Applying to query #1.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST: Rule rejected.
[10/24/2017 14:26:12.380] Bi-directional eDirectory ST:Policy returned:
[10/24/2017 14:26:12.381] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" event-id="0" scope="entry">
<association>80961252D45A464EFD8B80961252D45A</association>
<read-attr attr-name="assistant"/>
<read-attr attr-name="assistantPhone"/>
<read-attr attr-name="businessCategory"/>
<read-attr attr-name="children"/>
<read-attr attr-name="city"/>
<read-attr attr-name="cn"/>
<read-attr attr-name="co"/>
<read-attr attr-name="company"/>
<read-attr attr-name="costCenter"/>
<read-attr attr-name="costCenterDescription"/>
<read-attr attr-name="departmentNumber"/>
<read-attr attr-name="description"/>
<read-attr attr-name="directReports"/>
<read-attr attr-name="eMailAddress"/>
<read-attr attr-name="employeeStatus"/>
<read-attr attr-name="employeeType"/>
<read-attr attr-name="equivalentToMe"/>
<read-attr attr-name="facsimiletelephonenumber"/>
<read-attr attr-name="fullName"/>
<read-attr attr-name="generationQualifier"/>
<read-attr attr-name="givenname"/>
<read-attr attr-name="groupMembership"/>
<read-attr attr-name="homeCity"/>
<read-attr attr-name="homeEmailAddress"/>
<read-attr attr-name="homeFax"/>
<read-attr attr-name="homePhone"/>
<read-attr attr-name="homePostalAddress"/>
<read-attr attr-name="homeState"/>
<read-attr attr-name="homeZipCode"/>
<read-attr attr-name="initials"/>
<read-attr attr-name="instantMessagingID"/>
[10/24/2017 14:26:12.381] <read-attr attr-name="mail"/>
<read-attr attr-name="jackNumber"/>
<read-attr attr-name="jobCode"/>
<read-attr attr-name="l"/>
<read-attr attr-name="Language"/>
<read-attr attr-name="loginDisabled"/>
<read-attr attr-name="mailboxID"/>
<read-attr attr-name="mailboxLocation"/>
<read-attr attr-name="mailstop"/>
<read-attr attr-name="manager"/>
<read-attr attr-name="managerWorkforceID"/>
<read-attr attr-name="mobile"/>
<read-attr attr-name="NSCP:employeeNumber"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="nsRoleDN"/>
<read-attr attr-name="O"/>
<read-attr attr-name="otherPhoneNumber"/>
<read-attr attr-name="ou"/>
<read-attr attr-name="pager"/>
<read-attr attr-name="personalMobile"/>
<read-attr attr-name="personalTitle"/>
<read-attr attr-name="photo"/>
<read-attr attr-name="physicalDeliveryOfficeName"/>
<read-attr attr-name="postaladdress"/>
<read-attr attr-name="postalCode"/>
<read-attr attr-name="postOfficeBox"/>
<read-attr attr-name="preferredDeliveryMethod"/>
<read-attr attr-name="preferredName"/>
<read-attr attr-name="registeredAddress"/>
<read-attr attr-name="roomNumber"/>
<read-attr attr-name="st"/>
<read-attr attr-name="street"/>
<read-attr attr-name="securityEquals"/>
<read-attr attr-name="See Also"/>
<read-attr attr-name="siteLocation"/>
<read-attr attr-name="spouse"/>
<read-attr attr-name="sn"/>
<read-attr attr-name="telephonenumber"/>
<read-attr attr-name="teletexTerminalIdentifier"/>
<read-attr attr-name="telexNumber"/>
[10/24/2017 14:26:12.381] <read-attr attr-name="Timezone"/>
<read-attr attr-name="title"/>
<read-attr attr-name="tollFreePhoneNumber"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uid"/>
<read-attr attr-name="usercertificate"/>
<read-attr attr-name="vehicleInformation"/>
<read-attr attr-name="workforceID"/>
</query>
</input>
</nds>
[10/24/2017 14:26:12.381] Bi-directional eDirectory ST:Submitting document to subscriber shim:
[10/24/2017 14:26:12.381] Bi-directional eDirectory ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.6.1.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="inetOrgPerson" event-id="0" scope="entry">
<association>80961252D45A464EFD8B80961252D45A</association>
<read-attr attr-name="assistant"/>
<read-attr attr-name="assistantPhone"/>
<read-attr attr-name="businessCategory"/>
<read-attr attr-name="children"/>
<read-attr attr-name="city"/>
<read-attr attr-name="cn"/>
<read-attr attr-name="co"/>
<read-attr attr-name="company"/>
<read-attr attr-name="costCenter"/>
<read-attr attr-name="costCenterDescription"/>
<read-attr attr-name="departmentNumber"/>
<read-attr attr-name="description"/>
<read-attr attr-name="directReports"/>
<read-attr attr-name="eMailAddress"/>
<read-attr attr-name="employeeStatus"/>
<read-attr attr-name="employeeType"/>
<read-attr attr-name="equivalentToMe"/>
<read-attr attr-name="facsimiletelephonenumber"/>
<read-attr attr-name="fullName"/>
<read-attr attr-name="generationQualifier"/>
<read-attr attr-name="givenname"/>
<read-attr attr-name="groupMembership"/>
<read-attr attr-name="homeCity"/>
<read-attr attr-name="homeEmailAddress"/>
<read-attr attr-name="homeFax"/>
<read-attr attr-name="homePhone"/>
<read-attr attr-name="homePostalAddress"/>
<read-attr attr-name="homeState"/>
<read-attr attr-name="homeZipCode"/>
<read-attr attr-name="initials"/>
<read-attr attr-name="instantMessagingID"/>
[10/24/2017 14:26:12.381] <read-attr attr-name="mail"/>
<read-attr attr-name="jackNumber"/>
<read-attr attr-name="jobCode"/>
<read-attr attr-name="l"/>
<read-attr attr-name="Language"/>
<read-attr attr-name="loginDisabled"/>
<read-attr attr-name="mailboxID"/>
<read-attr attr-name="mailboxLocation"/>
<read-attr attr-name="mailstop"/>
<read-attr attr-name="manager"/>
<read-attr attr-name="managerWorkforceID"/>
<read-attr attr-name="mobile"/>
<read-attr attr-name="NSCP:employeeNumber"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="nsRoleDN"/>
<read-attr attr-name="O"/>
<read-attr attr-name="otherPhoneNumber"/>
<read-attr attr-name="ou"/>
<read-attr attr-name="pager"/>
<read-attr attr-name="personalMobile"/>
<read-attr attr-name="personalTitle"/>
<read-attr attr-name="photo"/>
<read-attr attr-name="physicalDeliveryOfficeName"/>
<read-attr attr-name="postaladdress"/>
<read-attr attr-name="postalCode"/>
<read-attr attr-name="postOfficeBox"/>
<read-attr attr-name="preferredDeliveryMethod"/>
<read-attr attr-name="preferredName"/>
<read-attr attr-name="registeredAddress"/>
<read-attr attr-name="roomNumber"/>
<read-attr attr-name="st"/>
<read-attr attr-name="street"/>
<read-attr attr-name="securityEquals"/>
<read-attr attr-name="See Also"/>
<read-attr attr-name="siteLocation"/>
<read-attr attr-name="spouse"/>
<read-attr attr-name="sn"/>
<read-attr attr-name="telephonenumber"/>
<read-attr attr-name="teletexTerminalIdentifier"/>
<read-attr attr-name="telexNumber"/>
[10/24/2017 14:26:12.381] <read-attr attr-name="Timezone"/>
<read-attr attr-name="title"/>
<read-attr attr-name="tollFreePhoneNumber"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uid"/>
<read-attr attr-name="usercertificate"/>
<read-attr attr-name="vehicleInformation"/>
<read-attr attr-name="workforceID"/>
</query>
</input>
</nds>
[10/24/2017 14:26:12.381] Bi-directional eDirectory ST:Bi-directional eDirectory: Making the GUID Cache capcity as 10000.
[10/24/2017 14:26:12.381] Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Search
base=OU=SomeOU,O=SomeOrganisation
scope=2
filter=guid=\80\96\12\52\D4\5A\46\4E\FD\8B\80\96\12\52\D4\5A
attrs=[dn]
attrsOnly=false
[10/24/2017 14:26:12.382] Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Search
base=cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation
scope=0
filter=(objectclass=*)
attrs=[assistant, assistantPhone, businessCategory, children, city, cn, co, company, costCenter, costCenterDescription, departmentNumber, description, directReports, eMailAddress, employeeStatus, employeeType, equivalentToMe, facsimiletelephonenumber, fullName, generationQualifier, givenname, groupMembership, homeCity, homeEmailAddress, homeFax, homePhone, homePostalAddress, homeState, homeZipCode, initials, instantMessagingID, mail, jackNumber, jobCode, l, Language, loginDisabled, mailboxID, mailboxLocation, mailstop, manager, managerWorkforceID, mobile, NSCP:employeeNumber, nsRoleDN, O, otherPhoneNumber, ou, pager, personalMobile, personalTitle, photo, physicalDeliveryOfficeName, postaladdress, postalCode, postOfficeBox, preferredDeliveryMethod, preferredName, registeredAddress, roomNumber, st, street, securityEquals, See Also, siteLocation, spouse, sn, telephonenumber, teletexTerminalIdentifier, telexNumber, Timezone, title, tollFreePhoneNumber, UID, uid, usercertificate, vehicleInformation, workforceID, objectclass]
attrsOnly=false
[10/24/2017 14:26:12.384] Bi-directional eDirectory ST:Bi-directional eDirectory: Query.queryOperation() result=dn: cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation
Language: ENGLISH
UID: TestUser
sn: sa
cn: TestUser
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: Person
objectclass: ndsLoginProperties
objectclass: Top
[10/24/2017 14:26:12.384] Bi-directional eDirectory ST:Bi-directional eDirectory: LDAP Search
base=cn=TestUser,ou=Ck,ou=Users,ou=SomeOU,o=SomeOrganisation
scope=0
filter=null
attrs=[GUID]
attrsOnly=false
[10/24/2017 14:26:12.384] Bi-directional eDirectory ST:Bi-directional eDirectory: Querying for the GUID : GUID is 80961252D45A464EFD8B80961252D45A
[10/24/2017 14:26:12.385] Bi-directional eDirectory ST:Bi-directional eDirectory: ERROR : Unexpected error while retreiving password information. Reason :
[10/24/2017 14:26:12.385] LDAPException: Undefined Attribute Type (17) Undefined Attribute Type
[10/24/2017 14:26:12.385] LDAPException: Server Message: 17 (0x11)
[10/24/2017 14:26:12.385] LDAPException: Matched DN:
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.LDAPInterface.getPasswordRequest(LDAPInterface.java:1277)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EdirXdsUtil.checkUpdatePasswordAttrs(EdirXdsUtil.java:1288)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.Query.queryOperation(Query.java:447)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EDIRSubscriber.subscriberQueryOperation(EDIRSubscriber.java:866)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.driver.edir.EDIRSubscriptionShim.execute(EDIRSubscriptionShim.java:238)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:470)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:304)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber$SubscriberAppQueryProcessor.query(Subscriber.java:2347)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Transformer.readObject(Transformer.java:1338)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher$SyncProcessor.process(Publisher.java:1339)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.processEvent(Publisher.java:880)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.processEvents(Publisher.java:782)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Publisher.execute(Publisher.java:466)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber$QueryProcessor.process(Subscriber.java:2123)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.processEvent(Subscriber.java:1156)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Subscriber.processEvents(Subscriber.java:969)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.Driver.submitTransaction(Driver.java:865)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.submitTransaction(DriverEntry.java:1158)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.processCachedTransaction(DriverEntry.java:1042)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.eventLoop(DriverEntry.java:850)
[10/24/2017 14:26:12.385] at com.novell.nds.dirxml.engine.DriverEntry.run(DriverEntry.java:627)
[10/24/2017 14:26:12.385] at java.lang.Thread.run(Thread.java:748)
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Okay, to me this all looks pretty okay, but the ndstrace output (with
LDAP) on the remote side may give us a better clue as to what is really
happening.

It may also be useful to have the startup trace of this driver config from
the engine side to see if anything stands out there, such as if you are
using TCP 389 instead of TCP 636, which would probably be a big no-no in
this case.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Absent Member.
Absent Member.

Here's the startup trace attached.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Nothing in there looks too strange; if you can post the ndstrace LDAP
output from the remote side during this operation that may be the next
best thing. While ad it you may want to add NICI to the list of filters
just in case we get some errors out of that.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Absent Member.
Absent Member.

Here's the trace from the eDir-side on a user migrate:
14:42:39.61] (*GWDataSyncServerIP*:36670)(0x37604:0x63) Sending operation result 0:"":"" to connection 0x1662ce00
3547772672 LDAP: [2017/10/27 14:42:39.753] (*VaultIP*:48374)(0x003d:0x63) DoSearch on connection 0x13bcae00
3547772672 LDAP: [2017/10/27 14:42:39.753] (*VaultIP*:48374)(0x003d:0x63) Search request:
base: ""
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:1
filter: "(&(|(objectclass=inetOrgPerson))(&(cn=TestUser)))"
attribute: "1.1"
3547772672 LDAP: [2017/10/27 14:42:39.754] (*VaultIP*:48374)(0x003d:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bcae00
3547772672 LDAP: [2017/10/27 14:42:39.754] (*VaultIP*:48374)(0x003d:0x63) Sending operation result 0:"":"" to connection 0x13bcae00
3561961216 LDAP: [2017/10/27 14:42:39.756] (*VaultIP*:48374)(0x003e:0x63) DoSearch on connection 0x13bcae00
3561961216 LDAP: [2017/10/27 14:42:39.757] (*VaultIP*:48374)(0x003e:0x63) Search request:
base: "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0a
filter: "(objectclass=*)"
attribute: "objectclass"
3561961216 LDAP: [2017/10/27 14:42:39.757] (*VaultIP*:48374)(0x003e:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bcae00
3561961216 LDAP: [2017/10/27 14:42:39.757] (*VaultIP*:48374)(0x003e:0x63) Sending operation result 0:"":"" to connection 0x13bcae00
4029675264 LDAP: [2017/10/27 14:42:39.758] (*VaultIP*:48374)(0x003f:0x63) DoSearch on connection 0x13bcae00
4029675264 LDAP: [2017/10/27 14:42:39.758] (*VaultIP*:48374)(0x003f:0x63) Search request:
base: "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "GUID"
4029675264 LDAP: [2017/10/27 14:42:39.758] (*VaultIP*:48374)(0x003f:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bcae00
4029675264 LDAP: [2017/10/27 14:42:39.758] (*VaultIP*:48374)(0x003f:0x63) Sending operation result 0:"":"" to connection 0x13bcae00
3549878016 LDAP: [2017/10/27 14:42:39.769] (*VaultIP*:48380)(0x0040:0x63) DoSearch on connection 0x13bca700
3549878016 LDAP: [2017/10/27 14:42:39.769] (*VaultIP*:48380)(0x0040:0x63) Search request:
base: "OU=SomeOU,O=SomeOrg"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(guid=\15\23\F9\FE\9E\FA\2D\49\FB\86\15\23\F9\FE\9E\FA)"
attribute: "dn"
3549878016 LDAP: [2017/10/27 14:42:39.770] (*VaultIP*:48380)(0x0040:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bca700
3549878016 LDAP: [2017/10/27 14:42:39.770] (*VaultIP*:48380)(0x0040:0x63) Sending operation result 0:"":"" to connection 0x13bca700
3566171904 LDAP: [2017/10/27 14:42:39.771] (*VaultIP*:48374)(0x0041:0x63) DoSearch on connection 0x13bcae00
3566171904 LDAP: [2017/10/27 14:42:39.772] (*VaultIP*:48374)(0x0041:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bcae00
3566171904 LDAP: [2017/10/27 14:42:39.772] (*VaultIP*:48374)(0x0041:0x63) Sending operation result 0:"":"" to connection 0x13bcae00
4032833280 LDAP: [2017/10/27 14:42:39.773] (*VaultIP*:48374)(0x0042:0x63) DoSearch on connection 0x13bcae00
4032833280 LDAP: [2017/10/27 14:42:39.773] (*VaultIP*:48374)(0x0042:0x63) Search request:
base: "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "GUID"
4032833280 LDAP: [2017/10/27 14:42:39.773] (*VaultIP*:48374)(0x0042:0x63) Sending search result entry "cn=TestUser,ou=Users,ou=SomeOU,o=SomeOrg" to connection 0x13bcae00
4032833280 LDAP: [2017/10/27 14:42:39.773] (*VaultIP*:48374)(0x0042:0x63) Sending operation result 0:"":"" to connection 0x13bcae00
3579856640 LDAP: [2017/10/27 14:42:39.774] (*VaultIP*:48374)(0x0043:0x77) DoExtended on connection 0x13bcae00
3579856640 LDAP: [2017/10/27 14:42:39.774] (*VaultIP*:48374)(0x0043:0x77) DoExtended: Extension Request OID: 2.16.840.1.113719.1.14.100.200
3579856640 LDAP: [2017/10/27 14:42:39.774] (*VaultIP*:48374)(0x0043:0x77) Sending operation result 17:"":"17 (0x11)" to connection 0x13bcae00
4029675264 LDAP: [2017/10/27 14:42:39.870] (*GWDataSyncServerIP*:36670)(0x37605:0x63) DoSearch on connection 0x1662ce00
4029675264 LDAP: [2017/10/27 14:42:39.870] (*GWDataSyncServerIP*:36670)(0x37605:0x63) Search request:
base:
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

> 3579856640 LDAP: [2017/10/27 14:42:39.774]
> (10.114.80.67:48374)(0x0043:0x77) DoExtended on connection 0x13bcae00
> 3579856640 LDAP: [2017/10/27 14:42:39.774]
> (10.114.80.67:48374)(0x0043:0x77) DoExtended: Extension Request OID:
> 2.16.840.1.113719.1.14.100.200
> 3579856640 LDAP: [2017/10/27 14:42:39.774]
> (10.114.80.67:48374)(0x0043:0x77) Sending operation result 17:"":"17
> (0x11)" to connection 0x13bcae00


Before I go through this in detail, do you have the "bidirectional"
driver's changelog module on your remote eDirectory box, the one from
which you grabbed this ndstrace output? I ask because you have that LDAP
17 error in there and the OID specified is one you would get if things
were not setup quite right, so while I do not know that it is directly the
cause of what you are seeing, I also do not know it is not:

https://www.novell.com/support/kb/doc.php?id=7014458

I think you said in your first post that you do have the module in there,
so I would then check the bit in that TID about replicas, specifically for
the server object, to see if that may be the cause of the error.

Also, as a quick note, eDirectory 9.0 SP4 is out, and it has some REALLY
important fixes in there for anybody using auxiliary classes who may want
to move an object. Patching to SP4 is important, and should be painless
otherwise.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Absent Member.
Absent Member.

As stated in my first post, ChageLog module is installed (normal publisher channel sync, including password sync is working fine). The eDir server on which it's installed is the only one in the tree. I only see errors when trying to migrate users into the vault using iManager (same with standalone and workstation). Do you think this could be caused by improper installation of the ChangeLog module somehow?
0 Likes
Absent Member.
Absent Member.

I meant to say that I tried migration using both the "server" and workstation versions of iManager, it made no difference.
0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Did you ever find a resolution to this?
I'm running into exactly the same problem I believe.
The UP is set, I can extract the password using the DumUP tool; but the driver will not pull the password on a migrate.
Normal password change events flow fine.
0 Likes
Absent Member.
Absent Member.

No, no resolution yet, we tried to set this up with an old colleague a his site but could not get the password sync to work during a migrate. He's got an SR open at the moment. I've got it working in my test environment but can't figure out what the relevant difference is between the two environments.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.