moularbi Absent Member.
Absent Member.
301 views

eDir to eDir driver


Hi,
I have to make user account provisioning from TREE-A to TREE-B. How
should I set up the filters and policies? Should I configure them on
each driver? Do I need to use subscriber channel of the first driver and
publisher channel of the second one to create users accounts?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=453832

Labels (1)
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On Fri, 23 Mar 2012 14:16:01 +0000, moularbi wrote:

> I have to make user account provisioning from TREE-A to TREE-B. How
> should I set up the filters and policies?


You'll install two drivers, one in each tree, that talk to each other.
Start with the defaults, then customize as needed.


> Should I configure them on each driver?


You'll have to, yes, unless you want the defaults.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On 3/23/2012 10:16 AM, moularbi wrote:
>
> Hi,
> I have to make user account provisioning from TREE-A to TREE-B. How
> should I set up the filters and policies? Should I configure them on
> each driver? Do I need to use subscriber channel of the first driver and
> publisher channel of the second one to create users accounts?


Ah the joys of getting started. How experienced with IDM are you?

The eDir driver is confusing.

You basically do everything in teh Pub channel. I.e. Inbound to eDir on
each side.

In Tree-A the only thing you would do Sub channel is scope it to just
the objects you want to send over. Be careful if you use a Veto, to add
a condition that limits it to Users or Groups, since you could easily
veto a driver startup event.


0 Likes
Highlighted
moularbi Absent Member.
Absent Member.

Re: eDir to eDir driver


geoffc;2184754 Wrote:
> On 3/23/2012 10:16 AM, moularbi wrote:
> >
> > Hi,
> > I have to make user account provisioning from TREE-A to TREE-B. How
> > should I set up the filters and policies? Should I configure them on
> > each driver? Do I need to use subscriber channel of the first driver

> and
> > publisher channel of the second one to create users accounts?

>
> Ah the joys of getting started. How experienced with IDM are you?
>
> The eDir driver is confusing.
>
> You basically do everything in teh Pub channel. I.e. Inbound to eDir
> on
> each side.
>
> In Tree-A the only thing you would do Sub channel is scope it to just
> the objects you want to send over. Be careful if you use a Veto, to
> add
> a condition that limits it to Users or Groups, since you could easily
> veto a driver startup event.


I'm new to IDM drivers.
What about the schema mapping policy? Should I create it in the two
drivers?
The driver cache of the second eDirectory is empty. How to make the two
drivers communicate?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=453832

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On 3/26/2012 5:46 AM, moularbi wrote:
>
> geoffc;2184754 Wrote:
>> On 3/23/2012 10:16 AM, moularbi wrote:
>>>
>>> Hi,
>>> I have to make user account provisioning from TREE-A to TREE-B. How
>>> should I set up the filters and policies? Should I configure them on
>>> each driver? Do I need to use subscriber channel of the first driver

>> and
>>> publisher channel of the second one to create users accounts?

>>
>> Ah the joys of getting started. How experienced with IDM are you?
>>
>> The eDir driver is confusing.
>>
>> You basically do everything in teh Pub channel. I.e. Inbound to eDir
>> on
>> each side.
>>
>> In Tree-A the only thing you would do Sub channel is scope it to just
>> the objects you want to send over. Be careful if you use a Veto, to
>> add
>> a condition that limits it to Users or Groups, since you could easily
>> veto a driver startup event.

>
> I'm new to IDM drivers.


Can I suggest some reading that will answer many of the questions you
have now, and will have in the future?

David Gersic summarized what happens in each step of the fishbone
diagram (the different policy sets). bascially this talks about the
event flow:
http://www.novell.com/communities/node/6679/guided-tour-novell-identity-manager
http://www.novell.com/communities/node/6696/guided-tour-novell-identity-manager
http://www.novell.com/communities/node/6697/guided-tour-novell-identity-manager


Next to troubleshoot any of this, you will need to know about dstrace,
and how to read the IDM version of its output:

These are the best articles on Dstrace I have seen. first is most
important, second two will teach you more, but first is key:

http://www.novell.com/communities/node/5681/capturing-and-reading-novell-identity-manager-traces
http://www.novell.com/communities/node/9677/comprehending-idm-traces-part-1
http://www.novell.com/communities/node/11166/comprehending-idm-traces-part-2



> What about the schema mapping policy? Should I create it in the two
> drivers?


If the attribute names are the same, no need for either. If you are
converting names, do it in one driver but not the other.


> The driver cache of the second eDirectory is empty. How to make the two
> drivers communicate?


Cache is what it says. A cache of unprocessed events. Should be empty.

IDM is event driven. You want to know how to migrate users. Use
iManager, IDM sidebar, iDM Overview, find your driver in the driverset
(The UI is silly, when asked for the container to search for drivers,
clcik on the small left arrow and it will search).

In the driverset view, click on your driver, and there will be a menu
item, Migrate. In an eDir driver you cannot use Migrate into IDV you
have to use Migrate from IDV/eDir. (The other way works on other
drivers, just not this one).



0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On Mon, 26 Mar 2012 09:46:02 +0000, moularbi wrote:

> I'm new to IDM drivers.
> What about the schema mapping policy? Should I create it in the two
> drivers?


For eDirectory, assuming that the schema is the same in both trees, I
don't normally bother with schema mapping. I mean, what's the point of
mapping Tree1/Surname to Tree2/Surname?


> The driver cache of the second eDirectory is empty. How to make the two
> drivers communicate?


The driver cache (*.TAO) file is populated when events happen that have
not yet been processed. If there's nothing in the cache, then there's no
pending work to do.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
moularbi Absent Member.
Absent Member.

Re: eDir to eDir driver


It's not the same schema, we have an auxiliary class on the first tree
and I need to map some of its attributes to other attributes on the
second tree. If an event happen in the first tree, shouldn't he appear
in the cache of the second driver?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=453832

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On Mon, 26 Mar 2012 15:16:02 +0000, moularbi wrote:

> It's not the same schema, we have an auxiliary class on the first tree
> and I need to map some of its attributes to other attributes on the
> second tree.


Using a Schema map makes sense for you, then.


> If an event happen in the first tree, shouldn't he appear
> in the cache of the second driver?


No. The cache file is used to hold events that have not yet been
processed by the subscriber.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
moularbi Absent Member.
Absent Member.

Re: eDir to eDir driver


I configured secured communication between the two directories, I set up
filters, schema map policy and created policies in the publisher
channel. When I create or modify a user in the first tree nothing
happens in the second tree. Did I miss something?
When I start the driver I get this warning:

When I start the driver I get this warning:

14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Connecting to
remote Publisher at 172.17.0.54:8196
14:17:10 FFFFFFFFB7C97710 Drvrs: eDirectory Driver :: Connection
monitor thread starting.
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Creating an
NTLSSocket
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Received
shutdown.
14:17:10 FFFFFFFFB7C97710 Drvrs: eDirectory Driver :: Connection
monitor thread exiting.
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: end
getSchema()
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver
ST:DriverShim.getSchema() returned:
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:
<nds dtdversion="4.0">
<source>
<product instance="eDirectory Driver" version="4.0.1.0">DirXML Driver
for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="" level="retry"
type="app-connection">java.net.ConnectException: Connection
refused</status>
</output>
</nds>
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:
DirXML Log Event -------------------
Driver: \BOULANGER-TREE\system\Driver Set\eDirectory Driver
Status: Retry
Message: java.net.ConnectException: Connection refused
14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:
DirXML Log Event -------------------
Driver: \BOULANGER-TREE\system\Driver Set\eDirectory Driver
Status: Warning
Message: Code(-8001) Unable to retrieve application schema.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=453832

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir to eDir driver

On 27.03.2012 15:16, moularbi wrote:
>
> I configured secured communication between the two directories, I set up
> filters, schema map policy and created policies in the publisher
> channel. When I create or modify a user in the first tree nothing
> happens in the second tree. Did I miss something?
> When I start the driver I get this warning:
>
> When I start the driver I get this warning:
>
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Connecting to
> remote Publisher at 172.17.0.54:8196
> 14:17:10 FFFFFFFFB7C97710 Drvrs: eDirectory Driver :: Connection
> monitor thread starting.
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Creating an
> NTLSSocket
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: Received
> shutdown.
> 14:17:10 FFFFFFFFB7C97710 Drvrs: eDirectory Driver :: Connection
> monitor thread exiting.
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:: end
> getSchema()
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver
> ST:DriverShim.getSchema() returned:
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:
> <nds dtdversion="4.0">
> <source>
> <product instance="eDirectory Driver" version="4.0.1.0">DirXML Driver
> for eDirectory</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status event-id="" level="retry"
> type="app-connection">java.net.ConnectException: Connection
> refused</status>
> </output>
> </nds>
> 14:17:10 FFFFFFFFB5986710 Drvrs: eDirectory Driver ST:
> DirXML Log Event -------------------
> Driver: \BOULANGER-TREE\system\Driver Set\eDirectory Driver
> Status: Retry
> Message: java.net.ConnectException: Connection refused


Check that both drivers are started and there are no firewalls between
the two directories. The other directory is not accepting your connection.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.