Anonymous_User Absent Member.
Absent Member.
256 views

where to change group object container for eDir driver?


Environment :

IDM 4.0.2
Suse Linux 11sp2 x64
eDirectory 8.8.72
eDir driver eDirectory-IDM3_6_0-v3.xml

Objects are created from Tree A to Tree B

There is no error for creating user objects, while I specify the user
container as users.TreeB

I've specified the groups object should be located in groups.TreeB

But when I create a group, it shows that

Creating RND testgroup1 in context data\company\groups

then error comes up with

Message: Code(-9010) and exception
occurred:novell.jclient.JCExcpetion:nameToID -601 ERR_NO_SUCH_ENTRY

It is really strange that why the group object cannot be located in
groups.TreeB?

There is no method to specify the group container after setup the eDir
driver, can anyone pls help me?

Many thanks,

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=47575

Labels (1)
0 Likes
15 Replies
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


First verify your group object Source DN Properly and make sure there is
no mistype.
the context data\company\groups where exist in your target edirectory or
source edirectory?

Second Do you have any partition in your e directory server?


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


There is no typo, data\company\groups is the default setting by setup
the driver. However, I ensure I've setup the group object container as
groups.TreeB.

The problem is NO the container can be seen the Global Configuration
Values page. That's why I have the post.


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


ok.So your problem on seting the GCV.you are now use the default GCV
value for group container.

1>From Global Configuration Value page you can go to the driver
configuration page.you can see the GCV's.and set the GCV for group
container
or,
2>create your own GCV for group container and use this GCV where
needed(EX: placement policy,event transform policy)


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
Knowledge Partner
Knowledge Partner

Re: where to change group object container for eDir driver?

Do remember that a GCV can be set on a Driver, but also at the DriverSet
level.

If you are using the packaged versions of the drivers (though your note
suggests an older config file) take a look at the driverset objects
properties, (easy in Designer, I forget where in iManager) and there are
GCVs set there.

The default packages require a GCV idv.dit.data.group usually, from I
think Common Settings package, and that might be where it is coming from.


On 4/18/2013 12:34 AM, ayeungied wrote:
>
> Environment :
>
> IDM 4.0.2
> Suse Linux 11sp2 x64
> eDirectory 8.8.72
> eDir driver eDirectory-IDM3_6_0-v3.xml
>
> Objects are created from Tree A to Tree B
>
> There is no error for creating user objects, while I specify the user
> container as users.TreeB
>
> I've specified the groups object should be located in groups.TreeB
>
> But when I create a group, it shows that
>
> Creating RND testgroup1 in context data\company\groups
>
> then error comes up with
>
> Message: Code(-9010) and exception
> occurred:novell.jclient.JCExcpetion:nameToID -601 ERR_NO_SUCH_ENTRY
>
> It is really strange that why the group object cannot be located in
> groups.TreeB?
>
> There is no method to specify the group container after setup the eDir
> driver, can anyone pls help me?
>
> Many thanks,
>
> Agnes
>
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?

On Thu, 18 Apr 2013 04:34:02 +0000, ayeungied wrote:

> There is no error for creating user objects, while I specify the user
> container as users.TreeB


This should be in slash format (TreeB\users), not dotted.


> There is no method to specify the group container after setup the eDir
> driver, can anyone pls help me?


This is in the Global Config Values (GCV) for the driver, its driver set,
or the ID Vault, depending on your configuration.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: where to change group object container for eDir driver?

On 4/18/2013 10:00 AM, David Gersic wrote:
> On Thu, 18 Apr 2013 04:34:02 +0000, ayeungied wrote:
>
>> There is no error for creating user objects, while I specify the user
>> container as users.TreeB

>
> This should be in slash format (TreeB\users), not dotted.


That is a good and critical point. Watch the Match policy to see where
this is commonly used.


>> There is no method to specify the group container after setup the eDir
>> driver, can anyone pls help me?

>
> This is in the Global Config Values (GCV) for the driver, its driver set,
> or the ID Vault, depending on your configuration.


Minor quibble, GCV's are only on Driver and DriverSet, not IDVault
itself. But it is likely this is set on the Driver Set, in IDM 4
packaged based configurations.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


Thanks all.

I finally get your point and I set the group info as abc\groups in the
GCV of the driver set and it works to create group now.

However,

I have the group structure as in Tree ABC

Tree ABC/Groups/mail
Tree ABC/Groups/unix
Tree ABC/Groups/web
Tree ABC/Groups/ou-groups

When I create group object named abcmailgroup1 under Tree
ABC/Groups/mail

The abcmailgroup1 will be created in

Tree DEF/Groups level only, where the identical group structure has been
created in Tree DEF,

besides, when I create the ou mail, unix, web and ou-groups, error comes
up with

Code(-9064) No DN generated by object placement policy. They cannot be
created.

I can only create the related OU manually in the 2 trees.

The eDirctory Publisher Placement type is set to FLAT.

When I changed the FLAT to Mirrored, all objects, including user object
cannot be created with same error Code(-9064) No DN generated by object
placement policy.

So what's wrong?

Thanks.

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?

Post a trace.

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?

On 04/19/2013 05:24 AM, ayeungied wrote:
>
> Thanks all.
>
> I finally get your point and I set the group info as abc\groups in the
> GCV of the driver set and it works to create group now.
>
> However,
>
> I have the group structure as in Tree ABC
>
> Tree ABC/Groups/mail
> Tree ABC/Groups/unix
> Tree ABC/Groups/web
> Tree ABC/Groups/ou-groups
>
> When I create group object named abcmailgroup1 under Tree
> ABC/Groups/mail
>
> The abcmailgroup1 will be created in
>
> Tree DEF/Groups level only, where the identical group structure has been
> created in Tree DEF,
>
> besides, when I create the ou mail, unix, web and ou-groups, error comes
> up with
>
> Code(-9064) No DN generated by object placement policy. They cannot be
> created.
>
> I can only create the related OU manually in the 2 trees.
>
> The eDirctory Publisher Placement type is set to FLAT.
>
> When I changed the FLAT to Mirrored, all objects, including user object
> cannot be created with same error Code(-9064) No DN generated by object
> placement policy.
>
> So what's wrong?
>
> Thanks.
>
> Agnes
>
>


When dealing with groups, it is and was always a good idea to include
the treename into all requests
0 Likes
Knowledge Partner
Knowledge Partner

Re: where to change group object container for eDir driver?

> When dealing with groups, it is and was always a good idea to include
> the treename into all requests


How so? In general, in backslash notation, the key is, leading
backslash or not.

o\ou\Group is legal
\Tree\o\ou\Group is legal

But \o\ou\Group is not, and needs the tree name.

What are you thinking is different in the case of groups?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?

On 04/19/2013 04:01 PM, Geoffrey Carman wrote:
>> When dealing with groups, it is and was always a good idea to include
>> the treename into all requests

>
> How so? In general, in backslash notation, the key is, leading
> backslash or not.
>
> o\ou\Group is legal
> \Tree\o\ou\Group is legal
>
> But \o\ou\Group is not, and needs the tree name.
>
> What are you thinking is different in the case of groups?

Sure, when you put in the leading slash, you tell the engine that its an
absolute path. Its just my experience to have less trouble with
grouphandling (or better: in general when dealing with something in DN
notation) using absolute paths.
I cant tell for sure, but I am under the assumption that the engine (or
more precise dirxml-script) is sometimes a little bit inconsistent on
its handling here.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


1.Check the Driver filter and make sure OU is Syncking
2.Use unmatched Source DN for mirror object placement


--
joydeep9j
------------------------------------------------------------------------
joydeep9j's Profile: https://forums.netiq.com/member.php?userid=4754
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?

On Fri, 19 Apr 2013 03:24:01 +0000, ayeungied wrote:

> Code(-9064) No DN generated by object placement policy. They cannot be
> created.


Your placement policy isn't working.


> So what's wrong?


Post a level 3 trace to pastebin.com and put the URL here so we can see
what's happening and why.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: where to change group object container for eDir driver?


Thanks all,

As there are only 4 ou under the Tree ABC,

The make the following coding to add the groups from Tree ABC to Tree
DEF, however, have no idea the mirrored does not work.

<description>HKAbc Flat-Groups mail ou</description>
<conditions>
<or>
<if-class-name
op="equal">Group</if-class-name>
</or>
<or>
<if-global-variable mode="nocase"
name="driver.edir.placement.type" op="equal">flat</if-global-variable>
<if-op-attr name="OU"
op="equal">abc\groups\mail</if-op-attr>
</or>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-text
xml:space="preserve">~idv.dit.data.groups~</token-text>
<token-text
xml:space="preserve">\mail\</token-text>
<token-src-name/>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
<rule>
<description>HKAbc Flat-Groups web</description>
<conditions>
<or>
<if-class-name
op="equal">Group</if-class-name>
</or>
<or>
<if-global-variable mode="nocase"
name="driver.edir.placement.type" op="equal">flat</if-global-variable>
<if-op-attr name="OU"
op="equal">abc\groups\web</if-op-attr>
</or>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-text
xml:space="preserve">~idv.dit.data.groups~</token-text>
<token-text
xml:space="preserve">\web\</token-text>
<token-src-name/>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>


Will enable the mirrored again and post the logs then.

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=47575

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.