kborecky1 Absent Member.
Absent Member.
1613 views

"Vetoed by filter" error but filter has been changed.

Hi there,

My IDM test environment badly needs to be redone, but I have to get it working enough to test an account being created in the vault and then passed to my ldap (edir) tree. My edir-to-edir driver is So Confused. I had a problem with updating the packages in Designer and even though I imported the stuff back from the live server...dunno. But I never synced from designer back up to the live system, so it should have been ok.

Anyway. It wasn't syncing people because there was a filter block on the dirxml-passwordSyncStatus. I changed it to the normal setting. But the driver on the vault side won't shut down properly, and it didn't seem to be paying attention to the new filter setting - even though from both designer (live --> compare) and imanager POV, the filter was correct. (It still said Operation vetoed by filter.) First, it seemed to be SSL problems, so I redid those certs using the edir-to-edir cert utility. But it still seemed to not only veto that pw sync status, it seemed to completely shut down the driver in the process. I decided I'd copy the filter from the (working) production system in Designer (after saving the original). I synced it up. Then it wouldn't start because it said "Address already in use." I know this means the IP address - but I put the old filter back anyway. Still getting the address error. So now I'm just restarting this vault test server because if it's confused about the IP binding, I thought that might be a Good Thing.

So, not getting that error anymore, but still getting the "operation vetoed by filter" thing. I'm going to attach a trace and my filter xml but I guess I have to post this thread first.

Thanks in advance -
Karla B
Labels (1)
0 Likes
20 Replies
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

I had to chop out stuff mostly because it was too long to post. (And I omitted personal attributes.) But I hope this is sufficient


[01/17/19 12:30:52.085]:VaultToLDAP ST:Start transaction.
[01/17/19 12:30:52.086]:VaultToLDAP ST:Processing events for transaction.
[01/17/19 12:30:52.087]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20190117173051.627Z" class-name="User" event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182" timestamp="0#0">
<association state="migrate">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
</sync>
</input>
</nds>
[01/17/19 12:30:52.088]:VaultToLDAP ST:Applying event transformation policies.
[01/17/19 12:30:52.088]:VaultToLDAP ST:Applying policy: %+C%14Csub-etp-scoping%-C.
[01/17/19 12:30:52.088]:VaultToLDAP ST: Applying to sync #1.
[01/17/19 12:30:52.088]:VaultToLDAP ST: Evaluating selection criteria for rule 'Veto event if scApps not equal to "L"'.
[01/17/19 12:30:52.089]:VaultToLDAP ST: Query from policy
[01/17/19 12:30:52.089]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\TVAULT-TREE\sc\users\jcrowley" dest-entry-id="56182" scope="entry">
<read-attr attr-name="scApps"/>
</query>
</input>
</nds>
[01/17/19 12:30:52.089]:VaultToLDAP ST: Pumping XDS to eDirectory.
[01/17/19 12:30:52.090]:VaultToLDAP ST: Performing operation query for \TVAULT-TREE\sc\users\jcrowley.
[01/17/19 12:30:52.090]:VaultToLDAP ST: --JCLNT-- \TVAULT-TREE\sc\driverset\VaultToLDAP : Duplicating : context = 969408585, tempContext = 969408593
[01/17/19 12:30:52.091]:VaultToLDAP ST: --JCLNT-- \TVAULT-TREE\sc\driverset\VaultToLDAP : Calling free on tempContext = 969408593
[01/17/19 12:30:52.091]:VaultToLDAP ST: Query from policy result
[01/17/19 12:30:52.093]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182">
<association state="migrate">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<attr attr-name="scApps">
<value timestamp="1392399442#43" type="string">A</value>
<value timestamp="1392399442#44" type="string">L</value>
<value timestamp="1392399442#45" type="string">M</value>
<value timestamp="1392399442#46" type="string">G</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[01/17/19 12:30:52.095]:VaultToLDAP ST: (if-attr 'scApps' not-equal "L") = FALSE.
[01/17/19 12:30:52.095]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.095]:VaultToLDAP ST:Policy returned:
[01/17/19 12:30:52.095]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20190117173051.627Z" class-name="User" event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182" timestamp="0#0">
<association state="migrate">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
</sync>
</input>
</nds>
[01/17/19 12:30:52.096]:VaultToLDAP ST:Subscriber processing sync for \TVAULT-TREE\sc\users\jcrowley.
[01/17/19 12:30:52.097]:VaultToLDAP ST:Merging eDirectory and application values.
[01/17/19 12:30:52.099]:VaultToLDAP ST:Reading relevant attributes from \TVAULT-TREE\sc\users\jcrowley.
[01/17/19 12:30:52.099]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" dest-dn="\TVAULT-TREE\sc\users\jcrowley" dest-entry-id="56182" scope="entry">
<read-attr attr-name="businessCategory"/>
<read-attr attr-name="CN"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="DirXML-PasswordSyncStatus"/>
<read-attr attr-name="eduPersonAffiliation"/>
<read-attr attr-name="eduPersonPrimaryAffiliation"/>
<read-attr attr-name="EMail Address"/>
<read-attr attr-name="employeeStatus"/>
<read-attr attr-name="employeeType"/>
<read-attr attr-name="fcHomeInstitution"/>
<read-attr attr-name="fcIdNumber"/>
<read-attr attr-name="fcPersonAffiliation"/>
<read-attr attr-name="Full Name"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="Login Expiration Time"/>
<read-attr attr-name="mailstop"/>
<read-attr attr-name="manager"/>
<read-attr attr-name="managerWorkforceID"/>
<read-attr attr-name="mobile"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="Physical Delivery Office Name"/>
<read-attr attr-name="preferredName"/>
<read-attr attr-name="scApps"/>
<read-attr attr-name="scDivisionCode"/>
<read-attr attr-name="scPerson2FA"/>
<read-attr attr-name="scPersonDeptCode"/>
<read-attr attr-name="scPersonGradClass"/>
<read-attr attr-name="scPersonHomeEmail"/>
<read-attr attr-name="scPersonMaj2Minor"/>
<read-attr attr-name="scPersonMajor"/>
<read-attr attr-name="scStudentStatus"/>
<read-attr attr-name="scStudentWithdrawDate"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="workforceID"/>
</query>
</input>
</nds>
[01/17/19 12:30:52.102]:VaultToLDAP ST:Pumping XDS to eDirectory.
[01/17/19 12:30:52.103]:VaultToLDAP ST:Performing operation query for \TVAULT-TREE\sc\users\jcrowley.
[01/17/19 12:30:52.103]:VaultToLDAP ST:--JCLNT-- \TVAULT-TREE\sc\driverset\VaultToLDAP : Duplicating : context = 969408585, tempContext = 969408593
[01/17/19 12:30:52.111]:VaultToLDAP ST:--JCLNT-- \TVAULT-TREE\sc\driverset\VaultToLDAP : Calling free on tempContext = 969408593
[01/17/19 12:30:52.111]:VaultToLDAP ST:Read result:
[01/17/19 12:30:52.112]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182">
<association state="migrate">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<attr attr-name="businessCategory">
<value timestamp="1476243016#27" type="string">employees</value>
</attr>
<attr attr-name="CN">
<value naming="true" timestamp="1392399442#73" type="string">jcrowley</value>
</attr>
<attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547739679#3" type="string">551BD722001BA1472FA3551BD722001B20140214173723616000000000004</value>
<value timestamp="1519234333#21" type="string">88B471B2199DF7452BB588B471B2199D20180221173213352000000000004</value>
<value timestamp="1547739103#12" type="string">551BD722001BA1472FA3551BD722001B20190117153143893000000000001Code(-8015) Operation vetoed by filter.</value>
<value timestamp="1547739679#2" type="string">88B471B2199DF7452BB588B471B2199D20140214174012354000000000004</value>
<value timestamp="1547739679#4" type="string">838B55779F545A49C492838B55779F5420180221173213150000000000004</value>
</attr>
[snip]
</instance>
<status level="success"></status>
</output>
</nds>
[01/17/19 12:30:52.130]:VaultToLDAP ST:Reading relevant attributes from {59DF2650-662B-2b4a-9A94-59DF2650662B}.
[01/17/19 12:30:52.130]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" scope="entry">
<association>{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<read-attr attr-name="DirXML-PasswordSyncStatus"/>
<read-attr attr-name="Physical Delivery Office Name"/>
</query>
</input>
</nds>
[01/17/19 12:30:52.131]:VaultToLDAP ST:Fixing up association references.
[01/17/19 12:30:52.131]:VaultToLDAP ST:Applying schema mapping policies to output.
[01/17/19 12:30:52.131]:VaultToLDAP ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 12:30:52.131]:VaultToLDAP ST: No mapping for class-name 'User'.
[01/17/19 12:30:52.131]:VaultToLDAP ST:Applying output transformation policies.
[01/17/19 12:30:52.132]:VaultToLDAP ST:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[01/17/19 12:30:52.132]:VaultToLDAP ST: Applying to query #1.
[01/17/19 12:30:52.132]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/17/19 12:30:52.132]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.133]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.133]:VaultToLDAP ST:Policy returned:
[01/17/19 12:30:52.133]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" event-id="0" scope="entry">
<association>{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<read-attr attr-name="DirXML-PasswordSyncStatus"/>
<read-attr attr-name="Physical Delivery Office Name"/>
</query>
</input>
</nds>
[01/17/19 12:30:52.134]:VaultToLDAP ST:Submitting document to subscriber shim:
[01/17/19 12:30:52.134]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" event-id="0" scope="entry">
<association>{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<read-attr attr-name="DirXML-PasswordSyncStatus"/>
<read-attr attr-name="Physical Delivery Office Name"/>
</query>
</input>
</nds>

[snip]

[01/17/19 12:30:52.260]:VaultToLDAP ST:SubscriptionShim.execute() returned:
[01/17/19 12:30:52.260]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0" qualified-src-dn="O=sc\OU=ad\OU=its\CN=jcrowley" src-dn="\EDIRTEST_TREE\sc\ad\its\jcrowley" src-entry-id="56609">
<association state="associated">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1392399613#1" type="string">88B471B2199DF7452BB588B471B2199D20140214174012354000000000004</value>
<value timestamp="1407783820#13" type="string">551BD722001BA1472FA3551BD722001B20140214173723616000000000004</value>
<value timestamp="1519234333#7" type="string">838B55779F545A49C492838B55779F5420180221173213150000000000004</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/17/19 12:30:52.262]:VaultToLDAP ST:Applying input transformation policies.
[01/17/19 12:30:52.262]:VaultToLDAP ST:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 12:30:52.262]:VaultToLDAP ST: Applying to instance #1.
[01/17/19 12:30:52.262]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 12:30:52.263]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.263]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.263]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 12:30:52.263]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.264]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.264]:VaultToLDAP ST: Applying to status #2.
[01/17/19 12:30:52.264]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 12:30:52.264]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.265]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.265]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 12:30:52.265]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.265]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.265]:VaultToLDAP ST:Policy returned:
[01/17/19 12:30:52.266]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0" qualified-src-dn="O=sc\OU=ad\OU=its\CN=jcrowley" src-dn="\EDIRTEST_TREE\sc\ad\its\jcrowley" src-entry-id="56609">
<association state="associated">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1392399613#1" type="string">88B471B2199DF7452BB588B471B2199D20140214174012354000000000004</value>
<value timestamp="1407783820#13" type="string">551BD722001BA1472FA3551BD722001B20140214173723616000000000004</value>
<value timestamp="1519234333#7" type="string">838B55779F545A49C492838B55779F5420180221173213150000000000004</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/17/19 12:30:52.267]:VaultToLDAP ST:Applying schema mapping policies to input.
[01/17/19 12:30:52.267]:VaultToLDAP ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 12:30:52.268]:VaultToLDAP ST: No mapping for class-name 'User'.
[01/17/19 12:30:52.268]:VaultToLDAP ST:Resolving association references.
[01/17/19 12:30:52.268]:VaultToLDAP ST:Read result:
[01/17/19 12:30:52.268]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0" qualified-src-dn="O=sc\OU=ad\OU=its\CN=jcrowley" src-dn="\EDIRTEST_TREE\sc\ad\its\jcrowley" src-entry-id="56609">
<association state="associated">{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
<attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1392399613#1" type="string">88B471B2199DF7452BB588B471B2199D20140214174012354000000000004</value>
<value timestamp="1407783820#13" type="string">551BD722001BA1472FA3551BD722001B20140214173723616000000000004</value>
<value timestamp="1519234333#7" type="string">838B55779F545A49C492838B55779F5420180221173213150000000000004</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/17/19 12:30:52.273]:VaultToLDAP ST:Updating application with eDirectory values.
[01/17/19 12:30:52.274]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" from-merge="true" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182">
<association>{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>

[snip]

<modify-attr attr-name="DirXML-PasswordSyncStatus">
<add-value>
<value timestamp="1519234333#21" type="string">88B471B2199DF7452BB588B471B2199D20180221173213352000000000004</value>
<value timestamp="1547739103#12" type="string">551BD722001BA1472FA3551BD722001B20190117153143893000000000001Code(-8015) Operation vetoed by filter.</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[01/17/19 12:30:52.295]:VaultToLDAP ST:Applying command transformation policies.
[01/17/19 12:30:52.295]:VaultToLDAP ST:Applying policy: %+C%14CNOVLPWDSYNC-sub-ctp-TransformDistPwd%-C.
[01/17/19 12:30:52.296]:VaultToLDAP ST: Applying to modify #1.
[01/17/19 12:30:52.296]:VaultToLDAP ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
[01/17/19 12:30:52.296]:VaultToLDAP ST: (if-operation equal "add") = FALSE.
[01/17/19 12:30:52.296]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.296]:VaultToLDAP ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
[01/17/19 12:30:52.297]:VaultToLDAP ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = TRUE.
[01/17/19 12:30:52.297]:VaultToLDAP ST: (if-operation equal "modify") = TRUE.
[01/17/19 12:30:52.298]:VaultToLDAP ST: (if-xpath true "modify-attr[@attr-name='nspmDistributionPassword' and @failed-sync='true']") = FALSE.
[01/17/19 12:30:52.298]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.298]:VaultToLDAP ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
[01/17/19 12:30:52.299]:VaultToLDAP ST: (if-operation equal "modify") = TRUE.
[01/17/19 12:30:52.299]:VaultToLDAP ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
[01/17/19 12:30:52.299]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.299]:VaultToLDAP ST: Evaluating selection criteria for rule 'Block empty modify operations'.
[01/17/19 12:30:52.299]:VaultToLDAP ST: (if-operation equal "modify") = TRUE.
[01/17/19 12:30:52.300]:VaultToLDAP ST: (if-xpath not-true "modify-attr") = FALSE.
[01/17/19 12:30:52.300]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.300]:VaultToLDAP ST:Policy returned:
[01/17/19 12:30:52.302]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" from-merge="true" qualified-src-dn="O=sc\OU=users\CN=jcrowley" src-dn="\TVAULT-TREE\sc\users\jcrowley" src-entry-id="56182">
<association>{59DF2650-662B-2b4a-9A94-59DF2650662B}</association>
[snip]

<modify-attr attr-name="DirXML-PasswordSyncStatus">
<add-value>
<value timestamp="1519234333#21" type="string">88B471B2199DF7452BB588B471B2199D20180221173213352000000000004</value>
<value timestamp="1547739103#12" type="string">551BD722001BA1472FA3551BD722001B20190117153143893000000000001Code(-8015) Operation vetoed by filter.</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>

[etc. etc. etc.]

<modify-attr attr-name="DirXML-PasswordSyncStatus">
<add-value>
<value timestamp="1519234333#21" type="string">88B471B2199DF7452BB588B471B2199D20180221173213352000000000004</value>
<value timestamp="1547739103#12" type="string">551BD722001BA1472FA3551BD722001B20190117153143893000000000001Code(-8015) Operation vetoed by filter.</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[01/17/19 12:30:52.428]:VaultToLDAP ST:: Document sent.
[01/17/19 12:30:52.428]:VaultToLDAP ST:: Waiting for receive...
[01/17/19 12:30:52.497]:VaultToLDAP ST:: Received.
[01/17/19 12:30:52.497]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/17/19 12:30:52.498]:VaultToLDAP ST:SubscriptionShim.execute() returned:
[01/17/19 12:30:52.498]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/17/19 12:30:52.498]:VaultToLDAP ST:Applying input transformation policies.
[01/17/19 12:30:52.499]:VaultToLDAP ST:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 12:30:52.499]:VaultToLDAP ST: Applying to status #1.
[01/17/19 12:30:52.499]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 12:30:52.499]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.500]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.500]:VaultToLDAP ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 12:30:52.500]:VaultToLDAP ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 12:30:52.500]:VaultToLDAP ST: Rule rejected.
[01/17/19 12:30:52.500]:VaultToLDAP ST:Policy returned:
[01/17/19 12:30:52.501]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/17/19 12:30:52.501]:VaultToLDAP ST:Applying schema mapping policies to input.
[01/17/19 12:30:52.501]:VaultToLDAP ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 12:30:52.502]:VaultToLDAP ST:Resolving association references.
[01/17/19 12:30:52.519]:VaultToLDAP ST:Processing returned document.
[01/17/19 12:30:52.519]:VaultToLDAP ST:Processing operation <status> for .
[01/17/19 12:30:52.520]:VaultToLDAP ST:
DirXML Log Event -------------------
Driver: \TVAULT-TREE\sc\driverset\VaultToLDAP
Channel: Subscriber
Object: \TVAULT-TREE\sc\users\jcrowley
Status: Warning
Message: Code(-8015) Operation vetoed by filter.
[01/17/19 12:30:52.537]:VaultToLDAP ST:End transaction



Sorry - hate to have to do that.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

Filters for vault and target edir server -

VaultToLdap on vault-test server:


<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE filter PUBLIC "dirxmlfilter" "C:\netiq\idm\apps\Designer\plugins\com.novell.idm.filter_4.0.0.201702032115\DTD\dirxmlfilter.dtd"><filter>
<filter-class class-name="User" publisher="sync" publisher-create-homedir="true" publisher-track-template-member="true" subscriber="sync">
<filter-attr attr-name="nspmDistributionPassword" merge-authority="default" priority-sync="false" publisher="ignore" publisher-optimize-modify="true" subscriber="notify"/>
<filter-attr attr-name="city" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="CN" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="co" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Description" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="EMail Address" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="employeeStatus" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="employeeType" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Equivalent To Me" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Full Name" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Given Name" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Group Membership" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="GUID" merge-authority="none" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Initials" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Internet EMail Address" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="jobCode" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="L" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Language" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Login Disabled" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="manager" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="managerWorkforceID" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mobile" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="OU" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Physical Delivery Office Name" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Postal Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Code" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Office Box" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="preferredName" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="roomNumber" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="S" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="SA" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Security Equals" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Surname" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Telephone Number" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Title" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="UID" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="uniqueID" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="workforceID" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-PasswordSyncStatus" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="businessCategory" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcIdNumber" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcHomeInstitution" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mailstop" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonGradClass" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMaj2Minor" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMajor" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Login Expiration Time" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonDeptCode" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scDivisionCode" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonHomeEmail" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scApps" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonAffiliation" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonPrimaryAffiliation" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcPersonAffiliation" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-ADAliasName" from-all-classes="true" merge-authority="edir" priority-sync="false" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPerson2FA" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
</filter-class>
<filter-class class-name="Group" publisher="ignore" subscriber="ignore">
<filter-attr attr-name="CN" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
</filter-class>
</filter>



LDAPToVault (on edir-test server):


<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE filter PUBLIC "dirxmlfilter" "C:\netiq\idm\apps\Designer\plugins\com.novell.idm.filter_4.0.0.201702032115\DTD\dirxmlfilter.dtd"><filter>
<filter-class class-name="User" publisher="ignore" publisher-create-homedir="true" publisher-track-template-member="true" subscriber="sync">
<filter-attr attr-name="nspmDistributionPassword" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="notify"/>
<filter-attr attr-name="city" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="CN" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="co" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Description" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="EMail Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="employeeStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="employeeType" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Equivalent To Me" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Full Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Given Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Group Membership" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
<filter-attr attr-name="Initials" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Internet EMail Address" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="jobCode" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="L" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Language" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Login Disabled" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="manager" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="managerWorkforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mobile" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="OU" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Physical Delivery Office Name" publisher="sync" subscriber="ignore"/>
<filter-attr attr-name="Postal Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Code" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Office Box" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="preferredName" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="roomNumber" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="S" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="SA" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Security Equals" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Surname" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Telephone Number" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Title" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="UID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="workforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-PasswordSyncStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-ADAliasName" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="businessCategory" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcIdNumber" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcHomeInstitution" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mailstop" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonGradClass" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMaj2Minor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMajor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonDeptCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scDivisionCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scApps" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonHomeEmail" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonPrimaryAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="uniqueID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Login Expiration Time" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPerson2FA" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
</filter-class>
<filter-class class-name="Group" publisher="ignore" subscriber="ignore">
<filter-attr attr-name="CN" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
</filter-class>
</filter>


Well, I'm open to any suggestions including a sledge hammer. People want to do "end to end" testing, with a test person coming through to get an account, and then to have that person log into our new ERP system. Our colleagues just found this out. And so did we. So...any help appreciated.

Bah.

Thanks,
Karla
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

This is being vetoed on the other side.

On 01/17/2019 11:04 AM, kborecky wrote:
>
> [01/17/19 12:30:52.428]:VaultToLDAP ST:: Document sent.


Sent to the receiving driver.

> [01/17/19 12:30:52.428]:VaultToLDAP ST:: Waiting for receive...
> [01/17/19 12:30:52.497]:VaultToLDAP ST:: Received.


Something came back, and that something is the veto, so look over there.
Get the other driver config object's trace.

> [01/17/19 12:30:52.497]:VaultToLDAP ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6" level="warning">Code(-8015) Operation vetoed by filter.</status>
> </output>
> </nds>


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

On 01/17/2019 10:44 AM, kborecky wrote:
>
> Anyway. It wasn't syncing people because there was a filter block on the
> dirxml-passwordSyncStatus. I changed it to the normal setting. But the
> driver on the vault side won't shut down properly, and it didn't seem to
> be paying attention to the new filter setting - even though from both
> designer (live --> compare) and imanager POV, the filter was correct.
> (It still said Operation vetoed by filter.) First, it seemed to be SSL
> problems, so I redid those certs using the edir-to-edir cert utility.
> But it still seemed to not only veto that pw sync status, it seemed to
> completely shut down the driver in the process. I decided I'd copy the
> filter from the (working) production system in Designer (after saving
> the original). I synced it up. Then it wouldn't start because it said
> "Address already in use." I know this means the IP address - but I put
> the old filter back anyway. Still getting the address error. So now I'm
> just restarting this vault test server because if it's confused about
> the IP binding, I thought that might be a Good Thing.
>
> So, not getting that error anymore, but still getting the "operation
> vetoed by filter" thing. I'm going to attach a trace and my filter xml
> but I guess I have to post this thread first.


Yes, please post trace data in a reply, level three (3) as always,
including the driver config startup so we can see the filter is actually
as it should be. This is not because we do not trust you in particular,
but because we do not trust anything, and in this case my concern is that
your Designer install may be pushing changes to serverB, even though
serverA is the one running the driver, and if something is amiss in
replicating then serverA may not have the change, even though Designer
says generally that eDirectory is up to date. It's a rare problem, but it
can happen if things are broken in unusual ways.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

Well, I'm sure this isn't helping:

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=sc\OU=ad\OU=its\CN=ransaldo" src-dn="\EDIRTEST_TREE\sc\ad\its\ransaldo" src-entry-id="64758">
<attr attr-name="CN">
<value naming="true" timestamp="1547741145#27" type="string">ransaldo</value>
</attr>
<attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547741268#1" type="string">838B55779F545A49C492838B55779F5420190117160748611000000000002java.net.ConnectException: Connection refused</value>
</attr>

[snip]

[01/17/19 11:08:36.756]:LDAPToVault PT:: Received.
[01/17/19 11:08:36.757]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190117160836.615Z" class-name="User" event-id="vault-test#20190117160836#1#1:99439d3b-fe02-481b-3f8c-3b9d439902fe" qualified-src-dn="O=sc\OU=users\CN=ransaldo" src-dn="\TVAULT-TREE\sc\users\ransaldo" src-entry-id="69372" timestamp="0#0">
<association state="manual"></association>
<add-attr attr-name="businessCategory">
<value timestamp="1530591429#28" type="string">employees</value>
</add-attr>
<add-attr attr-name="CN">
<value naming="true" timestamp="1530591429#65" type="string">ransaldo</value>
</add-attr>
<add-attr attr-name="DirXML-ADAliasName">
<value timestamp="1530632369#9" type="string">ransaldo@testad.smith.edu</value>
</add-attr>
<add-attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1530632370#7" type="string">88B471B2199DF7452BB588B471B2199D20180703153930226000000000000</value>
<value timestamp="1547739103#6" type="string">551BD722001BA1472FA3551BD722001B20190117153143823000000000001Code(-8015) Operation vetoed by filter.</value>
</add-attr>


So I'm assuming the "refused connection" thing is why it's not syncing? (Sorry I didn't include the whole trace - hope this is OK.)

Karla
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

On 01/17/2019 11:54 AM, kborecky wrote:
>
> Well, I'm sure this isn't helping:
>
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="User"
> qualified-src-dn="O=sc\OU=ad\OU=its\CN=ransaldo"
> src-dn="\EDIRTEST_TREE\sc\ad\its\ransaldo" src-entry-id="64758">
> <attr attr-name="CN">
> <value naming="true" timestamp="1547741145#27"
> type="string">ransaldo</value>
> </attr>
> <attr attr-name="DirXML-PasswordSyncStatus">
> <value timestamp="1547741268#1"
> type="string">838B55779F545A49C492838B55779F5420190117160748611000000000002java.net.ConnectException:
> *Connection refused*</value>
> </attr>


Ignore that; you're looking inside an attribute value, and the attribute
value is irrelevant.

> type="string">551BD722001BA1472FA3551BD722001B20190117153143823000000000001Code(-8015)
> Operation vetoed by filter.</value>
> </add-attr>


Same thing here; the opreation refused by filter bit is part of a value
when that one attribute was updated by a password sync operation that was
refused because of some other driver config object's filter. Ignore this.

We need to find the trace that led to this:


[01/17/19 12:30:52.428]:VaultToLDAP ST:: Waiting for receive...
[01/17/19 12:30:52.497]:VaultToLDAP ST:: Received.
[01/17/19 12:30:52.497]:VaultToLDAP ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status
event-id="vault-test#20190117173051#1#3:4d6a3fd6-a6c9-42ef-209d-d63f6a4dc9a6"
level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>



--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

Sorry - forgot to post the startup trace. Trace of edir-test LDAPToVault driver:


<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:00.394]:LDAPToVault PT:Applying input transformation policies.
[01/17/19 14:21:00.394]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 14:21:00.395]:LDAPToVault PT: Applying to status #1.
[01/17/19 14:21:00.396]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 14:21:00.397]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:00.397]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:00.398]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 14:21:00.398]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:00.399]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:00.399]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:00.400]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:00.401]:LDAPToVault PT:Applying schema mapping policies to input.
[01/17/19 14:21:00.401]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:00.401]:LDAPToVault PT:Resolving association references.
[01/17/19 14:21:00.401]:LDAPToVault PT:Ending publisher thread.
[01/17/19 14:21:00.401]:LDAPToVault ST:Publisher thread terminated.
[01/17/19 14:21:00.421]:LDAPToVault ST:Driver terminated.
[01/17/19 14:21:00.425]:LDAPToVault ST:Writing XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-PersistentData.
[01/17/19 14:21:01.322]:LDAPToVault :Reading named passwords list.
[01/17/19 14:21:01.323]:LDAPToVault :Named passwords:
[01/17/19 14:21:01.323]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-EngineControlValues.
[01/17/19 14:21:01.325]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/NOVLCOMSET-GCVs#DirXML-ConfigValues.
[01/17/19 14:21:01.325]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset#DirXML-ConfigValues.
[01/17/19 14:21:01.326]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLEDIRDCFG-GCVs#DirXML-ConfigValues.
[01/17/19 14:21:01.327]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLEDIRPSYN-GCVs#DirXML-ConfigValues.
[01/17/19 14:21:01.328]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ConfigValues.
[01/17/19 14:21:01.329]:LDAPToVault :Multiple definition found for Global Config Value 'enable-password-subscribe'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.329]:LDAPToVault :Multiple definition found for Global Config Value 'enable-password-publish'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.329]:LDAPToVault :Multiple definition found for Global Config Value 'publish-password-to-nds'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.329]:LDAPToVault :Multiple definition found for Global Config Value 'publish-password-to-dp'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.330]:LDAPToVault :Multiple definition found for Global Config Value 'enforce-password-policy'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.330]:LDAPToVault :Multiple definition found for Global Config Value 'reset-external-password-on-failure'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.330]:LDAPToVault :Multiple definition found for Global Config Value 'notify-user-on-password-dist-failure'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.331]:LDAPToVault :Global Configuration Values:
[01/17/19 14:21:01.331]:LDAPToVault : Name: enable-password-publish Value: true
[01/17/19 14:21:01.331]:LDAPToVault : Name: publish-password-to-nds Value: false
[01/17/19 14:21:01.331]:LDAPToVault : Name: publish-password-to-dp Value: true
[01/17/19 14:21:01.331]:LDAPToVault : Name: enforce-password-policy Value: false
[01/17/19 14:21:01.331]:LDAPToVault : Name: reset-external-password-on-failure Value: false
[01/17/19 14:21:01.331]:LDAPToVault : Name: enable-password-subscribe Value: true
[01/17/19 14:21:01.332]:LDAPToVault : Name: notify-user-on-password-dist-failure Value: false
[01/17/19 14:21:01.332]:LDAPToVault : Name: drv.publisher.placement.type Value: mirrored
[01/17/19 14:21:01.332]:LDAPToVault : Name: drv.remote.dit.data.users Value: sc\users
[01/17/19 14:21:01.332]:LDAPToVault : Name: drv.remote.dit.data.groups Value: sc\groups
[01/17/19 14:21:01.332]:LDAPToVault : Name: ConnectedSystemName Value: eDirectory
[01/17/19 14:21:01.332]:LDAPToVault : Name: idv.dit.data.users Value: sc\testUsers
[01/17/19 14:21:01.332]:LDAPToVault : Name: idv.dit.data.groups Value: sc
[01/17/19 14:21:01.333]:LDAPToVault : Name: dirxml.auto.treename Value: EDIRTEST_TREE
[01/17/19 14:21:01.333]:LDAPToVault : Name: dirxml.auto.driverdn Value: \EDIRTEST_TREE\sc\driverset\LDAPToVault
[01/17/19 14:21:01.333]:LDAPToVault : Name: dirxml.auto.driverguid Value: {77558B83-549F-495a-C492-838B55779F54}
[01/17/19 14:21:01.333]:LDAPToVault : Name: dirxml.auto.localserverdn Value: CN=edir-test,O=sc
[01/17/19 14:21:01.335]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ReciprocalAttrMap.
[01/17/19 14:21:01.335]:LDAPToVault :Loaded reciprocal attribute map
[01/17/19 14:21:01.336]:LDAPToVault :
<reciprocal-links/>
[01/17/19 14:21:01.336]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-PersistentData.
[01/17/19 14:21:01.337]:LDAPToVault :Loaded persistent data
[01/17/19 14:21:01.337]:LDAPToVault :
<persistent-data>
<op-counters last-reset-time="1384200721441">
<subscriber>
<counters index="0">
<modify>232959</modify>
<add>1198</add>
<sync>1410</sync>
<delete>12158</delete>
</counters>
<counters index="1">
<modify>232959</modify>
<sync>1410</sync>
<delete>12157</delete>
</counters>
<counters index="2">
<query>1417</query>
<modify-password>1</modify-password>
<add>232958</add>
<delete>152</delete>
</counters>
<counters index="3">
<query>1417</query>
<modify-password>1</modify-password>
<add>232958</add>
<delete>152</delete>
</counters>
<counters index="4">
<status>234518</status>
<instance>1412</instance>
</counters>
</subscriber>
<publisher>
<counters index="0">
<status>40</status>
<modify>81734</modify>
<query>88</query>
<modify-password>26503</modify-password>
<add>58511</add>
<delete>21038</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
</counters>
<counters index="1">
<status>40</status>
<modify>72658</modify>
<query>88</query>
<modify-password>26503</modify-password>
<add>58511</add>
<delete>9148</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
<remove-association>30041</remove-association>
</counters>
<counters index="2">
<status>40</status>
<modify>81734</modify>
<query>88</query>
<modify-password>26503</modify-password>
<add>58511</add>
<delete>21038</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
</counters>
<counters index="3">
<status>40</status>
<modify>67023</modify>
<query>97380</query>
<modify-password>26253</modify-password>
<add>29727</add>
<delete>9148</delete>
<rename>2</rename>
<move>396</move>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
<remove-association>30042</remove-association>
</counters>
<counters index="4">
<status>295019</status>
<instance>67624</instance>
<schema-def>1</schema-def>
</counters>
</publisher>
</op-counters>
</persistent-data>
[01/17/19 14:21:01.342]:LDAPToVault :Found subscriber sc\driverset\LDAPToVault\Subscriber.
[01/17/19 14:21:01.344]:LDAPToVault :Found publisher sc\driverset\LDAPToVault\Publisher.
[01/17/19 14:21:01.344]:LDAPToVault :Creating subscriber thread.
[01/17/19 14:21:01.345]:LDAPToVault ST:Subscriber thread starting.
[01/17/19 14:21:01.357]:LDAPToVault ST:Initializing driver shim.
[01/17/19 14:21:01.358]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ApplicationSchema.
[01/17/19 14:21:01.550]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ConfigManifest.
[01/17/19 14:21:01.551]:LDAPToVault ST:Reading driver information from the \EDIRTEST_TREE\sc\driverset\LDAPToVault object.
[01/17/19 14:21:01.556]:LDAPToVault ST:Loading Java shim com.novell.nds.dirxml.driver.nds.DriverShimImpl.
[01/17/19 14:21:01.557]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/17/19 14:21:01.559]:LDAPToVault ST:Named password 'store-password' not found in driver configuration element 'Keystore password - required' (store-password).
[01/17/19 14:21:01.559]:LDAPToVault ST:Named password 'key-password' not found in driver configuration element 'Certificate password (key password) - required' (key-password).
[01/17/19 14:21:01.559]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>LDAPToVault(edir_test_kmo)</user>
</authentication-info>
<driver-options>
<use-keystore-ssl display-name="SSL type">false</use-keystore-ssl>
<keystore-name display-name="Name of keystore file - required"></keystore-name>
<store-password display-name="Keystore password - required" is-sensitive="true" type="password-ref"/>
<server-key-alias display-name="Name of certificate (key alias) - required"></server-key-alias>
<key-password display-name="Certificate password (key password) - required" is-sensitive="true" type="password-ref"/>
<ssl-advanced display-name="Advanced options">hide</ssl-advanced>
<reverse-handshake display-name="Subscriber acts as server for SSL handshake">no</reverse-handshake>
<disable-mutual-authentication display-name="Disable mutual authentication - only used if acting as server">no</disable-mutual-authentication>
</driver-options>
</init-params>
</input>
</nds>
[01/17/19 14:21:01.568]:LDAPToVault ST:DriverShim.init() returned:
[01/17/19 14:21:01.568]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success">
<provides-secure-channel>true</provides-secure-channel>
</status>
</output>
</nds>
[01/17/19 14:21:01.568]:LDAPToVault ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33751.lg
[01/17/19 14:21:01.569]:LDAPToVault ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33751.db
[01/17/19 14:21:01.571]:LDAPToVault ST:Initializing ECMAScript extensions.
[01/17/19 14:21:01.571]:LDAPToVault :: Connection monitor thread starting.
[01/17/19 14:21:01.577]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-DriverFilter.
[01/17/19 14:21:01.578]:LDAPToVault ST:Loaded filter.
[01/17/19 14:21:01.588]:LDAPToVault ST:
<filter>
<filter-class class-name="User" publisher="ignore" publisher-create-homedir="true" publisher-track-template-member="true" subscriber="sync">
<filter-attr attr-name="nspmDistributionPassword" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="notify"/>
<filter-attr attr-name="city" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="CN" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="co" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Description" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="EMail Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="employeeStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="employeeType" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Equivalent To Me" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Full Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Given Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Group Membership" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
<filter-attr attr-name="Initials" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Internet EMail Address" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="jobCode" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="L" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Language" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Login Disabled" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="manager" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="managerWorkforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mobile" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="OU" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Physical Delivery Office Name" publisher="sync" subscriber="ignore"/>
<filter-attr attr-name="Postal Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Code" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Office Box" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="preferredName" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="roomNumber" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="S" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="SA" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Security Equals" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Surname" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Telephone Number" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Title" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="UID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="workforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-PasswordSyncStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-ADAliasName" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="businessCategory" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcIdNumber" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcHomeInstitution" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mailstop" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonGradClass" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMaj2Minor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMajor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonDeptCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scDivisionCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scApps" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonHomeEmail" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonPrimaryAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="uniqueID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Login Expiration Time" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPerson2FA" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
</filter-class>
<filter-class class-name="Group" publisher="ignore" subscriber="ignore">
<filter-attr attr-name="CN" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
</filter-class>
</filter>
[01/17/19 14:21:01.605]:LDAPToVault ST:Initializing subscriber sc\driverset\LDAPToVault\Subscriber for \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:01.605]:LDAPToVault ST:Loading Subscriber input transformation policies.
[01/17/19 14:21:01.605]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-itp-EmailOnFailedPwdSub#XmlData.
[01/17/19 14:21:01.606]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.623]:LDAPToVault ST:Loading Subscriber output transformation policies.
[01/17/19 14:21:01.623]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-otp-EmailOnFailedPwdPub#XmlData.
[01/17/19 14:21:01.631]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.633]:LDAPToVault ST:Loading Subscriber schema mapping policies.
[01/17/19 14:21:01.634]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/17/19 14:21:01.634]:LDAPToVault ST:Found schema map.
[01/17/19 14:21:01.635]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/17/19 14:21:01.635]:LDAPToVault ST:Found schema map.
[01/17/19 14:21:01.644]:LDAPToVault ST:Loading policies.
[01/17/19 14:21:01.644]:LDAPToVault ST:Loading Subscriber event transformation policies.
[01/17/19 14:21:01.644]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/sub-etp-eventHandling#XmlData.
[01/17/19 14:21:01.645]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.645]:LDAPToVault ST:Loading Subscriber object matching policies.
[01/17/19 14:21:01.645]:LDAPToVault ST:Policy not found.
[01/17/19 14:21:01.646]:LDAPToVault ST:Loading Subscriber object creation policies.
[01/17/19 14:21:01.646]:LDAPToVault ST:Policy not found.
[01/17/19 14:21:01.646]:LDAPToVault ST:Loading Subscriber object placement policies.
[01/17/19 14:21:01.646]:LDAPToVault ST:Policy not found.
[01/17/19 14:21:01.646]:LDAPToVault ST:Loading Subscriber command transformation policies.
[01/17/19 14:21:01.647]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-TransformDistPwd#XmlData.
[01/17/19 14:21:01.651]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.654]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-DefaultPwd#XmlData.
[01/17/19 14:21:01.654]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.655]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-CheckPwdGCV#XmlData.
[01/17/19 14:21:01.668]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.669]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-AddPwdPayload#XmlData.
[01/17/19 14:21:01.670]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.684]:LDAPToVault ST:Mapping sensitive attribute names to application space
[01/17/19 14:21:01.716]:LDAPToVault ST:Initializing subscriber shim.
[01/17/19 14:21:01.717]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/17/19 14:21:01.718]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:01.719]:LDAPToVault ST: No mapping for class-name 'User'.
[01/17/19 14:21:01.724]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>LDAPToVault(edir_test_kmo)</user>
</authentication-info>
<driver-filter>
<allow-class class-name="User">
<allow-attr attr-name="businessCategory"/>
<allow-attr attr-name="CN"/>
<allow-attr attr-name="DirXML-PasswordSyncStatus"/>
<allow-attr attr-name="eduPersonAffiliation"/>
<allow-attr attr-name="eduPersonPrimaryAffiliation"/>
<allow-attr attr-name="employeeStatus"/>
<allow-attr attr-name="employeeType"/>
<allow-attr attr-name="fcHomeInstitution"/>
<allow-attr attr-name="fcIdNumber"/>
<allow-attr attr-name="fcPersonAffiliation"/>
<allow-attr attr-name="Full Name"/>
<allow-attr attr-name="Given Name"/>
<allow-attr attr-name="GUID"/>
<allow-attr attr-name="Initials"/>
<allow-attr attr-name="Internet EMail Address"/>
<allow-attr attr-name="L"/>
<allow-attr attr-name="Login Disabled"/>
<allow-attr attr-name="Login Expiration Time"/>
<allow-attr attr-name="mailstop"/>
<allow-attr attr-name="manager"/>
<allow-attr attr-name="managerWorkforceID"/>
<allow-attr attr-name="mobile"/>
<allow-attr attr-name="OU"/>
<allow-attr attr-name="preferredName"/>
<allow-attr attr-name="scApps"/>
<allow-attr attr-name="scPerson2FA"/>
<allow-attr attr-name="scPersonGradClass"/>
<allow-attr attr-name="scPersonHomeEmail"/>
<allow-attr attr-name="scPersonMaj2Minor"/>
<allow-attr attr-name="scPersonMajor"/>
<allow-attr attr-name="Surname"/>
<allow-attr attr-name="Telephone Number"/>
<allow-attr attr-name="Title"/>
<allow-attr attr-name="UID"/>
<allow-attr attr-name="uniqueID"/>
<allow-attr attr-name="workforceID"/>
</allow-class>
</driver-filter>
<subscriber-options>
<remote-address display-name="Address or host name of remote publisher"></remote-address>
<specify-port display-name="TCP port">default</specify-port>
<remote-port display-name="Port number">8192</remote-port>
<advanced-options display-name="Advanced options">hide</advanced-options>
<socket-local-bind display-name="Socket local bind">default</socket-local-bind>
<local-address display-name="Local bind address for publisher socket"></local-address>
<keep-alive-interval display-name="Receive timeout in minutes">1</keep-alive-interval>
</subscriber-options>
</init-params>
</input>
</nds>
[01/17/19 14:21:01.727]:LDAPToVault ST:: Connection parameters: host = '131.229.64.136' port = 8192 KMO = 'LDAPToVault(edir_test_kmo)'
[01/17/19 14:21:01.740]:LDAPToVault ST:SubscriptionShim.init() returned:
[01/17/19 14:21:01.740]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:01.740]:LDAPToVault ST:Applying input transformation policies.
[01/17/19 14:21:01.740]:LDAPToVault ST:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 14:21:01.741]:LDAPToVault ST: Applying to status #1.
[01/17/19 14:21:01.741]:LDAPToVault ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 14:21:01.741]:LDAPToVault ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:01.741]:LDAPToVault ST: Rule rejected.
[01/17/19 14:21:01.741]:LDAPToVault ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 14:21:01.742]:LDAPToVault ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:01.742]:LDAPToVault ST: Rule rejected.
[01/17/19 14:21:01.742]:LDAPToVault ST:Policy returned:
[01/17/19 14:21:01.742]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:01.743]:LDAPToVault ST:Applying schema mapping policies to input.
[01/17/19 14:21:01.743]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:01.743]:LDAPToVault ST:Resolving association references.
[01/17/19 14:21:01.743]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'ASAM-platformSetsContainer'.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'ASAM-agentsContainer'.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'nspmPasswordPolicyContainer'.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'uamPosixWorkstation'.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'sssServerPolicies'.
[01/17/19 14:21:01.791]:LDAPToVault ST: No mapping for class-name 'srvprvRbpmTeam'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'srvprvWebAppConfig'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'DirXML-WorkOrder'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'nrfResourceAssociations'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'nrfConfiguration'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'DirXML-Rule'.
[01/17/19 14:21:01.796]:LDAPToVault ST: No mapping for class-name 'ASAM-eventDrivenObjects'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'snmpGroup'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'Template'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'srvprvProxyAssignment'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Trusted Root'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'nrfResourceRequest'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'srvprvDirectoryModel'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'rbsTask2'.
[01/17/19 14:21:01.797]:LDAPToVault ST: No mapping for class-name 'nrfUIConfig'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'External Entity'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'rbsModule2'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'nrfSOD'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'nsimChallengeSet'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'nrfResource'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'ASAM-UIDGIDSetsContainer'.
[01/17/19 14:21:01.798]:LDAPToVault ST: No mapping for class-name 'notfMergeTemplate'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'Messaging Server'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'srvprvRelationship'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'nrfRequest'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'srvprvDelegatorAssignment'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'srvprvProxyDefs'.
[01/17/19 14:21:01.799]:LDAPToVault ST: No mapping for class-name 'Computer'.
[01/17/19 14:21:01.803]:LDAPToVault ST: No mapping for class-name 'RADIUS:Dial Access System'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'ASAM-searchObjectsContainer'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'NDSPKI:SD Key Access Partition'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'ASAM-certificateServices'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'Bindery Queue'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'ASAM-auditServices'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'domain'.
[01/17/19 14:21:01.804]:LDAPToVault ST: No mapping for class-name 'StyleSheet'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'Tree Root'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'DirXML-sapOMRoot'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'NDSPKI:SD Key List'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'srvprvWorkflowDefs'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'srvprvAppDefs'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxExtension'.
[01/17/19 14:21:01.805]:LDAPToVault ST: No mapping for class-name 'rbsScope'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxAudixSubscriber'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'Printer'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'srvprvResourceDefs'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'nrfAttestations'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'srvprvTeamDefs'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'rbsScope2'.
[01/17/19 14:21:01.806]:LDAPToVault ST: No mapping for class-name 'rbsBook'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'ndspkiCRLConfiguration'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'Volume'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'ASAM-censusContainer'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'ASAM-managerServicesContainer'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'ndspkiCertificate'.
[01/17/19 14:21:01.807]:LDAPToVault ST: No mapping for class-name 'nrfResourceAssociation'.
[01/17/19 14:21:01.811]:LDAPToVault ST: No mapping for class-name 'Queue'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'Directory Map'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxSite'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'DirXML-nwoWorkOrder'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'LDAP Server'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'encryptionPolicy'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'SAS:Login Method Container'.
[01/17/19 14:21:01.812]:LDAPToVault ST: No mapping for class-name 'DirXML-GlobalConfigDef'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'CommExec'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'ASAM-webServices'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'DirXML-idPolicyContainer'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'nrfReportDefs'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'ASAM-AssociatedPlatformEObjects'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'nrfRole'.
[01/17/19 14:21:01.813]:LDAPToVault ST: No mapping for class-name 'srvprvDelegationAssignment'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'Country'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Trusted Root Object'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'srvprvRecipReportDefs'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'Message Routing Group'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'ASAM-agent'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'DirXML-GAContact'.
[01/17/19 14:21:01.814]:LDAPToVault ST: No mapping for class-name 'ASAM-eventListener'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Key Material'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'cRLDistributionPoint'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'DirXML-Job'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'srvprvChoice'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'srvprvRecipResourceDefs'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'srvprvQueryDefs'.
[01/17/19 14:21:01.815]:LDAPToVault ST: No mapping for class-name 'Print Server'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'DirXML-Resource'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'ASAM-objectServices'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'DirXML-WorkToDo'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'DirXML-SharedProfileSet'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'nrfResourceDefs'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'SAS:Service'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'srvprvEntityDefs'.
[01/17/19 14:21:01.820]:LDAPToVault ST: No mapping for class-name 'rbsCollection2'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'dynamicGroup'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'Organization'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'Organizational Person'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'srvprvDelegateeAssignment'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'srvprvDelegationDefs'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'srvprvService'.
[01/17/19 14:21:01.821]:LDAPToVault ST: No mapping for class-name 'srvprvServiceDefs'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'Profile'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'Top'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'DirXML-Processes'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'DirXML-idPolicy'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'rbsCollection'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'httpServer'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'rbsModule'.
[01/17/19 14:21:01.822]:LDAPToVault ST: No mapping for class-name 'NCP Server'.
[01/17/19 14:21:01.823]:LDAPToVault ST: No mapping for class-name 'Device'.
[01/17/19 14:21:01.823]:LDAPToVault ST: No mapping for class-name 'dSA'.
[01/17/19 14:21:01.823]:LDAPToVault ST: No mapping for class-name 'rbsRole'.
[01/17/19 14:21:01.823]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Certificate Authority'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'Audit:File Object'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'Bindery Object'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'DirXML-sapOContainer'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'srvprvResource'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'Person'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'Organizational Unit'.
[01/17/19 14:21:01.836]:LDAPToVault ST: No mapping for class-name 'ASAM-searchObject'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'DirXML-SharedProfile'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'nrfNavItem'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'srvprvDirectoryModelConfig'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'MASV:Security Policy'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'nrfResourceRequests'.
[01/17/19 14:21:01.837]:LDAPToVault ST: No mapping for class-name 'applicationProcess'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'DirXML-sapC'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'nrfSODDefs'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'rbsBook2'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'DirXML-Driver'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'SAS:Security'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'DirXML-Entitlement'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'uamPosixConfig'.
[01/17/19 14:21:01.838]:LDAPToVault ST: No mapping for class-name 'DirXML-sapS'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'DirXML-sapO'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'DirXML-Publisher'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'srvprvWorkflow'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'nrfAuthType'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'SAS:Login Policy'.
[01/17/19 14:21:01.839]:LDAPToVault ST: No mapping for class-name 'srvprvDelegateeDefs'.
[01/17/19 14:21:01.843]:LDAPToVault ST: No mapping for class-name 'prSyncPolicy'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'srvprvTheme'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'nrfRequests'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'ASAM-platform'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'nrfAuthTypes'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'Unknown'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'DirXML-Process'.
[01/17/19 14:21:01.844]:LDAPToVault ST: No mapping for class-name 'srvprvRequestDefs'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'nrfReport'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'ASAM-enterpriseUser'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'ndsPredicateStats'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'DirXML-StyleSheet'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'DirXML-sapDMRoot'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'DirXML-sapCContainer'.
[01/17/19 14:21:01.845]:LDAPToVault ST: No mapping for class-name 'nrfRoleDefs'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'ASAM-UIDGIDSet'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'ASAM-manualObjectsContainer'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'WANMAN:LAN Area'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'nspmPolicyAgent'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'srvprvRequest'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'ASAM-eventJournalServices'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'rbsRole2'.
[01/17/19 14:21:01.846]:LDAPToVault ST: No mapping for class-name 'srvprvEntity'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'ASAM-platformSet'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'ndspkiContainer'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'srvprvQuery'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'SAS:NMAS Login Method'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'srvprvAppConfig'.
[01/17/19 14:21:01.847]:LDAPToVault ST: No mapping for class-name 'DirXML-Library'.
[01/17/19 14:21:01.855]:LDAPToVault ST: No mapping for class-name 'ASAM-enterpriseGroup'.
[01/17/19 14:21:01.855]:LDAPToVault ST: No mapping for class-name 'srvprvChoiceDefs'.
[01/17/19 14:21:01.855]:LDAPToVault ST: No mapping for class-name 'AFP Server'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'DirXML-DriverSet'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'ASAM-eventListenersContainer'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'nrfNavItems'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'nrfConfig'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'sasPostLoginMethodContainer'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'RADIUS:Profile'.
[01/17/19 14:21:01.856]:LDAPToVault ST: No mapping for class-name 'Organizational Role'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'DirXML-sapSContainer'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'rbsTask'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'sasPostLoginMethod'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'DirXML-RequestRecord'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'nrfAttestation'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'Alias'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'LDAP Group'.
[01/17/19 14:21:01.857]:LDAPToVault ST: No mapping for class-name 'List'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'DirXML-Subscriber'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'sssServerPolicyOverride'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'applicationEntity'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'Locality'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'srvprvRelationshipDefs'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'nspmPasswordPolicy'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'Group'.
[01/17/19 14:21:01.858]:LDAPToVault ST: No mapping for class-name 'notfTemplateCollection'.
[01/17/19 14:21:01.859]:LDAPToVault ST: No mapping for class-name 'User'.
[01/17/19 14:21:01.859]:LDAPToVault ST: No mapping for class-name 'ASAM-systemContainer'.
[01/17/19 14:21:01.944]:LDAPToVault ST:Application DN form: slash.
[01/17/19 14:21:01.944]:LDAPToVault ST:Creating publisher.
[01/17/19 14:21:01.944]:LDAPToVault ST:Loading Publisher input transformation policies.
[01/17/19 14:21:01.945]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-itp-EmailOnFailedPwdSub#XmlData.
[01/17/19 14:21:01.945]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.992]:LDAPToVault ST:Loading Publisher output transformation policies.
[01/17/19 14:21:01.993]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-otp-EmailOnFailedPwdPub#XmlData.
[01/17/19 14:21:01.993]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:01.995]:LDAPToVault ST:Loading Publisher schema mapping policies.
[01/17/19 14:21:01.997]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/17/19 14:21:01.997]:LDAPToVault ST:Found schema map.
[01/17/19 14:21:01.997]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/17/19 14:21:01.998]:LDAPToVault ST:Found schema map.
[01/17/19 14:21:01.998]:LDAPToVault ST:Loading Publisher event transformation policies.
[01/17/19 14:21:01.998]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-etp-eventHandling#XmlData.
[01/17/19 14:21:01.999]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.002]:LDAPToVault ST:Loading Publisher object matching policies.
[01/17/19 14:21:02.002]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp-Scoping#XmlData.
[01/17/19 14:21:02.003]:LDAPToVault ST:Global Configuration Value replacements made in vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp-Scoping#XmlData:
[01/17/19 14:21:02.003]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.004]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp#XmlData.
[01/17/19 14:21:02.005]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.005]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-mp#XmlData.
[01/17/19 14:21:02.006]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.006]:LDAPToVault ST:Loading Publisher object creation policies.
[01/17/19 14:21:02.006]:LDAPToVault ST:Policy not found.
[01/17/19 14:21:02.007]:LDAPToVault ST:Loading Publisher object placement policies.
[01/17/19 14:21:02.007]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-pp#XmlData.
[01/17/19 14:21:02.016]:LDAPToVault ST:Global Configuration Value replacements made in vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-pp#XmlData:
[01/17/19 14:21:02.016]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.019]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-pp#XmlData.
[01/17/19 14:21:02.020]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.022]:LDAPToVault ST:Loading Publisher command transformation policies.
[01/17/19 14:21:02.022]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-CheckPwdGCV#XmlData.
[01/17/19 14:21:02.023]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.023]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-PublishDistPwd#XmlData.
[01/17/19 14:21:02.040]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.041]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-PublishNDSPwd#XmlData.
[01/17/19 14:21:02.042]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.043]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-AddPwdPayload#XmlData.
[01/17/19 14:21:02.048]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.050]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRPSYN-pub-ctp-PasswordExpirationTime#XmlData.
[01/17/19 14:21:02.050]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.051]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-useCreateTemplate#XmlData.
[01/17/19 14:21:02.059]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.059]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-groupMembership#XmlData.
[01/17/19 14:21:02.060]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.062]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-posixSettings#XmlData.
[01/17/19 14:21:02.063]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.064]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-userMoves#XmlData.
[01/17/19 14:21:02.065]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.067]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-add2FA-attr#XmlData.
[01/17/19 14:21:02.068]:LDAPToVault ST:Found DirXMLScript policy.
[01/17/19 14:21:02.069]:LDAPToVault ST:Creating publisher thread.
[01/17/19 14:21:02.069]:LDAPToVault ST:Publisher thread created.
[01/17/19 14:21:02.070]:LDAPToVault PT:In publisher thread.
[01/17/19 14:21:02.070]:LDAPToVault PT:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/17/19 14:21:02.071]:LDAPToVault ST:Starting event loop.
[01/17/19 14:21:02.072]:LDAPToVault ST:Received state change event.
[01/17/19 14:21:02.072]:LDAPToVault ST:Transitioned from state '%+C%14CStopped%-C' to state '%+C%14CStarting%-C'.
[01/17/19 14:21:02.073]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:02.073]:LDAPToVault PT:Initializing publisher shim.
[01/17/19 14:21:02.074]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>LDAPToVault(edir_test_kmo)</user>
</authentication-info>
<driver-filter/>
<publisher-options>
<specify-port display-name="TCP port">default</specify-port>
<local-port display-name="Port number">8192</local-port>
<advanced-options display-name="Advanced options">show</advanced-options>
<heartbeat-on display-name="Periodic heartbeat documents">false</heartbeat-on>
<pub-heartbeat-interval display-name="Heartbeat interval (in minutes)">1</pub-heartbeat-interval>
<local-address display-name="Local bind address for publisher socket"></local-address>
<keep-alive-interval display-name="Receive timeout in minutes">10</keep-alive-interval>
</publisher-options>
</init-params>
</input>
</nds>
[01/17/19 14:21:02.075]:LDAPToVault ST:Successfully processed state change event.
[01/17/19 14:21:02.076]:LDAPToVault ST:Submitting identification query to subscriber shim:
[01/17/19 14:21:02.076]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query event-id="query-driver-ident" scope="entry">
<search-class class-name="__driver_identification_class__"/>
<read-attr/>
</query>
</input>
</nds>
[01/17/19 14:21:02.077]:LDAPToVault ST:SubscriptionShim.execute() returned:
[01/17/19 14:21:02.077]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="__driver_identification_class__">
<attr attr-name="driver-id">
<value type="string">EDIR</value>
</attr>
<attr attr-name="driver-version">
<value type="string">4.0.2.0</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">4</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
</instance>
<status event-id="query-driver-ident" level="success"/>
</output>
</nds>
[01/17/19 14:21:02.078]:LDAPToVault PT:: Connection parameters: port = 8192 KMO = 'LDAPToVault(edir_test_kmo)'
[01/17/19 14:21:02.078]:LDAPToVault PT:PublicationShim.init() returned:
[01/17/19 14:21:02.079]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:02.079]:LDAPToVault PT:Applying input transformation policies.
[01/17/19 14:21:02.079]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 14:21:02.079]:LDAPToVault PT: Applying to status #1.
[01/17/19 14:21:02.079]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 14:21:02.080]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.080]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.080]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 14:21:02.080]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.080]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.080]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.081]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/17/19 14:21:02.081]:LDAPToVault PT:Applying schema mapping policies to input.
[01/17/19 14:21:02.081]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:02.081]:LDAPToVault PT:Resolving association references.
[01/17/19 14:21:02.081]:LDAPToVault PT:: Creating an NTLSServerSocket
[01/17/19 14:21:02.086]:LDAPToVault PT:Receiving DOM document from application.
[01/17/19 14:21:02.087]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.089]:LDAPToVault PT:Applying input transformation policies.
[01/17/19 14:21:02.089]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/17/19 14:21:02.089]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.089]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/17/19 14:21:02.089]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.090]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.090]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/17/19 14:21:02.090]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.090]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.090]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.090]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.091]:LDAPToVault PT:Applying schema mapping policies to input.
[01/17/19 14:21:02.091]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:02.091]:LDAPToVault PT: No mapping for attr-name 'Public Key'.
[01/17/19 14:21:02.091]:LDAPToVault PT:Resolving association references.
[01/17/19 14:21:02.100]:LDAPToVault PT:Applying event transformation policies.
[01/17/19 14:21:02.100]:LDAPToVault PT:Applying policy: %+C%14Cpub-etp-eventHandling%-C.
[01/17/19 14:21:02.100]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.100]:LDAPToVault PT: Evaluating selection criteria for rule 'Veto Delete event and remove assocation'.
[01/17/19 14:21:02.100]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.100]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.100]:LDAPToVault PT: Evaluating selection criteria for rule 'Convert scApps value of "Delete" to a Delete event in the LDAP tree'.
[01/17/19 14:21:02.101]:LDAPToVault PT: (if-op-attr 'scApps' changing-to "Delete") = FALSE.
[01/17/19 14:21:02.101]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.101]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.101]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.102]:LDAPToVault PT:Skipping publisher filter on operation query.
[01/17/19 14:21:02.102]:LDAPToVault PT:Publisher processing query for .
[01/17/19 14:21:02.102]:LDAPToVault PT:Applying command transformation policies.
[01/17/19 14:21:02.102]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[01/17/19 14:21:02.102]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.102]:LDAPToVault PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[01/17/19 14:21:02.102]:LDAPToVault PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[01/17/19 14:21:02.103]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.103]:LDAPToVault PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[01/17/19 14:21:02.103]:LDAPToVault PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[01/17/19 14:21:02.103]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.103]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.103]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.104]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[01/17/19 14:21:02.104]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.104]:LDAPToVault PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[01/17/19 14:21:02.104]:LDAPToVault PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
[01/17/19 14:21:02.104]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.105]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.105]:LDAPToVault PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[01/17/19 14:21:02.105]:LDAPToVault PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
[01/17/19 14:21:02.105]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/17/19 14:21:02.105]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.105]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.105]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.106]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[01/17/19 14:21:02.106]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.106]:LDAPToVault PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[01/17/19 14:21:02.106]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.106]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.107]:LDAPToVault PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[01/17/19 14:21:02.107]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/17/19 14:21:02.107]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.107]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.107]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.115]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[01/17/19 14:21:02.116]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.116]:LDAPToVault PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[01/17/19 14:21:02.116]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.116]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.116]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/17/19 14:21:02.116]:LDAPToVault PT: (if-operation equal "modify") = FALSE.
[01/17/19 14:21:02.117]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.117]:LDAPToVault PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[01/17/19 14:21:02.117]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.117]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/17/19 14:21:02.117]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/17/19 14:21:02.117]:LDAPToVault PT: (if-operation equal "modify") = FALSE.
[01/17/19 14:21:02.117]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.117]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.118]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.118]:LDAPToVault PT:Applying policy: %+C%14CNOVLEDIRPSYN-pub-ctp-PasswordExpirationTime%-C.
[01/17/19 14:21:02.118]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.118]:LDAPToVault PT: Evaluating selection criteria for rule 'Password Expiration Time'.
[01/17/19 14:21:02.118]:LDAPToVault PT: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
[01/17/19 14:21:02.119]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.119]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.119]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.119]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-useCreateTemplate%-C.
[01/17/19 14:21:02.119]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.120]:LDAPToVault PT: Evaluating selection criteria for rule 'Set template to use on User create'.
[01/17/19 14:21:02.120]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.120]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.120]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.120]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.120]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-groupMembership%-C.
[01/17/19 14:21:02.121]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.121]:LDAPToVault PT: Evaluating selection criteria for rule 'Set Department Group for Div 1, 2 and 3'.
[01/17/19 14:21:02.121]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.121]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.121]:LDAPToVault PT: Evaluating selection criteria for rule 'Set Department Group Membership on Remaining Users'.
[01/17/19 14:21:02.121]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.121]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.122]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.122]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.122]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-posixSettings%-C.
[01/17/19 14:21:02.122]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.122]:LDAPToVault PT: Evaluating selection criteria for rule 'Set posixAccount class and attribute values on User Add event'.
[01/17/19 14:21:02.123]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.123]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.123]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.123]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.123]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-userMoves%-C.
[01/17/19 14:21:02.124]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.124]:LDAPToVault PT: Evaluating selection criteria for rule 'Move User when scPersonDeptCode or scDivisionCode changes.'.
[01/17/19 14:21:02.124]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/17/19 14:21:02.124]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.124]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.124]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.125]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-add2FA-attr%-C.
[01/17/19 14:21:02.125]:LDAPToVault PT: Applying to query #1.
[01/17/19 14:21:02.125]:LDAPToVault PT: Evaluating selection criteria for rule 'Add scPersonMFA if scapps is duo'.
[01/17/19 14:21:02.125]:LDAPToVault PT: (if-src-attr 'scApps' equal "duo") = FALSE.
[01/17/19 14:21:02.125]:LDAPToVault PT: (if-src-attr 'scApps' equal "duostu") = FALSE.
[01/17/19 14:21:02.126]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.126]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.126]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/17/19 14:21:02.126]:LDAPToVault PT:Filtering out notification-only attributes.
[01/17/19 14:21:02.126]:LDAPToVault PT:Pumping XDS to eDirectory.
[01/17/19 14:21:02.127]:LDAPToVault PT:Performing operation query for \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/17/19 14:21:02.127]:LDAPToVault PT:--JCLNT-- \EDIRTEST_TREE\sc\driverset\LDAPToVault - Publisher : Duplicating : context = 1365770331, tempContext = 1365770332
[01/17/19 14:21:02.127]:LDAPToVault PT:--JCLNT-- \EDIRTEST_TREE\sc\driverset\LDAPToVault - Publisher : Calling free on tempContext = 1365770332
[01/17/19 14:21:02.128]:LDAPToVault PT:Fixing up association references.
[01/17/19 14:21:02.128]:LDAPToVault PT:Applying schema mapping policies to output.
[01/17/19 14:21:02.128]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:21:02.128]:LDAPToVault PT: No mapping for class-name 'DirXML-Driver'.
[01/17/19 14:21:02.128]:LDAPToVault PT:Applying output transformation policies.
[01/17/19 14:21:02.128]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[01/17/19 14:21:02.129]:LDAPToVault PT: Applying to instance #1.
[01/17/19 14:21:02.129]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/17/19 14:21:02.129]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.129]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.129]:LDAPToVault PT: Applying to status #2.
[01/17/19 14:21:02.129]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/17/19 14:21:02.130]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/17/19 14:21:02.130]:LDAPToVault PT: Rule rejected.
[01/17/19 14:21:02.130]:LDAPToVault PT:Policy returned:
[01/17/19 14:21:02.130]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=sc\CN=driverset\CN=LDAPToVault" src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" src-entry-id="33751"/>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/17/19 14:21:02.131]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=sc\CN=driverset\CN=LDAPToVault" src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" src-entry-id="33751"/>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/17/19 14:21:02.131]:LDAPToVault PT:: Need new connection; Waiting for remote Subscriber to connect...
[01/17/19 14:21:02.184]:LDAPToVault ST:Received state change event.
[01/17/19 14:21:02.185]:LDAPToVault ST:Transitioned from state '%+C%14CStarting%-C' to state '%+C%14CRunning%-C'.
[01/17/19 14:21:02.186]:LDAPToVault ST:Successfully processed state change event
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

So you don't think the "Connection Refused" is the problem?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

Not if that is the only place we see it.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

Also, I just realized this awesome IDM conversation is in the eDir forum.
You may be able to get more help if the whole thing is created over there.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

I tried to get a trace of the test VaultToLDAP driver restarting, but it is messed up as well. It takes forever to shut down - doesn't really ever shut down properly, I think. It won't restart because it says "address already in use" - I assume because it hasn't really let go of the port. But the fact that you can't shut it down/restart it without it freaking out... It's doing that thing in iManager where the driver status light blinks as you try to restart/stop it.

Well, for what it's worth:


[01/17/19 14:47:54.738]:VaultToLDAP PT:Applying schema mapping policies to input.
[01/17/19 14:47:54.738]:VaultToLDAP PT:Applying policy: %+C%14CMappingRule%-C.
[01/17/19 14:47:54.738]:VaultToLDAP PT:Resolving association references.
[01/17/19 14:47:54.738]:VaultToLDAP PT:
DirXML Log Event -------------------
Driver: \TVAULT-TREE\sc\driverset\VaultToLDAP
Channel: Publisher
Status: Fatal
Message: Address already in use
[01/17/19 14:47:54.739]:VaultToLDAP PT:
DirXML Log Event -------------------
Driver: \TVAULT-TREE\sc\driverset\VaultToLDAP
Channel: Publisher
Status: Fatal
Message: Code(-9005) The driver returned a "fatal" status indicating that the driver should be shut down. Detail
from driver: Address already in use<application>DirXML</application>

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: "Vetoed by filter" error but filter has been changed.

On 01/17/2019 01:04 PM, kborecky wrote:
>
> I tried to get a trace of the test VaultToLDAP driver restarting, but it
> is messed up as well. It takes forever to shut down - doesn't really
> ever shut down properly, I think. It won't restart because it says
> "address already in use" - I assume because it hasn't really let go of
> the port. But the fact that you can't shut it down/restart it without it
> freaking out... It's doing that thing in iManager where the driver
> status light blinks as you try to restart/stop it.


Blinking when shutting down is literally the 'Shutdown Pending' state
Most of the time it's just so quick that you miss it. When you get in
this state an eDirectory restart is sometimes required, as something is
stuck in there, assuming of course you have not assigned the same IP and
port to two different driver objects, or local services, or anything,
since in that case the fix is to correct that misconfiguration.

> Well, for what it's worth:
>
> Code:
> --------------------
>
> [01/17/19 14:47:54.738]:VaultToLDAP PT:Applying schema mapping policies to input.
> [01/17/19 14:47:54.738]:VaultToLDAP PT:Applying policy: %+C%14CMappingRule%-C.
> [01/17/19 14:47:54.738]:VaultToLDAP PT:Resolving association references.
> [01/17/19 14:47:54.738]:VaultToLDAP PT:
> DirXML Log Event -------------------
> Driver: \TVAULT-TREE\sc\driverset\VaultToLDAP
> Channel: Publisher
> Status: Fatal
> Message: Address already in use
> [01/17/19 14:47:54.739]:VaultToLDAP PT:
> DirXML Log Event -------------------
> Driver: \TVAULT-TREE\sc\driverset\VaultToLDAP
> Channel: Publisher
> Status: Fatal
> Message: Code(-9005) The driver returned a "fatal" status indicating that the driver should be shut down. Detail
> from driver: Address already in use<application>DirXML</application>


Yes, that's not great. I'd probably bounce eDirectory and see if that
helps, but be sure you do not have two eDirectory driver config objects,
on this side of the connection, both listening on (probably) port 8196,
since that will never work.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

I've narrowed down the problem, I think. I changed the ports on both edir drivers to 8196 (from 8192) and they both started up! - but were "waiting for connection" from the other server. I thought maybe since I changed the ports, the certs needed to be regenerated? Well, when I did that, it said it was going to have to restart the driver - ok. It chewed on it for a while, and then I was back to driver not shutting down properly and being in a constant state of Address Unavailable confusion.

So, I don't know what that Identity Manager 'create edir driver certs' Utility does, but in my case, it is Not Good. I'm going to switch the ports back to 8192 to clear out the mess, and then do the certs by hand. Good times.
0 Likes
kborecky1 Absent Member.
Absent Member.

Re: "Vetoed by filter" error but filter has been changed.

Still getting the filter error. Here's the trace from the target server:


[01/22/19 11:08:48.852]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:08:48.852]:LDAPToVault PT:Applying input transformation policies.
[01/22/19 11:08:48.853]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/22/19 11:08:48.853]:LDAPToVault PT: Applying to status #1.
[01/22/19 11:08:48.853]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/22/19 11:08:48.853]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:08:48.854]:LDAPToVault PT: Rule rejected.
[01/22/19 11:08:48.854]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/22/19 11:08:48.854]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:08:48.854]:LDAPToVault PT: Rule rejected.
[01/22/19 11:08:48.854]:LDAPToVault PT:Policy returned:
[01/22/19 11:08:48.855]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:08:48.856]:LDAPToVault PT:Applying schema mapping policies to input.
[01/22/19 11:08:48.856]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:08:48.857]:LDAPToVault PT:Resolving association references.
[01/22/19 11:08:48.857]:LDAPToVault PT:Ending publisher thread.
[01/22/19 11:08:48.857]:LDAPToVault ST:Publisher thread terminated.
[01/22/19 11:08:48.895]:LDAPToVault ST:Driver terminated.
[01/22/19 11:08:48.898]:LDAPToVault ST:Writing XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-PersistentData.
[01/22/19 11:13:18.493]:LDAPToVault :Reading named passwords list.
[01/22/19 11:13:18.494]:LDAPToVault :Named passwords:
[01/22/19 11:13:18.495]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-EngineControlValues.
[01/22/19 11:13:18.501]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/NOVLCOMSET-GCVs#DirXML-ConfigValues.
[01/22/19 11:13:18.502]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset#DirXML-ConfigValues.
[01/22/19 11:13:18.503]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLEDIRDCFG-GCVs#DirXML-ConfigValues.
[01/22/19 11:13:18.504]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLEDIRPSYN-GCVs#DirXML-ConfigValues.
[01/22/19 11:13:18.509]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ConfigValues.
[01/22/19 11:13:18.510]:LDAPToVault :Multiple definition found for Global Config Value 'enable-password-subscribe'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.510]:LDAPToVault :Multiple definition found for Global Config Value 'enable-password-publish'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.511]:LDAPToVault :Multiple definition found for Global Config Value 'publish-password-to-nds'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.511]:LDAPToVault :Multiple definition found for Global Config Value 'publish-password-to-dp'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.511]:LDAPToVault :Multiple definition found for Global Config Value 'enforce-password-policy'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.512]:LDAPToVault :Multiple definition found for Global Config Value 'reset-external-password-on-failure'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.512]:LDAPToVault :Multiple definition found for Global Config Value 'notify-user-on-password-dist-failure'. Using definition from \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.512]:LDAPToVault :Global Configuration Values:
[01/22/19 11:13:18.512]:LDAPToVault : Name: enable-password-publish Value: true
[01/22/19 11:13:18.512]:LDAPToVault : Name: publish-password-to-nds Value: false
[01/22/19 11:13:18.513]:LDAPToVault : Name: publish-password-to-dp Value: true
[01/22/19 11:13:18.513]:LDAPToVault : Name: enforce-password-policy Value: false
[01/22/19 11:13:18.513]:LDAPToVault : Name: reset-external-password-on-failure Value: false
[01/22/19 11:13:18.513]:LDAPToVault : Name: enable-password-subscribe Value: true
[01/22/19 11:13:18.513]:LDAPToVault : Name: notify-user-on-password-dist-failure Value: false
[01/22/19 11:13:18.513]:LDAPToVault : Name: drv.publisher.placement.type Value: mirrored
[01/22/19 11:13:18.513]:LDAPToVault : Name: drv.remote.dit.data.users Value: sc\users
[01/22/19 11:13:18.514]:LDAPToVault : Name: drv.remote.dit.data.groups Value: sc\groups
[01/22/19 11:13:18.514]:LDAPToVault : Name: ConnectedSystemName Value: eDirectory
[01/22/19 11:13:18.514]:LDAPToVault : Name: idv.dit.data.users Value: sc\testUsers
[01/22/19 11:13:18.514]:LDAPToVault : Name: idv.dit.data.groups Value: sc
[01/22/19 11:13:18.514]:LDAPToVault : Name: dirxml.auto.treename Value: EDIRTEST_TREE
[01/22/19 11:13:18.514]:LDAPToVault : Name: dirxml.auto.driverdn Value: \EDIRTEST_TREE\sc\driverset\LDAPToVault
[01/22/19 11:13:18.514]:LDAPToVault : Name: dirxml.auto.driverguid Value: {77558B83-549F-495a-C492-838B55779F54}
[01/22/19 11:13:18.515]:LDAPToVault : Name: dirxml.auto.localserverdn Value: CN=edir-test,O=sc
[01/22/19 11:13:18.515]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ReciprocalAttrMap.
[01/22/19 11:13:18.515]:LDAPToVault :Loaded reciprocal attribute map
[01/22/19 11:13:18.516]:LDAPToVault :
<reciprocal-links/>
[01/22/19 11:13:18.517]:LDAPToVault :Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-PersistentData.
[01/22/19 11:13:18.518]:LDAPToVault :Loaded persistent data
[01/22/19 11:13:18.519]:LDAPToVault :
<persistent-data>
<op-counters last-reset-time="1384200721441">
<subscriber>
<counters index="0">
<modify>232959</modify>
<add>1199</add>
<sync>1410</sync>
<delete>12158</delete>
</counters>
<counters index="1">
<modify>232959</modify>
<sync>1410</sync>
<delete>12157</delete>
</counters>
<counters index="2">
<query>1417</query>
<modify-password>1</modify-password>
<add>232958</add>
<delete>152</delete>
</counters>
<counters index="3">
<query>1417</query>
<modify-password>1</modify-password>
<add>232958</add>
<delete>152</delete>
</counters>
<counters index="4">
<status>234518</status>
<instance>1412</instance>
</counters>
</subscriber>
<publisher>
<counters index="0">
<status>42</status>
<modify>81734</modify>
<query>103</query>
<modify-password>26503</modify-password>
<add>58515</add>
<delete>21038</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
</counters>
<counters index="1">
<status>42</status>
<modify>72658</modify>
<query>103</query>
<modify-password>26503</modify-password>
<add>58515</add>
<delete>9148</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
<remove-association>30041</remove-association>
</counters>
<counters index="2">
<status>42</status>
<modify>81734</modify>
<query>103</query>
<modify-password>26503</modify-password>
<add>58515</add>
<delete>21038</delete>
<rename>2</rename>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
</counters>
<counters index="3">
<status>42</status>
<modify>67023</modify>
<query>97395</query>
<modify-password>26253</modify-password>
<add>29727</add>
<delete>9148</delete>
<rename>2</rename>
<move>396</move>
<query-schema>1</query-schema>
<check-object-password>5</check-object-password>
<remove-association>30042</remove-association>
</counters>
<counters index="4">
<status>295036</status>
<instance>67639</instance>
<schema-def>1</schema-def>
</counters>
</publisher>
</op-counters>
</persistent-data>
[01/22/19 11:13:18.524]:LDAPToVault :Found subscriber sc\driverset\LDAPToVault\Subscriber.
[01/22/19 11:13:18.526]:LDAPToVault :Found publisher sc\driverset\LDAPToVault\Publisher.
[01/22/19 11:13:18.526]:LDAPToVault :Creating subscriber thread.
[01/22/19 11:13:18.527]:LDAPToVault ST:Subscriber thread starting.
[01/22/19 11:13:18.560]:LDAPToVault ST:Initializing driver shim.
[01/22/19 11:13:18.560]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ApplicationSchema.
[01/22/19 11:13:18.755]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ConfigManifest.
[01/22/19 11:13:18.756]:LDAPToVault ST:Reading driver information from the \EDIRTEST_TREE\sc\driverset\LDAPToVault object.
[01/22/19 11:13:18.756]:LDAPToVault ST:Loading Java shim com.novell.nds.dirxml.driver.nds.DriverShimImpl.
[01/22/19 11:13:18.757]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/22/19 11:13:18.759]:LDAPToVault ST:Named password 'store-password' not found in driver configuration element 'Keystore password - required' (store-password).
[01/22/19 11:13:18.759]:LDAPToVault ST:Named password 'key-password' not found in driver configuration element 'Certificate password (key password) - required' (key-password).
[01/22/19 11:13:18.763]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>XLDAPToVault:LDAPToVault</user>
</authentication-info>
<driver-options>
<use-keystore-ssl display-name="SSL type">false</use-keystore-ssl>
<keystore-name display-name="Name of keystore file - required"></keystore-name>
<store-password display-name="Keystore password - required" is-sensitive="true" type="password-ref"/>
<server-key-alias display-name="Name of certificate (key alias) - required"></server-key-alias>
<key-password display-name="Certificate password (key password) - required" is-sensitive="true" type="password-ref"/>
<ssl-advanced display-name="Advanced options">hide</ssl-advanced>
<reverse-handshake display-name="Subscriber acts as server for SSL handshake">no</reverse-handshake>
<disable-mutual-authentication display-name="Disable mutual authentication - only used if acting as server">no</disable-mutual-authentication>
</driver-options>
</init-params>
</input>
</nds>
[01/22/19 11:13:18.779]:LDAPToVault ST:DriverShim.init() returned:
[01/22/19 11:13:18.779]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success">
<provides-secure-channel>true</provides-secure-channel>
</status>
</output>
</nds>
[01/22/19 11:13:18.780]:LDAPToVault ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33751.lg
[01/22/19 11:13:18.780]:LDAPToVault ST:Restricting file Permission for /var/opt/novell/eDirectory/data/dib/dx33751.db
[01/22/19 11:13:18.783]:LDAPToVault :: Connection monitor thread starting.
[01/22/19 11:13:18.796]:LDAPToVault ST:Initializing ECMAScript extensions.
[01/22/19 11:13:18.798]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-DriverFilter.
[01/22/19 11:13:18.800]:LDAPToVault ST:Loaded filter.
[01/22/19 11:13:18.801]:LDAPToVault ST:
<filter>
<filter-class class-name="User" publisher="ignore" publisher-create-homedir="true" publisher-track-template-member="true" subscriber="sync">
<filter-attr attr-name="nspmDistributionPassword" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="notify"/>
<filter-attr attr-name="city" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="CN" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="co" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Description" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="EMail Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="employeeStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="employeeType" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Equivalent To Me" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Full Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Given Name" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Group Membership" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
<filter-attr attr-name="Initials" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Internet EMail Address" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="jobCode" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="L" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Language" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Login Disabled" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="manager" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="managerWorkforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mobile" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="OU" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Physical Delivery Office Name" publisher="sync" subscriber="ignore"/>
<filter-attr attr-name="Postal Address" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Code" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Postal Office Box" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="preferredName" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="roomNumber" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="S" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="SA" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Security Equals" publisher="ignore" subscriber="ignore"/>
<filter-attr attr-name="Surname" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Telephone Number" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Title" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="UID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="workforceID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-PasswordSyncStatus" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="DirXML-ADAliasName" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="businessCategory" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcIdNumber" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcHomeInstitution" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="mailstop" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonGradClass" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMaj2Minor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonMajor" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonDeptCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scDivisionCode" merge-authority="default" publisher="notify" publisher-optimize-modify="true" subscriber="ignore"/>
<filter-attr attr-name="scApps" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPersonHomeEmail" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="eduPersonPrimaryAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="fcPersonAffiliation" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="uniqueID" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="Login Expiration Time" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
<filter-attr attr-name="scPerson2FA" merge-authority="default" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
</filter-class>
<filter-class class-name="Group" publisher="ignore" subscriber="ignore">
<filter-attr attr-name="CN" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
<filter-attr attr-name="GUID" merge-authority="none" subscriber="sync"/>
</filter-class>
</filter>
[01/22/19 11:13:18.826]:LDAPToVault ST:Initializing subscriber sc\driverset\LDAPToVault\Subscriber for \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:18.826]:LDAPToVault ST:Loading Subscriber input transformation policies.
[01/22/19 11:13:18.827]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-itp-EmailOnFailedPwdSub#XmlData.
[01/22/19 11:13:18.844]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.848]:LDAPToVault ST:Loading Subscriber output transformation policies.
[01/22/19 11:13:18.849]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-otp-EmailOnFailedPwdPub#XmlData.
[01/22/19 11:13:18.850]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.868]:LDAPToVault ST:Loading Subscriber schema mapping policies.
[01/22/19 11:13:18.869]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/22/19 11:13:18.869]:LDAPToVault ST:Found schema map.
[01/22/19 11:13:18.870]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/22/19 11:13:18.870]:LDAPToVault ST:Found schema map.
[01/22/19 11:13:18.871]:LDAPToVault ST:Loading policies.
[01/22/19 11:13:18.871]:LDAPToVault ST:Loading Subscriber event transformation policies.
[01/22/19 11:13:18.879]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/sub-etp-eventHandling#XmlData.
[01/22/19 11:13:18.880]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.880]:LDAPToVault ST:Loading Subscriber object matching policies.
[01/22/19 11:13:18.881]:LDAPToVault ST:Policy not found.
[01/22/19 11:13:18.881]:LDAPToVault ST:Loading Subscriber object creation policies.
[01/22/19 11:13:18.881]:LDAPToVault ST:Policy not found.
[01/22/19 11:13:18.881]:LDAPToVault ST:Loading Subscriber object placement policies.
[01/22/19 11:13:18.881]:LDAPToVault ST:Policy not found.
[01/22/19 11:13:18.881]:LDAPToVault ST:Loading Subscriber command transformation policies.
[01/22/19 11:13:18.882]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-TransformDistPwd#XmlData.
[01/22/19 11:13:18.882]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.893]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-DefaultPwd#XmlData.
[01/22/19 11:13:18.894]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.895]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-CheckPwdGCV#XmlData.
[01/22/19 11:13:18.896]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.897]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Subscriber/NOVLPWDSYNC-sub-ctp-AddPwdPayload#XmlData.
[01/22/19 11:13:18.898]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:18.910]:LDAPToVault ST:Mapping sensitive attribute names to application space
[01/22/19 11:13:18.940]:LDAPToVault ST:Initializing subscriber shim.
[01/22/19 11:13:18.940]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/22/19 11:13:18.942]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:18.953]:LDAPToVault ST: No mapping for class-name 'User'.
[01/22/19 11:13:18.953]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>XLDAPToVault:LDAPToVault</user>
</authentication-info>
<driver-filter>
<allow-class class-name="User">
<allow-attr attr-name="businessCategory"/>
<allow-attr attr-name="CN"/>
<allow-attr attr-name="DirXML-PasswordSyncStatus"/>
<allow-attr attr-name="eduPersonAffiliation"/>
<allow-attr attr-name="eduPersonPrimaryAffiliation"/>
<allow-attr attr-name="employeeStatus"/>
<allow-attr attr-name="employeeType"/>
<allow-attr attr-name="fcHomeInstitution"/>
<allow-attr attr-name="fcIdNumber"/>
<allow-attr attr-name="fcPersonAffiliation"/>
<allow-attr attr-name="Full Name"/>
<allow-attr attr-name="Given Name"/>
<allow-attr attr-name="GUID"/>
<allow-attr attr-name="Initials"/>
<allow-attr attr-name="Internet EMail Address"/>
<allow-attr attr-name="L"/>
<allow-attr attr-name="Login Disabled"/>
<allow-attr attr-name="Login Expiration Time"/>
<allow-attr attr-name="mailstop"/>
<allow-attr attr-name="manager"/>
<allow-attr attr-name="managerWorkforceID"/>
<allow-attr attr-name="mobile"/>
<allow-attr attr-name="OU"/>
<allow-attr attr-name="preferredName"/>
<allow-attr attr-name="scApps"/>
<allow-attr attr-name="scPerson2FA"/>
<allow-attr attr-name="scPersonGradClass"/>
<allow-attr attr-name="scPersonHomeEmail"/>
<allow-attr attr-name="scPersonMaj2Minor"/>
<allow-attr attr-name="scPersonMajor"/>
<allow-attr attr-name="Surname"/>
<allow-attr attr-name="Telephone Number"/>
<allow-attr attr-name="Title"/>
<allow-attr attr-name="UID"/>
<allow-attr attr-name="uniqueID"/>
<allow-attr attr-name="workforceID"/>
</allow-class>
</driver-filter>
<subscriber-options>
<remote-address display-name="Address or host name of remote publisher"></remote-address>
<specify-port display-name="TCP port">default</specify-port>
<remote-port display-name="Port number">8192</remote-port>
<advanced-options display-name="Advanced options">hide</advanced-options>
<socket-local-bind display-name="Socket local bind">default</socket-local-bind>
<local-address display-name="Local bind address for publisher socket"></local-address>
<keep-alive-interval display-name="Receive timeout in minutes">1</keep-alive-interval>
</subscriber-options>
</init-params>
</input>
</nds>
[01/22/19 11:13:18.957]:LDAPToVault ST:: Connection parameters: host = '131.229.64.136' port = 8192 KMO = 'XLDAPToVault'
[01/22/19 11:13:18.958]:LDAPToVault ST:SubscriptionShim.init() returned:
[01/22/19 11:13:18.958]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:13:18.958]:LDAPToVault ST:Applying input transformation policies.
[01/22/19 11:13:18.958]:LDAPToVault ST:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/22/19 11:13:18.959]:LDAPToVault ST: Applying to status #1.
[01/22/19 11:13:18.959]:LDAPToVault ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/22/19 11:13:18.959]:LDAPToVault ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:18.959]:LDAPToVault ST: Rule rejected.
[01/22/19 11:13:18.960]:LDAPToVault ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/22/19 11:13:18.960]:LDAPToVault ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:18.960]:LDAPToVault ST: Rule rejected.
[01/22/19 11:13:18.960]:LDAPToVault ST:Policy returned:
[01/22/19 11:13:18.960]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:13:18.961]:LDAPToVault ST:Applying schema mapping policies to input.
[01/22/19 11:13:18.961]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:18.961]:LDAPToVault ST:Resolving association references.
[01/22/19 11:13:18.961]:LDAPToVault ST:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:18.967]:LDAPToVault ST: No mapping for class-name 'ASAM-platformSetsContainer'.
[01/22/19 11:13:18.967]:LDAPToVault ST: No mapping for class-name 'ASAM-agentsContainer'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'nspmPasswordPolicyContainer'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'uamPosixWorkstation'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'sssServerPolicies'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'srvprvRbpmTeam'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'srvprvWebAppConfig'.
[01/22/19 11:13:18.968]:LDAPToVault ST: No mapping for class-name 'DirXML-WorkOrder'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'nrfResourceAssociations'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'nrfConfiguration'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'DirXML-Rule'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'ASAM-eventDrivenObjects'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'snmpGroup'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'Template'.
[01/22/19 11:13:18.969]:LDAPToVault ST: No mapping for class-name 'srvprvProxyAssignment'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Trusted Root'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'nrfResourceRequest'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'srvprvDirectoryModel'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'rbsTask2'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'nrfUIConfig'.
[01/22/19 11:13:18.970]:LDAPToVault ST: No mapping for class-name 'External Entity'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'rbsModule2'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'nrfSOD'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'nsimChallengeSet'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'nrfResource'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'ASAM-UIDGIDSetsContainer'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'notfMergeTemplate'.
[01/22/19 11:13:18.971]:LDAPToVault ST: No mapping for class-name 'Messaging Server'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'srvprvRelationship'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'nrfRequest'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'srvprvDelegatorAssignment'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'srvprvProxyDefs'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'Computer'.
[01/22/19 11:13:18.972]:LDAPToVault ST: No mapping for class-name 'RADIUS:Dial Access System'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'ASAM-searchObjectsContainer'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'NDSPKI:SD Key Access Partition'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'ASAM-certificateServices'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'Bindery Queue'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'ASAM-auditServices'.
[01/22/19 11:13:18.973]:LDAPToVault ST: No mapping for class-name 'domain'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'StyleSheet'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'Tree Root'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'DirXML-sapOMRoot'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'NDSPKI:SD Key List'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'srvprvWorkflowDefs'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'srvprvAppDefs'.
[01/22/19 11:13:18.974]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxExtension'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'rbsScope'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxAudixSubscriber'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'Printer'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'srvprvResourceDefs'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'nrfAttestations'.
[01/22/19 11:13:18.975]:LDAPToVault ST: No mapping for class-name 'srvprvTeamDefs'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'rbsScope2'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'rbsBook'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'ndspkiCRLConfiguration'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'Volume'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'ASAM-censusContainer'.
[01/22/19 11:13:18.976]:LDAPToVault ST: No mapping for class-name 'ASAM-managerServicesContainer'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'ndspkiCertificate'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'nrfResourceAssociation'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'Queue'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'Directory Map'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'DirXML-pbxSite'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'DirXML-nwoWorkOrder'.
[01/22/19 11:13:18.977]:LDAPToVault ST: No mapping for class-name 'LDAP Server'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'encryptionPolicy'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'SAS:Login Method Container'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'DirXML-GlobalConfigDef'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'CommExec'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'ASAM-webServices'.
[01/22/19 11:13:18.978]:LDAPToVault ST: No mapping for class-name 'DirXML-idPolicyContainer'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'nrfReportDefs'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'ASAM-AssociatedPlatformEObjects'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'nrfRole'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'srvprvDelegationAssignment'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'Country'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Trusted Root Object'.
[01/22/19 11:13:18.979]:LDAPToVault ST: No mapping for class-name 'srvprvRecipReportDefs'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'Message Routing Group'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'ASAM-agent'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'DirXML-GAContact'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'ASAM-eventListener'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Key Material'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'cRLDistributionPoint'.
[01/22/19 11:13:18.980]:LDAPToVault ST: No mapping for class-name 'DirXML-Job'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'srvprvChoice'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'srvprvRecipResourceDefs'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'srvprvQueryDefs'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'Print Server'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'DirXML-Resource'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'ASAM-objectServices'.
[01/22/19 11:13:18.981]:LDAPToVault ST: No mapping for class-name 'DirXML-WorkToDo'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'DirXML-SharedProfileSet'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'nrfResourceDefs'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'SAS:Service'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'srvprvEntityDefs'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'rbsCollection2'.
[01/22/19 11:13:18.982]:LDAPToVault ST: No mapping for class-name 'dynamicGroup'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'Organization'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'Organizational Person'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'srvprvDelegateeAssignment'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'srvprvDelegationDefs'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'srvprvService'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'srvprvServiceDefs'.
[01/22/19 11:13:18.983]:LDAPToVault ST: No mapping for class-name 'Profile'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'Top'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'DirXML-Processes'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'DirXML-idPolicy'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'rbsCollection'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'httpServer'.
[01/22/19 11:13:18.984]:LDAPToVault ST: No mapping for class-name 'rbsModule'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'NCP Server'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'Device'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'dSA'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'rbsRole'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'NDSPKI:Certificate Authority'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'Audit:File Object'.
[01/22/19 11:13:18.985]:LDAPToVault ST: No mapping for class-name 'Bindery Object'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'DirXML-sapOContainer'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'srvprvResource'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'Person'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'Organizational Unit'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'ASAM-searchObject'.
[01/22/19 11:13:18.986]:LDAPToVault ST: No mapping for class-name 'DirXML-SharedProfile'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'nrfNavItem'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'srvprvDirectoryModelConfig'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'MASV:Security Policy'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'nrfResourceRequests'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'applicationProcess'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'DirXML-sapC'.
[01/22/19 11:13:18.987]:LDAPToVault ST: No mapping for class-name 'nrfSODDefs'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'rbsBook2'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'DirXML-Driver'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'SAS:Security'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'DirXML-Entitlement'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'uamPosixConfig'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'DirXML-sapS'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'DirXML-sapO'.
[01/22/19 11:13:18.988]:LDAPToVault ST: No mapping for class-name 'DirXML-Publisher'.
[01/22/19 11:13:18.989]:LDAPToVault ST: No mapping for class-name 'srvprvWorkflow'.
[01/22/19 11:13:18.989]:LDAPToVault ST: No mapping for class-name 'nrfAuthType'.
[01/22/19 11:13:18.989]:LDAPToVault ST: No mapping for class-name 'SAS:Login Policy'.
[01/22/19 11:13:18.989]:LDAPToVault ST: No mapping for class-name 'srvprvDelegateeDefs'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'prSyncPolicy'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'srvprvTheme'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'nrfRequests'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'ASAM-platform'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'nrfAuthTypes'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'Unknown'.
[01/22/19 11:13:18.995]:LDAPToVault ST: No mapping for class-name 'DirXML-Process'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'srvprvRequestDefs'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'nrfReport'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'ASAM-enterpriseUser'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'ndsPredicateStats'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'DirXML-StyleSheet'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'DirXML-sapDMRoot'.
[01/22/19 11:13:18.996]:LDAPToVault ST: No mapping for class-name 'DirXML-sapCContainer'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'nrfRoleDefs'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'ASAM-UIDGIDSet'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'ASAM-manualObjectsContainer'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'WANMAN:LAN Area'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'nspmPolicyAgent'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'srvprvRequest'.
[01/22/19 11:13:18.997]:LDAPToVault ST: No mapping for class-name 'ASAM-eventJournalServices'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'rbsRole2'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'srvprvEntity'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'ASAM-platformSet'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'ndspkiContainer'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'srvprvQuery'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'SAS:NMAS Login Method'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'srvprvAppConfig'.
[01/22/19 11:13:18.998]:LDAPToVault ST: No mapping for class-name 'DirXML-Library'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'ASAM-enterpriseGroup'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'srvprvChoiceDefs'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'AFP Server'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'DirXML-DriverSet'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'ASAM-eventListenersContainer'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'nrfNavItems'.
[01/22/19 11:13:18.999]:LDAPToVault ST: No mapping for class-name 'nrfConfig'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'sasPostLoginMethodContainer'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'RADIUS:Profile'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'Organizational Role'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'DirXML-sapSContainer'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'rbsTask'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'sasPostLoginMethod'.
[01/22/19 11:13:19.000]:LDAPToVault ST: No mapping for class-name 'DirXML-RequestRecord'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'nrfAttestation'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'Alias'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'LDAP Group'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'List'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'DirXML-Subscriber'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'sssServerPolicyOverride'.
[01/22/19 11:13:19.001]:LDAPToVault ST: No mapping for class-name 'applicationEntity'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'Locality'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'srvprvRelationshipDefs'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'nspmPasswordPolicy'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'Group'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'notfTemplateCollection'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'User'.
[01/22/19 11:13:19.002]:LDAPToVault ST: No mapping for class-name 'ASAM-systemContainer'.
[01/22/19 11:13:19.088]:LDAPToVault ST:Application DN form: slash.
[01/22/19 11:13:19.088]:LDAPToVault ST:Creating publisher.
[01/22/19 11:13:19.088]:LDAPToVault ST:Loading Publisher input transformation policies.
[01/22/19 11:13:19.089]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-itp-EmailOnFailedPwdSub#XmlData.
[01/22/19 11:13:19.089]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.101]:LDAPToVault ST:Loading Publisher output transformation policies.
[01/22/19 11:13:19.101]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/NOVLPWDSYNC-otp-EmailOnFailedPwdPub#XmlData.
[01/22/19 11:13:19.102]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.110]:LDAPToVault ST:Loading Publisher schema mapping policies.
[01/22/19 11:13:19.110]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/22/19 11:13:19.111]:LDAPToVault ST:Found schema map.
[01/22/19 11:13:19.111]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/MappingRule#XmlData.
[01/22/19 11:13:19.112]:LDAPToVault ST:Found schema map.
[01/22/19 11:13:19.113]:LDAPToVault ST:Loading Publisher event transformation policies.
[01/22/19 11:13:19.114]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-etp-eventHandling#XmlData.
[01/22/19 11:13:19.114]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.115]:LDAPToVault ST:Loading Publisher object matching policies.
[01/22/19 11:13:19.116]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp-Scoping#XmlData.
[01/22/19 11:13:19.116]:LDAPToVault ST:Global Configuration Value replacements made in vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp-Scoping#XmlData:
[01/22/19 11:13:19.116]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.118]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-mp#XmlData.
[01/22/19 11:13:19.118]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.119]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-mp#XmlData.
[01/22/19 11:13:19.123]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.123]:LDAPToVault ST:Loading Publisher object creation policies.
[01/22/19 11:13:19.124]:LDAPToVault ST:Policy not found.
[01/22/19 11:13:19.124]:LDAPToVault ST:Loading Publisher object placement policies.
[01/22/19 11:13:19.124]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-pp#XmlData.
[01/22/19 11:13:19.125]:LDAPToVault ST:Global Configuration Value replacements made in vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRDCFG-pub-pp#XmlData:
[01/22/19 11:13:19.125]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.126]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-pp#XmlData.
[01/22/19 11:13:19.126]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.134]:LDAPToVault ST:Loading Publisher command transformation policies.
[01/22/19 11:13:19.135]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-CheckPwdGCV#XmlData.
[01/22/19 11:13:19.135]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.136]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-PublishDistPwd#XmlData.
[01/22/19 11:13:19.137]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.139]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-PublishNDSPwd#XmlData.
[01/22/19 11:13:19.139]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.141]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLPWDSYNC-pub-ctp-AddPwdPayload#XmlData.
[01/22/19 11:13:19.142]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.144]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/NOVLEDIRPSYN-pub-ctp-PasswordExpirationTime#XmlData.
[01/22/19 11:13:19.144]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.145]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-useCreateTemplate#XmlData.
[01/22/19 11:13:19.146]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.148]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-groupMembership#XmlData.
[01/22/19 11:13:19.149]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.156]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-posixSettings#XmlData.
[01/22/19 11:13:19.157]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.158]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-userMoves#XmlData.
[01/22/19 11:13:19.159]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.165]:LDAPToVault ST:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault/Publisher/pub-ctp-add2FA-attr#XmlData.
[01/22/19 11:13:19.165]:LDAPToVault ST:Found DirXMLScript policy.
[01/22/19 11:13:19.166]:LDAPToVault ST:Creating publisher thread.
[01/22/19 11:13:19.171]:LDAPToVault ST:Publisher thread created.
[01/22/19 11:13:19.172]:LDAPToVault PT:In publisher thread.
[01/22/19 11:13:19.172]:LDAPToVault PT:Reading XML attribute vnd.nds.stream://EDIRTEST_TREE/sc/driverset/LDAPToVault#DirXML-ShimConfigInfo.
[01/22/19 11:13:19.176]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:19.176]:LDAPToVault PT:Initializing publisher shim.
[01/22/19 11:13:19.176]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault">
<authentication-info>
<server>131.229.64.136</server>
<user>XLDAPToVault:LDAPToVault</user>
</authentication-info>
<driver-filter/>
<publisher-options>
<specify-port display-name="TCP port">default</specify-port>
<local-port display-name="Port number">8196</local-port>
<advanced-options display-name="Advanced options">show</advanced-options>
<heartbeat-on display-name="Periodic heartbeat documents">false</heartbeat-on>
<pub-heartbeat-interval display-name="Heartbeat interval (in minutes)">1</pub-heartbeat-interval>
<local-address display-name="Local bind address for publisher socket"></local-address>
<keep-alive-interval display-name="Receive timeout in minutes">10</keep-alive-interval>
</publisher-options>
</init-params>
</input>
</nds>
[01/22/19 11:13:19.178]:LDAPToVault PT:: Connection parameters: port = 8192 KMO = 'LDAPToVault'
[01/22/19 11:13:19.178]:LDAPToVault PT:PublicationShim.init() returned:
[01/22/19 11:13:19.178]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:13:19.178]:LDAPToVault PT:Applying input transformation policies.
[01/22/19 11:13:19.179]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/22/19 11:13:19.179]:LDAPToVault PT: Applying to status #1.
[01/22/19 11:13:19.182]:LDAPToVault ST:Starting event loop.
[01/22/19 11:13:19.191]:LDAPToVault ST:Received state change event.
[01/22/19 11:13:19.192]:LDAPToVault ST:Transitioned from state '%+C%14CStopped%-C' to state '%+C%14CStarting%-C'.
[01/22/19 11:13:19.192]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/22/19 11:13:19.192]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.193]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.193]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/22/19 11:13:19.193]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.193]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.193]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.194]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
[01/22/19 11:13:19.194]:LDAPToVault PT:Applying schema mapping policies to input.
[01/22/19 11:13:19.194]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:19.194]:LDAPToVault PT:Resolving association references.
[01/22/19 11:13:19.195]:LDAPToVault PT:: Creating an NTLSServerSocket
[01/22/19 11:13:19.200]:LDAPToVault ST:Successfully processed state change event.
[01/22/19 11:13:19.200]:LDAPToVault ST:Submitting identification query to subscriber shim:
[01/22/19 11:13:19.200]:LDAPToVault ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query event-id="query-driver-ident" scope="entry">
<search-class class-name="__driver_identification_class__"/>
<read-attr/>
</query>
</input>
</nds>
[01/22/19 11:13:19.201]:LDAPToVault ST:SubscriptionShim.execute() returned:
[01/22/19 11:13:19.201]:LDAPToVault ST:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="__driver_identification_class__">
<attr attr-name="driver-id">
<value type="string">EDIR</value>
</attr>
<attr attr-name="driver-version">
<value type="string">4.0.2.0</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">4</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
</instance>
<status event-id="query-driver-ident" level="success"/>
</output>
</nds>
[01/22/19 11:13:19.236]:LDAPToVault PT:Receiving DOM document from application.
[01/22/19 11:13:19.237]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.240]:LDAPToVault PT:Applying input transformation policies.
[01/22/19 11:13:19.240]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/22/19 11:13:19.241]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.241]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/22/19 11:13:19.242]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.243]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.243]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/22/19 11:13:19.244]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.244]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.245]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.245]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.247]:LDAPToVault PT:Applying schema mapping policies to input.
[01/22/19 11:13:19.247]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:19.247]:LDAPToVault PT: No mapping for attr-name 'Public Key'.
[01/22/19 11:13:19.247]:LDAPToVault PT:Resolving association references.
[01/22/19 11:13:19.248]:LDAPToVault PT:Applying event transformation policies.
[01/22/19 11:13:19.248]:LDAPToVault PT:Applying policy: %+C%14Cpub-etp-eventHandling%-C.
[01/22/19 11:13:19.248]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.248]:LDAPToVault PT: Evaluating selection criteria for rule 'Veto Delete event and remove assocation'.
[01/22/19 11:13:19.248]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.249]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.249]:LDAPToVault PT: Evaluating selection criteria for rule 'Convert scApps value of "Delete" to a Delete event in the LDAP tree'.
[01/22/19 11:13:19.249]:LDAPToVault PT: (if-op-attr 'scApps' changing-to "Delete") = FALSE.
[01/22/19 11:13:19.249]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.249]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.249]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.250]:LDAPToVault PT:Skipping publisher filter on operation query.
[01/22/19 11:13:19.250]:LDAPToVault PT:Publisher processing query for .
[01/22/19 11:13:19.251]:LDAPToVault PT:Applying command transformation policies.
[01/22/19 11:13:19.251]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-CheckPwdGCV%-C.
[01/22/19 11:13:19.251]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.251]:LDAPToVault PT: Evaluating selection criteria for rule 'Block publishing passwords to the Identity Vault when adding an object'.
[01/22/19 11:13:19.251]:LDAPToVault PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[01/22/19 11:13:19.252]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.252]:LDAPToVault PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Vault'.
[01/22/19 11:13:19.252]:LDAPToVault PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
[01/22/19 11:13:19.252]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.252]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.252]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.253]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishDistPwd%-C.
[01/22/19 11:13:19.253]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.253]:LDAPToVault PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
[01/22/19 11:13:19.254]:LDAPToVault PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
[01/22/19 11:13:19.254]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.254]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.254]:LDAPToVault PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
[01/22/19 11:13:19.254]:LDAPToVault PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
[01/22/19 11:13:19.255]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/22/19 11:13:19.255]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.255]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.256]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.256]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-PublishNDSPwd%-C.
[01/22/19 11:13:19.256]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.257]:LDAPToVault PT: Evaluating selection criteria for rule 'Block publishing passwords to eDirectory password'.
[01/22/19 11:13:19.257]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.257]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.257]:LDAPToVault PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the eDirectory password'.
[01/22/19 11:13:19.257]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/22/19 11:13:19.257]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.257]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.258]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.258]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-pub-ctp-AddPwdPayload%-C.
[01/22/19 11:13:19.258]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.259]:LDAPToVault PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
[01/22/19 11:13:19.259]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.259]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.259]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/22/19 11:13:19.259]:LDAPToVault PT: (if-operation equal "modify") = FALSE.
[01/22/19 11:13:19.259]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.260]:LDAPToVault PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
[01/22/19 11:13:19.260]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.260]:LDAPToVault PT: (if-operation equal "add") = FALSE.
[01/22/19 11:13:19.260]:LDAPToVault PT: (if-operation equal "modify-password") = FALSE.
[01/22/19 11:13:19.260]:LDAPToVault PT: (if-operation equal "modify") = FALSE.
[01/22/19 11:13:19.260]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.261]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.262]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.263]:LDAPToVault PT:Applying policy: %+C%14CNOVLEDIRPSYN-pub-ctp-PasswordExpirationTime%-C.
[01/22/19 11:13:19.263]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.263]:LDAPToVault PT: Evaluating selection criteria for rule 'Password Expiration Time'.
[01/22/19 11:13:19.263]:LDAPToVault PT: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
[01/22/19 11:13:19.263]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.263]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.264]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.264]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-useCreateTemplate%-C.
[01/22/19 11:13:19.264]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.264]:LDAPToVault PT: Evaluating selection criteria for rule 'Set template to use on User create'.
[01/22/19 11:13:19.265]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.265]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.265]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.265]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.265]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-groupMembership%-C.
[01/22/19 11:13:19.266]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.266]:LDAPToVault PT: Evaluating selection criteria for rule 'Set Department Group for Div 1, 2 and 3'.
[01/22/19 11:13:19.266]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.266]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.266]:LDAPToVault PT: Evaluating selection criteria for rule 'Set Department Group Membership on Remaining Users'.
[01/22/19 11:13:19.266]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.267]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.267]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.267]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.267]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-posixSettings%-C.
[01/22/19 11:13:19.268]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.268]:LDAPToVault PT: Evaluating selection criteria for rule 'Set posixAccount class and attribute values on User Add event'.
[01/22/19 11:13:19.268]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.268]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.268]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.268]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.269]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-userMoves%-C.
[01/22/19 11:13:19.269]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.269]:LDAPToVault PT: Evaluating selection criteria for rule 'Move User when scPersonDeptCode or scDivisionCode changes.'.
[01/22/19 11:13:19.269]:LDAPToVault PT: (if-class-name equal "User") = FALSE.
[01/22/19 11:13:19.270]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.270]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.270]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.270]:LDAPToVault PT:Applying policy: %+C%14Cpub-ctp-add2FA-attr%-C.
[01/22/19 11:13:19.270]:LDAPToVault PT: Applying to query #1.
[01/22/19 11:13:19.271]:LDAPToVault PT: Evaluating selection criteria for rule 'Add scPersonMFA if scapps is duo'.
[01/22/19 11:13:19.271]:LDAPToVault PT: (if-src-attr 'scApps' equal "duo") = FALSE.
[01/22/19 11:13:19.271]:LDAPToVault PT: (if-src-attr 'scApps' equal "duostu") = FALSE.
[01/22/19 11:13:19.271]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.271]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.271]:LDAPToVault PT:
<nds dtdversion="4.0">
<source>
<product instance="LDAPToVault" version="4.0.2.0">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query dest-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" scope="entry">
<read-attr attr-name="Public Key"/>
</query>
</input>
</nds>
[01/22/19 11:13:19.272]:LDAPToVault PT:Filtering out notification-only attributes.
[01/22/19 11:13:19.272]:LDAPToVault PT:Pumping XDS to eDirectory.
[01/22/19 11:13:19.272]:LDAPToVault PT:Performing operation query for \EDIRTEST_TREE\sc\driverset\LDAPToVault.
[01/22/19 11:13:19.272]:LDAPToVault PT:--JCLNT-- \EDIRTEST_TREE\sc\driverset\LDAPToVault - Publisher : Duplicating : context = 915144790, tempContext = 915144777
[01/22/19 11:13:19.273]:LDAPToVault PT:--JCLNT-- \EDIRTEST_TREE\sc\driverset\LDAPToVault - Publisher : Calling free on tempContext = 915144777
[01/22/19 11:13:19.274]:LDAPToVault PT:Fixing up association references.
[01/22/19 11:13:19.274]:LDAPToVault PT:Applying schema mapping policies to output.
[01/22/19 11:13:19.274]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:13:19.274]:LDAPToVault PT: No mapping for class-name 'DirXML-Driver'.
[01/22/19 11:13:19.274]:LDAPToVault PT:Applying output transformation policies.
[01/22/19 11:13:19.275]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[01/22/19 11:13:19.275]:LDAPToVault PT: Applying to instance #1.
[01/22/19 11:13:19.275]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/22/19 11:13:19.275]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.275]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.276]:LDAPToVault PT: Applying to status #2.
[01/22/19 11:13:19.276]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/22/19 11:13:19.276]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:13:19.276]:LDAPToVault PT: Rule rejected.
[01/22/19 11:13:19.276]:LDAPToVault PT:Policy returned:
[01/22/19 11:13:19.276]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=sc\CN=driverset\CN=LDAPToVault" src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" src-entry-id="33751"/>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/22/19 11:13:19.277]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=sc\CN=driverset\CN=LDAPToVault" src-dn="\EDIRTEST_TREE\sc\driverset\LDAPToVault" src-entry-id="33751"/>
<status event-id="0" level="success"></status>
</output>
</nds>
[01/22/19 11:13:19.278]:LDAPToVault PT:: Need new connection; Waiting for remote Subscriber to connect...
[01/22/19 11:13:19.316]:LDAPToVault ST:Received state change event.
[01/22/19 11:13:19.317]:LDAPToVault ST:Transitioned from state '%+C%14CStarting%-C' to state '%+C%14CRunning%-C'.
[01/22/19 11:13:19.317]:LDAPToVault ST:Successfully processed state change event.
[01/22/19 11:16:11.278]:LDAPToVault PT:: Opening connection...
[01/22/19 11:16:11.280]:LDAPToVault PT:: Connection opened.
[01/22/19 11:16:11.283]:LDAPToVault PT:: handshake
[01/22/19 11:16:11.283]:LDAPToVault PT:: Waiting for receive...
[01/22/19 11:16:11.284]:LDAPToVault PT:: Receiving...
[01/22/19 11:16:11.284]:LDAPToVault PT:: Received.
[01/22/19 11:16:11.284]:LDAPToVault PT:: received key
[01/22/19 11:16:11.286]:LDAPToVault PT:: sending key
[01/22/19 11:16:11.286]:LDAPToVault PT:: Sending...
[01/22/19 11:16:11.287]:LDAPToVault PT:: Document sent.
[01/22/19 11:16:11.287]:LDAPToVault PT:: using non-serialized XML connection method
[01/22/19 11:16:11.287]:LDAPToVault PT:: Waiting for receive...
[01/22/19 11:16:11.374]:LDAPToVault PT:: Received.
[01/22/19 11:16:11.378]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190122161611.053Z" class-name="User" event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" qualified-src-dn="O=sc\OU=users\CN=mmouse" src-dn="\TVAULT-TREE\sc\users\mmouse" src-entry-id="69494" timestamp="0#0">
<association state="migrate"></association>
<add-attr attr-name="businessCategory">
<value timestamp="1547838608#19" type="string">employees</value>
</add-attr>
<add-attr attr-name="CN">
<value naming="true" timestamp="1547838608#43" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547842421#1" type="string">551BD722001BA1472FA3551BD722001B20190118201341211000000000001Code(-8015) Operation vetoed by filter.</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1547838608#15" type="string">employee</value>
<value timestamp="1547838608#16" type="string">staff</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1547838608#25" type="string">Minnie Mouse</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1547838608#26" type="string">Minnie</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1547838608#44" type="octet">yVRL/tPnGEYAvMlUS/7T5w==</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1547838608#22" type="string">mmouse@smith.edu</value>
</add-attr>
<add-attr attr-name="OU">
<value timestamp="1547838608#21" type="string">Facilities Management</value>
</add-attr>
<add-attr attr-name="scApps">
<value timestamp="1547838608#11" type="string">G</value>
<value timestamp="1547838608#12" type="string">L</value>
<value timestamp="1547838608#13" type="string">M</value>
<value timestamp="1547838608#14" type="string">A</value>
</add-attr>
<add-attr attr-name="scPersonDeptCode">
<value timestamp="1547838608#17" type="string">PHP</value>
<value timestamp="1547838608#18" type="string">MISC-AC</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1547838608#27" type="string">Mouse</value>
</add-attr>
<add-attr attr-name="Title">
<value timestamp="1547838608#20" type="string">Test Position</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value timestamp="1547838608#23" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="workforceID">
<value timestamp="1547838608#24" type="string">900000078</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
[01/22/19 11:16:11.391]:LDAPToVault PT:Receiving DOM document from application.
[01/22/19 11:16:11.392]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190122161611.053Z" class-name="User" event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" qualified-src-dn="O=sc\OU=users\CN=mmouse" src-dn="\TVAULT-TREE\sc\users\mmouse" src-entry-id="69494" timestamp="0#0">
<association>{C9544BFE-D3E7-1846-00BC-C9544BFED3E7}</association>
<add-attr attr-name="businessCategory">
<value timestamp="1547838608#19" type="string">employees</value>
</add-attr>
<add-attr attr-name="CN">
<value naming="true" timestamp="1547838608#43" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547842421#1" type="string">551BD722001BA1472FA3551BD722001B20190118201341211000000000001Code(-8015) Operation vetoed by filter.</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1547838608#15" type="string">employee</value>
<value timestamp="1547838608#16" type="string">staff</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1547838608#25" type="string">Minnie Mouse</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1547838608#26" type="string">Minnie</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1547838608#44" type="octet">yVRL/tPnGEYAvMlUS/7T5w==</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1547838608#22" type="string">mmouse@smith.edu</value>
</add-attr>
<add-attr attr-name="OU">
<value timestamp="1547838608#21" type="string">Facilities Management</value>
</add-attr>
<add-attr attr-name="scApps">
<value timestamp="1547838608#11" type="string">G</value>
<value timestamp="1547838608#12" type="string">L</value>
<value timestamp="1547838608#13" type="string">M</value>
<value timestamp="1547838608#14" type="string">A</value>
</add-attr>
<add-attr attr-name="scPersonDeptCode">
<value timestamp="1547838608#17" type="string">PHP</value>
<value timestamp="1547838608#18" type="string">MISC-AC</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1547838608#27" type="string">Mouse</value>
</add-attr>
<add-attr attr-name="Title">
<value timestamp="1547838608#20" type="string">Test Position</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value timestamp="1547838608#23" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="workforceID">
<value timestamp="1547838608#24" type="string">900000078</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
[01/22/19 11:16:11.397]:LDAPToVault PT:Applying input transformation policies.
[01/22/19 11:16:11.397]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[01/22/19 11:16:11.397]:LDAPToVault PT: Applying to add #1.
[01/22/19 11:16:11.397]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[01/22/19 11:16:11.398]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:16:11.398]:LDAPToVault PT: Rule rejected.
[01/22/19 11:16:11.398]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[01/22/19 11:16:11.398]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:16:11.398]:LDAPToVault PT: Rule rejected.
[01/22/19 11:16:11.399]:LDAPToVault PT:Policy returned:
[01/22/19 11:16:11.407]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190122161611.053Z" class-name="User" event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" qualified-src-dn="O=sc\OU=users\CN=mmouse" src-dn="\TVAULT-TREE\sc\users\mmouse" src-entry-id="69494" timestamp="0#0">
<association>{C9544BFE-D3E7-1846-00BC-C9544BFED3E7}</association>
<add-attr attr-name="businessCategory">
<value timestamp="1547838608#19" type="string">employees</value>
</add-attr>
<add-attr attr-name="CN">
<value naming="true" timestamp="1547838608#43" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547842421#1" type="string">551BD722001BA1472FA3551BD722001B20190118201341211000000000001Code(-8015) Operation vetoed by filter.</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1547838608#15" type="string">employee</value>
<value timestamp="1547838608#16" type="string">staff</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1547838608#25" type="string">Minnie Mouse</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1547838608#26" type="string">Minnie</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1547838608#44" type="octet">yVRL/tPnGEYAvMlUS/7T5w==</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1547838608#22" type="string">mmouse@smith.edu</value>
</add-attr>
<add-attr attr-name="OU">
<value timestamp="1547838608#21" type="string">Facilities Management</value>
</add-attr>
<add-attr attr-name="scApps">
<value timestamp="1547838608#11" type="string">G</value>
<value timestamp="1547838608#12" type="string">L</value>
<value timestamp="1547838608#13" type="string">M</value>
<value timestamp="1547838608#14" type="string">A</value>
</add-attr>
<add-attr attr-name="scPersonDeptCode">
<value timestamp="1547838608#17" type="string">PHP</value>
<value timestamp="1547838608#18" type="string">MISC-AC</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1547838608#27" type="string">Mouse</value>
</add-attr>
<add-attr attr-name="Title">
<value timestamp="1547838608#20" type="string">Test Position</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value timestamp="1547838608#23" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="workforceID">
<value timestamp="1547838608#24" type="string">900000078</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
[01/22/19 11:16:11.420]:LDAPToVault PT:Applying schema mapping policies to input.
[01/22/19 11:16:11.420]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:16:11.420]:LDAPToVault PT: No mapping for class-name 'User'.
[01/22/19 11:16:11.421]:LDAPToVault PT:Resolving association references.
[01/22/19 11:16:11.421]:LDAPToVault PT:Applying event transformation policies.
[01/22/19 11:16:11.421]:LDAPToVault PT:Applying policy: %+C%14Cpub-etp-eventHandling%-C.
[01/22/19 11:16:11.422]:LDAPToVault PT: Applying to add #1.
[01/22/19 11:16:11.422]:LDAPToVault PT: Evaluating selection criteria for rule 'Veto Delete event and remove assocation'.
[01/22/19 11:16:11.422]:LDAPToVault PT: (if-class-name equal "User") = TRUE.
[01/22/19 11:16:11.422]:LDAPToVault PT: (if-operation equal "delete") = FALSE.
[01/22/19 11:16:11.422]:LDAPToVault PT: Rule rejected.
[01/22/19 11:16:11.422]:LDAPToVault PT: Evaluating selection criteria for rule 'Convert scApps value of "Delete" to a Delete event in the LDAP tree'.
[01/22/19 11:16:11.423]:LDAPToVault PT: (if-op-attr 'scApps' changing-to "Delete") = FALSE.
[01/22/19 11:16:11.423]:LDAPToVault PT: Rule rejected.
[01/22/19 11:16:11.423]:LDAPToVault PT:Policy returned:
[01/22/19 11:16:11.423]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190122161611.053Z" class-name="User" event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" qualified-src-dn="O=sc\OU=users\CN=mmouse" src-dn="\TVAULT-TREE\sc\users\mmouse" src-entry-id="69494" timestamp="0#0">
<association>{C9544BFE-D3E7-1846-00BC-C9544BFED3E7}</association>
<add-attr attr-name="businessCategory">
<value timestamp="1547838608#19" type="string">employees</value>
</add-attr>
<add-attr attr-name="CN">
<value naming="true" timestamp="1547838608#43" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="DirXML-PasswordSyncStatus">
<value timestamp="1547842421#1" type="string">551BD722001BA1472FA3551BD722001B20190118201341211000000000001Code(-8015) Operation vetoed by filter.</value>
</add-attr>
<add-attr attr-name="employeeType">
<value timestamp="1547838608#15" type="string">employee</value>
<value timestamp="1547838608#16" type="string">staff</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1547838608#25" type="string">Minnie Mouse</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1547838608#26" type="string">Minnie</value>
</add-attr>
<add-attr attr-name="GUID">
<value timestamp="1547838608#44" type="octet">yVRL/tPnGEYAvMlUS/7T5w==</value>
</add-attr>
<add-attr attr-name="Internet EMail Address">
<value timestamp="1547838608#22" type="string">mmouse@smith.edu</value>
</add-attr>
<add-attr attr-name="OU">
<value timestamp="1547838608#21" type="string">Facilities Management</value>
</add-attr>
<add-attr attr-name="scApps">
<value timestamp="1547838608#11" type="string">G</value>
<value timestamp="1547838608#12" type="string">L</value>
<value timestamp="1547838608#13" type="string">M</value>
<value timestamp="1547838608#14" type="string">A</value>
</add-attr>
<add-attr attr-name="scPersonDeptCode">
<value timestamp="1547838608#17" type="string">PHP</value>
<value timestamp="1547838608#18" type="string">MISC-AC</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1547838608#27" type="string">Mouse</value>
</add-attr>
<add-attr attr-name="Title">
<value timestamp="1547838608#20" type="string">Test Position</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value timestamp="1547838608#23" type="string">mmouse</value>
</add-attr>
<add-attr attr-name="workforceID">
<value timestamp="1547838608#24" type="string">900000078</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
[01/22/19 11:16:11.473]:LDAPToVault PT:No associated objects.
[01/22/19 11:16:11.473]:LDAPToVault PT:Applying publisher filter.
[01/22/19 11:16:11.473]:LDAPToVault PT: Filtered out <add class-name='User'>.
[01/22/19 11:16:11.477]:LDAPToVault PT:Fixing up association references.
[01/22/19 11:16:11.477]:LDAPToVault PT:Applying schema mapping policies to output.
[01/22/19 11:16:11.477]:LDAPToVault PT:Applying policy: %+C%14CMappingRule%-C.
[01/22/19 11:16:11.477]:LDAPToVault PT:Applying output transformation policies.
[01/22/19 11:16:11.478]:LDAPToVault PT:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[01/22/19 11:16:11.478]:LDAPToVault PT: Applying to status #1.
[01/22/19 11:16:11.478]:LDAPToVault PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
[01/22/19 11:16:11.478]:LDAPToVault PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[01/22/19 11:16:11.478]:LDAPToVault PT: Rule rejected.
[01/22/19 11:16:11.479]:LDAPToVault PT:Policy returned:
[01/22/19 11:16:11.479]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/22/19 11:16:11.484]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/22/19 11:16:11.484]:LDAPToVault PT:: Sending...
[01/22/19 11:16:11.484]:LDAPToVault PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="vault-test#20190122161611#99#1:b60094cd-5bd7-45ce-74af-cd9400b6d75b" level="warning">Code(-8015) Operation vetoed by filter.</status>
</output>
</nds>
[01/22/19 11:16:11.497]:LDAPToVault PT:: Document sent.
[01/22/19 11:16:11.497]:LDAPToVault PT:: Reusing connection
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.