Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

User create when member of groups called intra-"something"

73 views
Skip to first unread message

Michael Enevold

unread,
Sep 15, 2006, 5:11:48 PM9/15/06
to
Hi Forum

I have been struckeling with this a little special user creation on a
Oracle Internet Directory 10g hereafter OID, derived from the LDAP Driver.

I can now create only groups in OID that is named intra-"something"
that works okay.

Then i have created a Policy in the Creation Policys which i would like
to act like "Create only User objects in OID when Group Membership is
equal to intra-"something", to achieve that i created this rule:

_______________________________________________________________________
If objecClass = User
and
If Association Not Associated
and
IF Source Attribute "Group Membership" not = (RegEx) .*intra-.*
then
Veto
_______________________________________________________________________

!!When user is removed from all Groups called intra-"something" user
will/should be deleted in OID.
_______________________________________________________________________
If objecClass = User
and
If Association Associated
and
IF Source Attribute "Group Membership" not = (RegEx) .*intra-.*
then
remove association (direct=true)
Delete Destination object
_______________________________________________________________________

When i try to now to put a user in one of my synced OID Groups
intra-"something" i get the following Trace:

________________________________________________________________________
14:08:52 61A22BB0 Drvrs: OID ST: Filtering out notification-only attributes.
14:08:52 61A22BB0 Drvrs: OID ST: Fixing up association references.
14:08:52 61A22BB0 Drvrs: OID ST:
DirXML Log Event -------------------
Driver: \MP-META\MP\Server\IDMDriverSet01\OID
Channel: Subscriber
Object: \MP-META\MP\Department\Groups\intra-1
Status: Warning
Message: Code(-8003) Unable to synchronize reference to
\MP-META\MP\Department\dddd from attribute Member.
14:08:52 61A22BB0 Drvrs: OID ST: Applying schema mapping policies to output.
14:08:52 61A22BB0 Drvrs: OID ST: Mapping attr-name 'Member' to
'uniqueMember'.
14:08:52 61A22BB0 Drvrs: OID ST: Mapping class-name 'Group' to
'groupOfUniqueNames'.
14:08:52 61A22BB0 Drvrs: OID ST: Applying output transformation policies.
14:08:52 61A22BB0 Drvrs: OID ST: Applying policy: 'Email notifications
for failed password publications'.
14:08:52 61A22BB0 Drvrs: OID ST: Applying to modify #1.
14:08:52 61A22BB0 Drvrs: OID ST: Evaluating selection criteria for rule
'Send e-mail for a failed publish password operation'.
14:08:52 61A22BB0 Drvrs: OID ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:08:52 61A22BB0 Drvrs: OID ST: (if-operation equal "status") = FALSE.
14:08:52 61A22BB0 Drvrs: OID ST: Rule rejected.
14:08:52 61A22BB0 Drvrs: OID ST: Policy returned:
14:08:52 61A22BB0 Drvrs: OID ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="groupOfUniqueNames"
event-id="mp-oes-l2-meta#20060916210852#1#13"
qualified-src-dn="O=MP\OU=Department\OU=Groups\CN=intra-1"
src-dn="\MP-META\MP\Department\Groups\intra-1" src-entry-id="33497"
timestamp="1158440932#13">
<association
state="associated">cn=intra-1,cn=portal_groups,cn=groups,dc=enevold,dc=net</association>
<modify-attr attr-name="uniqueMember">
<add-value>
<value timestamp="1158440932#13"
type="dn">\MP-META\MP\Department\dddd</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
14:08:52 61A22BB0 Drvrs: OID ST: Submitting document to subscriber shim:
14:08:52 61A22BB0 Drvrs: OID ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="groupOfUniqueNames"
event-id="mp-oes-l2-meta#20060916210852#1#13"
qualified-src-dn="O=MP\OU=Department\OU=Groups\CN=intra-1"
src-dn="\MP-META\MP\Department\Groups\intra-1" src-entry-id="33497"
timestamp="1158440932#13">
<association
state="associated">cn=intra-1,cn=portal_groups,cn=groups,dc=enevold,dc=net</association>
<modify-attr attr-name="uniqueMember">
<add-value>
<value timestamp="1158440932#13"
type="dn">\MP-META\MP\Department\dddd</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
14:08:52 61A22BB0 Drvrs: OID ST: OID: LDAPSub.performModifyOperation()
\MP-META\MP\Department\dddd refers to an unassociated entry. It will be
dropped.
14:08:52 61A22BB0 Drvrs: OID ST: OID: LDAPSub.performModifyOperation()
Attribute uniqueMember does not have a value
14:08:52 61A22BB0 Drvrs: OID ST: OID: LDAPSub.performModifyOperation()
No modifications to apply.
14:08:52 61A22BB0 Drvrs: OID ST: SubscriptionShim.execute() returned:
14:08:52 61A22BB0 Drvrs: OID ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20060630_1616 " instance="OID" version="1.9.2">Identity
Manager Driver for LDAP</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="mp-oes-l2-meta#20060916210852#1#13" level="success"/>
</output>
</nds>
14:08:52 61A22BB0 Drvrs: OID ST: Applying input transformation policies.
14:08:52 61A22BB0 Drvrs: OID ST: Applying policy: 'Email notifications
for failed password subscriptions'.
14:08:52 61A22BB0 Drvrs: OID ST: Applying to status #1.
14:08:52 61A22BB0 Drvrs: OID ST: Evaluating selection criteria for rule
'Send e-mail on a failure when subscribing to passwords'.
14:08:52 61A22BB0 Drvrs: OID ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:08:52 61A22BB0 Drvrs: OID ST: (if-operation equal "status") = TRUE.
14:08:52 61A22BB0 Drvrs: OID ST: (if-xpath true "self::status[@level !=
'success'][text() !=
'']/operation-data/password-subscribe-status/association[text() != '']")
= FALSE.
14:08:52 61A22BB0 Drvrs: OID ST: Rule rejected.
14:08:52 61A22BB0 Drvrs: OID ST: Evaluating selection criteria for rule
'Send e-mail on failure to reset connected system password using the
Identity Vault password'.
14:08:52 61A22BB0 Drvrs: OID ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:08:52 61A22BB0 Drvrs: OID ST: (if-operation equal "status") = TRUE.
14:08:52 61A22BB0 Drvrs: OID ST: (if-xpath true "self::status[@level !=
'success']/operation-data/password-reset-status") = FALSE.
14:08:52 61A22BB0 Drvrs: OID ST: Rule rejected.
14:08:52 61A22BB0 Drvrs: OID ST: Policy returned:
14:08:52 61A22BB0 Drvrs: OID ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20060630_1616 " instance="OID" version="1.9.2">Identity
Manager Driver for LDAP</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="mp-oes-l2-meta#20060916210852#1#13" level="success"/>
</output>
</nds>
14:08:52 61A22BB0 Drvrs: OID ST: Applying schema mapping policies to input.
14:08:52 61A22BB0 Drvrs: OID ST: Resolving association references.
14:08:52 61A22BB0 Drvrs: OID ST: Processing returned document.
14:08:52 61A22BB0 Drvrs: OID ST: Processing operation <status> for .
14:08:52 61A22BB0 Drvrs: OID ST:
DirXML Log Event -------------------
Driver: \MP-META\MP\Server\IDMDriverSet01\OID
Channel: Subscriber
Object: \MP-META\MP\Department\Groups\intra-1
Status: Success
14:08:52 61A22BB0 Drvrs: OID ST: End transaction.
________________________________________________________________________

Wonder if anyone have an idea of the problem, that i do get an error on
the user creation

- Michael

Shon Vella

unread,
Sep 15, 2006, 6:33:51 PM9/15/06
to
This sounds like a question more suitable to the support forum than the
driver developer forum.

--

Shon

Michael Enevold

unread,
Sep 16, 2006, 6:21:31 AM9/16/06
to
Hi Shon

Ahh, i guess i was standing on the wrong group when posting, this is now
moved to support forum instead thanks

- Michael

0 new messages