eDir2eDir Driver IDM 3.01 Certificate problem
boy...@gmail.com
Setup :
IDVault running on SLES 10, with edir 8.7.3.9, SSP 204 installed and
iman 2.6
Production tree : Netware 65sp6, edir 8.7.3.9, SSP204 installed and
iman 2.6
NMAS methods installed universal passwords working etc etc
Designer is version 2.0.0 Build id: 20070315
Right the problem lies within the SSL certificates.
If i choose not to have SSL enabled then the syncronisation between
the 2 vaults works perfectly. If i then do one of the following :
Use designer to create nds-to-nds certificates, or if i do them
manually as in a TID provided by novell or if i do them using the
wizard in either imanager from either tree i get the following trace
errors. I have searched and searched and not convinced there is an
answer to this.
The SLES box is newly configured, pretty much standard stuff.
I downloaded SDIdiag and ran from a windows box which returned with no
errors, the same with pkidiag and sdidiag from the netware server, all
good.
I have no idea why the certificates wouldnt work. Console one ev en
says there valid. IDM however does not like them.
I need it working as i need passwords to by syncronised between the
tree's
Please help
Trace :
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Filtering out
notification-only attributes.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Pumping XDS to
eDirectory.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Performing operation
status for .
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
DirXML Log Event -------------------
Driver: \UCCHI\UCCHI\Services\eDirDriverSet\IDM Vault Driver
Channel: Publisher
Status: Error
Message: java.io.IOException: SSL handshake failed, SSL_ERROR_SYSCALL,
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Fixing up association
references.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping
policies.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying output
transformation policies.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password publications'.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password
operation'.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"status") = TRUE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true
"self::status[@level != 'success']/operation-data/password-publish-
status") = FALSE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: : Need new connection;
Waiting for remote Subscriber to connect...
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Receiving DOM document
from application.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying input
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password subscriptions'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail on a failure when subscribing to
passwords'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true
"self::status[@level != 'success'][text() != '']/operation-data/
password-subscribe-status/association[text() != '']") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail on failure to reset connected system
password using the Identity Manager data store password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true
"self::status[@level != 'success']/operation-data/password-reset-
status") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping
policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Resolving association
references.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No event transformation
policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying publisher
filter.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Publisher processing
status for .
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying command
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy:
'Publish Passwords'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block publishing passwords to Identity Manager data
store when adding a object'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'enable-password-publish' equal "false") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block sending modify-password changes to the
Identity Manager data store'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'enable-password-publish' equal "false") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy:
'Publish passwords to NMAS distribution password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add nspmDistributionAttribute attribute to add
operation'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'publish-password-to-dp' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Change modify-password operations to a modify'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'publish-password-to-dp' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify-password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy:
'Publish passwords to NDS password.'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block publishing passwords to NDS password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'publish-password-to-nds' equal "false") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block sending modify-password changes to the NDS
password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'publish-password-to-nds' equal "false") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify-password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy:
'Publish password payloads'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add operation-data element to password operations'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify-password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add payload data to password operations'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify-password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"modify") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy:
Password(Pub)-Password Expiration Time.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Password Expiration Time'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-op-attr
'nspmDistributionPassword' available) = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: Add
Container.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Create Departmental
Container - Part 1'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Create Departmental
Container - Part 2'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-local-variable 'does-
target-exist' available) = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: veto
Deletes - Temporary.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Publisher Delete to
Disable'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"delete") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: Email
New User Details.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Email Creation Details to IT Dept'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"add") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Filtering out
notification-only attributes.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Pumping XDS to
eDirectory.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Performing operation
status for .
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
DirXML Log Event -------------------
Driver: \UCCHI\UCCHI\Services\eDirDriverSet\IDM Vault Driver
Channel: Publisher
Status: Error
Message: java.io.IOException: SSL handshake failed, SSL_ERROR_SYSCALL,
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Fixing up association
references.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping
policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying output
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password publications'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password
operation'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal
"status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true
"self::status[@level != 'success']/operation-data/password-publish-
status") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: : Need new connection;
Waiting for remote Subscriber to connect...
Trace from idvault side
16:05:44 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping
policies.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST: Resolving association
references.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST: Requesting 30 second
retry delay.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST:
DirXML Log Event -------------------
Driver: \IDVAULT\idm\Services\IDMDriverSet\eDirectory Driver
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating
that the operation should be retried later. Detail from driver:
java.io.IOException: SSL handshake failed, SSL_ERROR_ZERO_RETURN,
error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Start transaction.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Processing events for
transaction.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying event
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: Scope
Filtering.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Event Transformation - Scope Filtering - Include
subtree(s)'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-src-dn not-in-
subtree "idm\Staff") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-src-dn not-in-
subtree "idm\Students") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Subscriber processing
modify for \IDVAULT\idm\Students\testuser.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying command
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy:
'Transform NMAS attribute to password elements'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Convert adds of the nspmDistributionPassword
attribute to password elements'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"add") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block modifies for failed password publish
operations if reset password if false'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'reset-external-password-on-failure' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Convert modifies of a nspmDistributionPassword
attribute to a modify password operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"modify") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-op-attr
'nspmDistributionPassword' available) = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block empty modify operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"modify") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath not-true
"modify-attr") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy:
Password(Sub)-Default Password Policy.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'On User add, provide default password of Dirxml1 if
none exists'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"add") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy:
'Subscribe to password changes'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block subscribing to passwords when objects are
added'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block subscribing to password modifications'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy:
'Payloads for subscribe to password changes'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add operation-data element to password subscribe
operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"add") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add payload data to a reset password from a failed
password publish operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add operation-data element to password subscribe
operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"add") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Filtering out
notification-only attributes.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Fixing up association
references.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping
policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying output
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: 'Email
notifications for failed password publications'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password
operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"status") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Submitting document to
subscriber shim:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28"
qualified-src-dn="O=idm\OU=Students\CN=testuser" src-dn="\IDVAULT\idm
\Students\testuser" src-entry-id="33005" timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-
AC7D-000BCD9E83F6}</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Need new connection.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Connecting to remote
Publisher at 194.66.216.251:8196
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Creating an
NTLSSocket
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
SubscriptionShim.execute() returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0">
<source>
<product instance="eDirectory Driver" version="3.0.10.20060630
">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="retry" type="app-connection">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac</status>
</output>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying input
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: 'Email
notifications for failed password subscriptions'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to status #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail on a failure when subscribing to
passwords'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"status") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath true
"self::status[@level != 'success'][text() != '']/operation-data/
password-subscribe-status/association[text() != '']") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail on failure to reset connected system
password using the Identity Manager data store password'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal
"status") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath true
"self::status[@level != 'success']/operation-data/password-reset-
status") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0">
<source>
<product instance="eDirectory Driver" version="3.0.10.20060630
">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="retry" type="app-connection">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac</status>
</output>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping
policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver
Marcel Cox
You posted to a dead newsgroup which is no longer part of the official
Novell support hierarchy. I suggest you visit
http://support.novell.com/forums and post to one of the official
Novell newsgroups.
Marcel