Environment
Novell Identity Manager 3.6
Novell Identity Manager Driver - LDAP
Novell Identity Manager Driver - LDAP
Situation
When synchronizing binary attributes (like photo, or jpegPhoto) the driver fails with:
Message: Code(-9010) An exception occurred: java.lang.IllegalArgumentException: Attribute value cannot be null
at com.novell.ldap.LDAPAttribute.addBase64Value(Unknown Source)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscriber.performModifyOperation(LDAPSubscriber.java:460)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscriptionShim.execute(LDAPSubscriptionShim.java:157)
at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:447)
at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:282)
at com.novell.nds.dirxml.engine.Subscriber$ModifyProcessor.process(Subscriber.java:1430)
....
Message: Code(-9010) An exception occurred: java.lang.IllegalArgumentException: Attribute value cannot be null
at com.novell.ldap.LDAPAttribute.addBase64Value(Unknown Source)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscriber.performModifyOperation(LDAPSubscriber.java:460)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscriptionShim.execute(LDAPSubscriptionShim.java:157)
at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:447)
at com.novell.nds.dirxml.engine.Subscriber.execute(Subscriber.java:282)
at com.novell.nds.dirxml.engine.Subscriber$ModifyProcessor.process(Subscriber.java:1430)
....
Resolution
The workaround is to manually maintain these attribtues.
On the Subscriber Command Transformation, or Subscriber Output Transformation add the following policy (the photo attribute is used as an example):
<policy>
<rule>
<description>is photo</description>
<conditions>
<and>
<if-op-attr name="photo" op="available"/>
</and>
</conditions>
<actions>
<do-strip-xpath expression="*//value/@type"/>
</actions>
</rule>
</policy>
That way the Shim will not try to Base64 encode the attribute.
This might not work with all ldapservers, in which case contact Novell Support.
On the Subscriber Command Transformation, or Subscriber Output Transformation add the following policy (the photo attribute is used as an example):
<policy>
<rule>
<description>is photo</description>
<conditions>
<and>
<if-op-attr name="photo" op="available"/>
</and>
</conditions>
<actions>
<do-strip-xpath expression="*//value/@type"/>
</actions>
</rule>
</policy>
That way the Shim will not try to Base64 encode the attribute.
This might not work with all ldapservers, in which case contact Novell Support.
Additional Information
This have been reported to engineering.