(Error -678) An ACL for the object already exists.

  • 7003902
  • 17-Jul-2009
  • 26-Apr-2012

Environment

Novell eDirectory 8.7.3.9 for NetWare 6.5
Novell ZENworks 7 Server Management Support Pack 1 - ZSM7 SP1 Tiered Electronic Distribution (TED)

Situation

When distributing an application object to a subscriber, the distribution would fail to properly create the object.
Looking in ConsoleOne it could be seen that the associations where missing from the object. The TED.LOG file showed the following:
 
*** Exception: com.novell.admin.common.exceptions.UniqueSPIException: (Error -678) An ACL for the object already exists.
This usually happens only while merging a tree. The error indicates that the context is invalid.
2009.06.24 03:02:58 [TED:Extract data:\zenworks\pds\ted\sub\customerdistr06.dist.zfs.tr 245632435599]
com.novell.admin.common.exceptions.UniqueSPIException: (Error -678) An ACL for the object already exists.
This usually happens only while merging a tree. The error indicates that the context is invalid.
 at com.novell.admin.common.exceptions.UniqueSPIException.newException(UniqueSPIException.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.resolveSPIException(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.setAttribute(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.modifyAttribute(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.update(NDSNamespaceImpl.java)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.AddRelAssocACL(ApplicationObject.java:665)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.addAssociations(ApplicationObject.java:556)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.copyApplicationObject(ApplicationObject.java:3007)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.buildAppObject(TEDNalSequentialExtractAgent.java:424)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.createNewApplication(TEDNalSequentialExtractAgent.java:1507)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.processTimeStampBuild(TEDNalSequentialExtractAgent.java:2453)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.sequentialExtract(TEDNalSequentialExtractAgent.java:2214)
 at com.novell.application.zenworks.ted.agents.TEDSequentialExtractAgent.extractDistribution(TEDSequentialExtractAgent.java:320)
 at com.novell.application.zenworks.ted.agents.ReceiverAgentThread.runAgent(ReceiverAgentThread.java:104)
 at com.novell.application.zenworks.ted.agents.AgentThread.run(AgentThread.java:108)
2009.06.24 03:02:58 [TED:Event Processing] Handle Event: com.novell.application.zenworks.ted.event.AgentEvent@168e429
2009.06.24 03:02:58 [TED:Event Processing] *** Exception: com.novell.admin.common.exceptions.UniqueSPIException: (Error -678) An ACL for the object
already exists. This usually happens only while merging a tree. The error indicates that the context is invalid.
2009.06.24 03:02:58 [TED:Event Processing] com.novell.admin.common.exceptions.UniqueSPIException: (Error -678) An ACL for the object already exists.
This usually happens only while merging a tree. The error indicates that the context is invalid.
 at com.novell.admin.common.exceptions.UniqueSPIException.newException(UniqueSPIException.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.resolveSPIException(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.setAttribute(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.modifyAttribute(NDSNamespaceImpl.java)
 at com.novell.admin.ns.nds.jndi.NDSNamespaceImpl.update(NDSNamespaceImpl.java)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.AddRelAssocACL(ApplicationObject.java:665)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.addAssociations(ApplicationObject.java:556)
 at com.novell.application.zenworks.nalted.application.ApplicationObject.copyApplicationObject(ApplicationObject.java:3007)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.buildAppObject(TEDNalSequentialExtractAgent.java:424)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.createNewApplication(TEDNalSequentialExtractAgent.java:1507)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.processTimeStampBuild(TEDNalSequentialExtractAgent.java:2453)
 at com.novell.application.zenworks.nalted.tedagent.TEDNalSequentialExtractAgent.sequentialExtract(TEDNalSequentialExtractAgent.java:2214)
 at com.novell.application.zenworks.ted.agents.TEDSequentialExtractAgent.extractDistribution(TEDSequentialExtractAgent.java:320)
 at com.novell.application.zenworks.ted.agents.ReceiverAgentThread.runAgent(ReceiverAgentThread.java:104)
 at com.novell.application.zenworks.ted.agents.AgentThread.run(AgentThread.java:108)
 
A dstrace during the creation of the application object identified that ZENworks Server Managment was trying to add two ACLs, app:associations and description to the group object associated with the application, but that these ALCs already exist on this object, they also had write rights which should not be the case, the distrubion would fail
 
 

Resolution

Using ConsoleOne select the object in question, in "Properties" select "NDS rights" tab, and then click on "Effective Rights" select the ACLs and delete them, then refresh the distributor.
 
 

Feedback service temporarily unavailable. For content questions or problems, please contact Support.