Environment
NetIQ Identity Manager Driver - Groupwise
Novell Identity Manager Driver - Groupwise
Situation
When attempting to add an object via the GroupWise driver an error is returned from the shim as shown below:
[05/21/12 16:41:58.421]:gw ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20090316_1317" instance="GroupWise" version="3.5.3 (win32)">DirXML Driver for GroupWise</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status code="java.lang.Exception: Invalid Post Office or Domain specified: Resources\Cluster\GWPO" event-id="IDMSERVER#20120521204157#1#1" level="error" type="app-general">
<code>java.lang.Exception: Invalid Post Office or Domain specified: Resources\Cluster\GWPO</code>
<description>GroupWise Error</description>
<object-dn>\TREE\ORG\GW\testUser0</object-dn>
</status>
<status code="No GroupWise ID" event-id="IDMSERVER#20120521204157#1#1" level="error" type="password-set-operation">
<code>No GroupWise ID</code>
<description>Event failed. This driver's DirXML association for this object has been removed.</description>
<object-dn>\TREE\ORG\GW\testUser0</object-dn>
</status>
</output>
</nds>
In this case the error followed a query back to eDirectory by the shim for information on the Post Office object in eDirectory:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20090316_1317" instance="GroupWise" version="3.5.3 (win32)">DirXML Driver for GroupWise</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="GroupWise Post Office" dest-dn="Resources\Cluster\GWPO" event-id="gw6" scope="entry">
<read-attr attr-name="NGW: GroupWise ID"/>
</query>
</input>
</nds>
The resulting response to the query appears below:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="Volume" event-id="gw6" qualified-src-dn="O=Resources\OU=Cluster\CN=GWPO" src-dn="\TREE\Resources\Cluster\GWPO" src-entry-id="12345"/>
<status event-id="gw6" level="success"></status>
</output>
</nds>
The return document lacks the queried attribute which is going to cause the shim to see this object as invalid.
[05/21/12 16:41:58.421]:gw ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20090316_1317" instance="GroupWise" version="3.5.3 (win32)">DirXML Driver for GroupWise</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status code="java.lang.Exception: Invalid Post Office or Domain specified: Resources\Cluster\GWPO" event-id="IDMSERVER#20120521204157#1#1" level="error" type="app-general">
<code>java.lang.Exception: Invalid Post Office or Domain specified: Resources\Cluster\GWPO</code>
<description>GroupWise Error</description>
<object-dn>\TREE\ORG\GW\testUser0</object-dn>
</status>
<status code="No GroupWise ID" event-id="IDMSERVER#20120521204157#1#1" level="error" type="password-set-operation">
<code>No GroupWise ID</code>
<description>Event failed. This driver's DirXML association for this object has been removed.</description>
<object-dn>\TREE\ORG\GW\testUser0</object-dn>
</status>
</output>
</nds>
In this case the error followed a query back to eDirectory by the shim for information on the Post Office object in eDirectory:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20090316_1317" instance="GroupWise" version="3.5.3 (win32)">DirXML Driver for GroupWise</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="GroupWise Post Office" dest-dn="Resources\Cluster\GWPO" event-id="gw6" scope="entry">
<read-attr attr-name="NGW: GroupWise ID"/>
</query>
</input>
</nds>
The resulting response to the query appears below:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="Volume" event-id="gw6" qualified-src-dn="O=Resources\OU=Cluster\CN=GWPO" src-dn="\TREE\Resources\Cluster\GWPO" src-entry-id="12345"/>
<status event-id="gw6" level="success"></status>
</output>
</nds>
The return document lacks the queried attribute which is going to cause the shim to see this object as invalid.
Resolution
The output document returning from the query lacks the identifier needed by the shim for placement. The reason it is missing, though, is because the administrator was pointing to an invalid object in the driver configuration. The placement of the user object was specified to an object which was of class 'Volume' (as in, an NSS Volume) within eDirectory that happened to have the same name as the post office object in another part of the tree.
This can be seen in the query result where the object class has changed from 'Groupwise Post Office' to 'Volume. Because a Volume object cannot have a Groupwise ID attribute the query would always return as it did, finding the object properly but not finding the needed attribute. Placement to another Post Office, if specified correctly, could have worked.
This can be seen in the query result where the object class has changed from 'Groupwise Post Office' to 'Volume. Because a Volume object cannot have a Groupwise ID attribute the query would always return as it did, finding the object properly but not finding the needed attribute. Placement to another Post Office, if specified correctly, could have worked.
Cause
The Groupwise driver config object in the vault was misconfigured and attempting to place objects within an object in eDirectory that was not a Groupwise Post Office (PO). In this case the misconfiguration happened because the PO was named the same as a Volume object in eDirectory, though the Volume object was the one chosen from Designer using the object selector.