Bidirectional eDir Driver - LDAPInterface.registerDriverInstance() : Exception occured while registration - Other

  • 7017725
  • 15-Jun-2016
  • 15-Jun-2016

Environment


NetIQ Identity Manager 4.5.x
NetIQ Identity Manager Driver - Bidirectional eDirectory Driver

Situation

Driver will not connect to remote side, the following is seen in the trace.

[06/14/16 14:56:11.232]:Bi-directional eDirectory PT:Bi-directional eDirectory: OpenLDAPConnection - Connect to the server
[06/14/16 14:56:11.233]:Bi-directional eDirectory PT:Bi-directional eDirectory: Opening SSL connection
[06/14/16 14:56:11.288]:Bi-directional eDirectory PT:Bi-directional eDirectory: Host name: 192.168.1.1
[06/14/16 14:56:11.288]:Bi-directional eDirectory PT:Bi-directional eDirectory: Port: 636
[06/14/16 14:56:11.289]:Bi-directional eDirectory PT:Bi-directional eDirectory: DN: cn=admin,o=novell
[06/14/16 14:56:11.289]:Bi-directional eDirectory PT:Bi-directional eDirectory: Protocol version=3
[06/14/16 14:56:11.289]:Bi-directional eDirectory PT:Bi-directional eDirectory: SDK version=4.6
[06/14/16 14:56:11.289]:Bi-directional eDirectory PT:Bi-directional eDirectory: EdirPublisher - Initiating agent registration...
[06/14/16 14:56:11.291]:Bi-directional eDirectory PT:Bi-directional eDirectory: LDAPInterface.registerDriverInstance() : Exception occured while registration - Other
[06/14/16 14:56:11.291]:Bi-directional eDirectory PT:Bi-directional eDirectory: Cannot establish ldap connection to remote eDir yet ... waiting for 30 sec.
[06/14/16 14:56:41.292]:Bi-directional eDirectory PT:Bi-directional eDirectory: EdirPublisher - Initiating agent registration...
[06/14/16 14:56:41.294]:Bi-directional eDirectory PT:Bi-directional eDirectory: LDAPInterface.registerDriverInstance() : Exception occured while registration - Other
[06/14/16 14:56:41.294]:Bi-directional eDirectory PT:Bi-directional eDirectory: Cannot establish ldap connection to remote eDir yet ... waiting for 30 sec.
[06/14/16 14:57:11.295]:Bi-directional eDirectory PT:Bi-directional eDirectory: EdirPublisher - Initiating agent registration...
[06/14/16 14:57:11.297]:Bi-directional eDirectory PT:Bi-directional eDirectory: LDAPInterface.registerDriverInstance() : Exception occured while registration - Other
[06/14/16 14:57:11.297]:Bi-directional eDirectory PT:Bi-directional eDirectory: Cannot establish ldap connection to remote eDir yet ... waiting for 30 sec.
[06/14/16 14:57:41.298]:Bi-directional eDirectory PT:Bi-directional eDirectory: EdirPublisher - Initiating agent registration...

Resolution

Found bad rule in the Publisher Input Transformation Policy that was vetoing all events.   This vetoed the startup events for the driver and caused the driver to fail to connect upon startup.    Disabling that rule allowed the driver to connect.

Additional notes on the - Other error.
- Make sure that the security equals on the driver is set to a admin user.
- Make sure the change log modules are installed on the remote connected side

Cause

Here is the rule with the issue.    Note that it is executing on ALL objects, as no logic for a specific user class is present.    (if class name = User)

[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:Applying policy: %+C%14CNOVLEDIR2ENT-itp-InitEntitlementConfigurationResource%-C.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:  Applying to query #1.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:    Evaluating selection criteria for rule 'Veto Sub Student containers novell\STUDENT\LAB'.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:      (if-src-dn in-container "novell\STUDENT\LAB") = FALSE.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:      (if-src-dn in-container "novell\STUDENT\ORG") = FALSE.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:      (if-src-dn not-in-container "novell\STUDENT\STUDENTMAIL") = TRUE.
[06/14/16 14:55:41.221]:Bi-directional eDirectory PT:    Rule selected.
[06/14/16 14:55:41.222]:Bi-directional eDirectory PT:    Applying rule 'Veto Sub Student containers novell\STUDENT\LAB'.
[06/14/16 14:55:41.222]:Bi-directional eDirectory PT:      Action: do-veto().