Using IDM 3.5.1 on OES 2
Remote Loader on Win 2003 server
Connection to remote loader is good, password sync works flawlessly.
First of all when I start the AD driver, I get this message:
Message 11:
Fri Jul 18 14:49:30 CDT 2008
Error
No description provided.
Code(-9046) Invalid password specified for <check-password>.
This is the publisher channel status log on the AD driver.
Secondly, when I create a group or user in eDirectory (8.8) it crashes AD and I have to reconnect to a domain controller on my 2003 server to see the AD database.
Someone wrote all these drivers and then took off, and now I'm having to learn from scratch.
Here's most of a level 3 trace....it't too big to put all of it here, hope this is enough:
14:51:30 A8FC7BA0 Drvrs: AD :Remote Interface Driver: Received document for subscriber channel
14:51:30 A8FC7BA0 Drvrs: AD :Remote Interface Driver: Waiting for receive...
14:51:30 FE5FABA0 Drvrs: AD ST:Restoring operation data to output document
14:51:30 FE5FABA0 Drvrs: AD ST:SubscriptionShim.execute() returned:
14:51:30 FE5FABA0 Drvrs: AD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070122_093000" instance="\WFISD\WFISD\SERVICES\prod\AD" version="3.5.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="NDS02#20080718195130#1#1" level="error" type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00002011: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8209"/>
</ldap-err>
<operation-data unmatched-src-dn="CN=BasicGroup,OU=TECH_SUPPORT"/>
</status>
</output>
</nds>
14:51:30 FE5FABA0 Drvrs: AD ST:Applying input transformation policies.
14:51:30 FE5FABA0 Drvrs: AD ST:Applying policy: 'Convert selected attributes to a form most commonly used in the Identity Vault.'.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying to status #1.
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule selected.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying rule 'streetAddress: Convert CR-LF to LF'.
14:51:30 FE5FABA0 Drvrs: AD ST: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule selected.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
14:51:30 FE5FABA0 Drvrs: AD ST: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule selected.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying rule 'accountExpires: Convert to Identity Vault time format'.
14:51:30 FE5FABA0 Drvrs: AD ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule selected.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
14:51:30 FE5FABA0 Drvrs: AD ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
14:51:30 FE5FABA0 Drvrs: AD ST:Policy returned:
14:51:30 FE5FABA0 Drvrs: AD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070122_093000" instance="\WFISD\WFISD\SERVICES\prod\AD" version="3.5.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="NDS02#20080718195130#1#1" level="error" type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00002011: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8209"/>
</ldap-err>
<operation-data unmatched-src-dn="CN=BasicGroup,OU=TECH_SUPPORT"/>
</status>
</output>
</nds>
14:51:30 FE5FABA0 Drvrs: AD ST:Applying policy: 'Email notifications for failed password subscriptions'.
14:51:30 FE5FABA0 Drvrs: AD ST: Applying to status #1.
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-operation equal "status") = TRUE.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule rejected.
14:51:30 FE5FABA0 Drvrs: AD ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-operation equal "status") = TRUE.
14:51:30 FE5FABA0 Drvrs: AD ST: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
14:51:30 FE5FABA0 Drvrs: AD ST: Rule rejected.
14:51:30 FE5FABA0 Drvrs: AD ST:Policy returned:
14:51:30 FE5FABA0 Drvrs: AD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070122_093000" instance="\WFISD\WFISD\SERVICES\prod\AD" version="3.5.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="NDS02#20080718195130#1#1" level="error" type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00002011: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8209"/>
</ldap-err>
<operation-data unmatched-src-dn="CN=BasicGroup,OU=TECH_SUPPORT"/>
</status>
</output>
</nds>
14:51:30 FE5FABA0 Drvrs: AD ST:Applying schema mapping policies to input.
14:51:30 FE5FABA0 Drvrs: AD ST:Applying policy: SchemaMapping.
14:51:30 FE5FABA0 Drvrs: AD ST:Resolving association references.
14:51:30 FE5FABA0 Drvrs: AD ST:Processing returned document.
14:51:30 FE5FABA0 Drvrs: AD ST:Processing operation <status> for .
14:51:30 FE5FABA0 Drvrs: AD ST:
DirXML Log Event -------------------
Driver: \WFISD\WFISD\SERVICES\prod\AD
Channel: Subscriber
Object: \WFISD\WFISD\TECH_SUPPORT\BasicGroup
Status: Error
Message: <ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00002011: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8209"/>
</ldap-err>
Trying to Create Group in Edir. and sync to AD
Threaded Mode
