On 6/21/2012 8:06 AM, nishita jain wrote:
>
> Hi,
>
> I'm synchronizing users from SUN to Novell. One of my objectives is to
> set the value of attribute nspmPasswordPolicyDN in the migrated user in
> Novell LDAP.
>
> To achieve this I have written a policy in Input Transformation
> Policies with rules as below:
>
>>
>> if class name equal "inetOrgPerson" And if operation equal "modify"
>> set destination attribute value ("nspmPasswordPolicyDN",
>> "Security\Password Policies\AdminPasswordPolicy")
>>


This is basically correct, in the context of the action you need to
perform and the syntax.

However, the problem is the location where it executes. If you move
this into the Pub-Command transform, (and change the inetOrgPerson to
User) it should work fine.

The problem is a DN in LDAP is clearly not going to match a DN in eDir.
S o the engine wants to convert it. Which it does for all type=DN
attributes.

Now it turns out, you could try to set the attribute type as a string
with the proper value and it should work in the ITP as well.



> I have created a password policy "AdminPasswordPolicy" inside
> Security.Password Policies
>
> Now when I modify any of the Users in Sun LDAP, driver applies the
> above policy but throws error, logs are
>
>>
>> [06/21/12 05:20:12.594]:SUN LDAP Driver PT:Applying policy: %+C%14Cset
>> password policy dn in User%-C.
>> [06/21/12 05:20:12.595]:SUN LDAP Driver PT: Applying to modify #1.
>> [06/21/12 05:20:12.595]:SUN LDAP Driver PT: Evaluating selection
>> criteria for rule 'set password policy dn'.
>> [06/21/12 05:20:12.595]:SUN LDAP Driver PT: (if-class-name equal
>> "inetOrgPerson") = TRUE.
>> [06/21/12 05:20:12.595]:SUN LDAP Driver PT: (if-operation equal
>> "modify") = TRUE.
>> [06/21/12 05:20:12.596]:SUN LDAP Driver PT: Rule selected.
>> [06/21/12 05:20:12.596]:SUN LDAP Driver PT: Applying rule 'set
>> password policy dn'.
>> [06/21/12 05:20:12.628]:SUN LDAP Driver PT: Action:
>> do-set-dest-attr-value("nspmPasswordPolicyDN","Security\Password
>> Policies\AdminPasswordPolicy").
>> [06/21/12 05:20:12.629]:SUN LDAP Driver PT:
>> arg-string("Security\Password Policies\AdminPasswordPolicy")
>> [06/21/12 05:20:12.629]:SUN LDAP Driver PT:
>> token-text("Security\Password Policies\AdminPasswordPolicy")
>> [06/21/12 05:20:12.629]:SUN LDAP Driver PT: Arg Value:
>> "Security\Password Policies\AdminPasswordPolicy".
>> [06/21/12 05:20:12.630]:SUN LDAP Driver PT:Policy returned:
>> [06/21/12 05:20:12.631]:SUN LDAP Driver PT:
>> <nds dtdversion="2.0">
>> <source>
>> <product build="20110402_114224" instance="Sun LDAP Driver"
>> version="3.5.13">Identity Manager Driver for LDAP</product>
>> <contact>Novell, Inc.</contact>
>> </source>
>> <input>
>> <modify class-name="inetOrgPerson"
>> src-dn="uid=NCheck4,ou=People,o=AccessManager,o=abc.co m">
>>
>> <association>uid=ncheck4,ou=people,o=accessmanager ,o=abc.com</association>
>> <modify-attr attr-name="nspmPasswordPolicyDN">
>> <remove-all-values/>
>> <add-value>
>> <value type="dn">Security\Password
>> Policies\AdminPasswordPolicy</value>
>> </add-value>
>> </modify-attr>
>> </modify>
>> </input>
>> </nds>
>> [06/21/12 05:20:12.686]:SUN LDAP Driver PT:Applying schema mapping
>> policies to input.
>> [06/21/12 05:20:12.686]:SUN LDAP Driver PT:Applying policy:
>> %+C%14CNOVLLDAPASTS-smp%-C.
>> [06/21/12 05:20:12.686]:SUN LDAP Driver PT: No mapping for class-name
>> 'inetOrgPerson'.
>> [06/21/12 05:20:12.687]:SUN LDAP Driver PT:Applying policy:
>> %+C%14CNOVLLDAPDCFG-smp%-C.
>> [06/21/12 05:20:12.687]:SUN LDAP Driver PT: Mapping class-name
>> 'inetOrgPerson' to 'User'.
>> [06/21/12 05:20:12.689]:SUN LDAP Driver PT:Resolving association
>> references.
>> [06/21/12 05:20:12.689]:SUN LDAP Driver PT:
>> DirXML Log Event -------------------
>> Driver: \IDV-TURING-IDM\abcnet\services\idm\Driver Set\Sun LDAP
>> Driver
>> Channel: Publisher
>> Status: Warning
>> *-Message: Code(-8003) Unable to synchronize reference to
>> Security\Password Policies\AdminPasswordPolicy from attribute
>> nspmPasswordPolicyDN-*.
>>

>
> After above error message, the value of nspmPasswordPolicyDN is removed
> from the XML and finally when the user gets modified in Novell LDAP,
> this attribute is not added.
>
> Please provide pointers to what am I doing wrong here.
>
> Thanks!
>
>