Hi,

We have an issue with a Notes driver, when we try to do a move for a
user. Below more details about the problem:

We have two containers in Domino for users : /OU=EXT/OU=DE/O=CONTOSO for
external employees (with certifier /EXT/DE/CONTOSO) and another for
internals: /OU=DE/O=CONTOSO (with certifier /DE/CONTOSO).

When an "external" becomes "internal" we do a move request from IDM for
moving the user in notes an recertifying it with the destination
certifier. The move and recertification process works fine. Level 3
logs of the RL:

DirXML: [12/03/12 14:04:43.84]: TRACE: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<move allow-adminp-support="true"
cert-id="D:\Lotus\Data\DE-Contoso.id" cert-pwd="Z03tyiOL"
certifier-name="/DE/Contoso" class-name="Person"
event-id="trigger-job:ctn-user-statuschange-job#20121203130443#0#0"
old-cert-id="D:\Lotus\Data\EXT-DE-Contoso.id" old-cert-pwd="Z03tyiOL"
old-certifier-name="/EXT/DE/Contoso"
qualified-src-dn="O=CTN\OU=Persons\OU=DE\OU=Externals\CN=200093 "
src-dn="\IDV\CTN\Persons\DE\Externals\200093" src-entry-id="60921"
tell-adminp-process="tell adminp process all">
<association>80ACEB3560BD7C47C12579B80059157C</association>
<parent dest-dn="/DE/Contoso"/>
</move>
</input>
</nds>
DirXML: [12/03/12 14:04:43.84]: TRACE: LotusNotes:
NotesSubscriptionShim: Connected to CN=FEUPAR01HUBLODIPRP/O=SRV
DirXML: [12/03/12 14:04:43.84]: TRACE: LotusNotes:
NotesSubscriptionShim: Connected as CN=Admin IdolNovell/OU=DE/O=Contoso
DirXML: [12/03/12 14:04:43.84]: TRACE: LotusNotes:
NotesSubscriptionShim: Reading from names.nsf
DirXML: [12/03/12 14:04:43.84]: TRACE: LotusNotes:
NotesSubscriptionShim: Input Document contains 1 Identity Manager
commands
DirXML: [12/03/12 14:04:43.88]: TRACE: LotusNotes: Subscriber Move Op:
UNID = 80ACEB3560BD7C47C12579B80059157C
DirXML: [12/03/12 14:04:44.27]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Franck Bern/OU=EXT/OU=DE/O=Contoso) in heirarchy to
certifier /DE/Contoso
DirXML: [12/03/12 14:04:45.63]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Franck Bern/OU=EXT/OU=DE/O=Contoso) in heirarchy request
returned: 4A12
DirXML: [12/03/12 14:04:46.56]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Franck Bern/OU=EXT/OU=DE/O=Contoso) in heirarchy complete
returned: 4A1A
DirXML: [12/03/12 14:04:47.06]: TRACE: LotusNotes: processMoveEvent:
Domino Console Command: tell adminp process all returned: Command has
been executed on remote server. Use 'Live' console option, in future, to
view response from server.
DirXML: [12/03/12 14:04:47.06]: TRACE: Remote Loader:
SubscriptionShim.execute() returned:
DirXML: [12/03/12 14:04:47.06]: TRACE: <nds dtdversion="2.0"
ndsversion="8.x">
<source>
<product build="20110525_152103" instance="LotusNotes"
version="3.5.7">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status
event-id="trigger-job:lvm-user-statuschange-job#20121203130443#0#0"
level="success"/>
</output>
</nds>


BUT, when we try to a move from "internal" to "external", the move
process needs to be completeted by Notes Administrator in Lotus Notes
console. Level 3 logs of the RL:

DirXML: [12/03/12 14:04:47.42]: TRACE: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<move allow-adminp-support="true"
cert-id="D:\Lotus\Data\EXT-DE-Contoso.id" cert-pwd="Z03tyiOL"
certifier-name="/EXT/DE/Contoso" class-name="Person"
event-id="trigger-job:ctn-user-statuschange-job#20121203130443#0#0"
old-cert-id="D:\Lotus\Data\DE-Contoso.id" old-cert-pwd="Z03tyiOL"
old-certifier-name="/DE/Contoso"
qualified-src-dn="O=CTN\OU=Persons\OU=DE\OU=Internals\CN=014019 "
src-dn="\IDV\CTN\Persons\DE\Internals\014019" src-entry-id="56313"
tell-adminp-process="tell adminp process all">
<association>9510FACB39A4C2EDC12579B800591390</association>
<parent dest-dn="/EXT/DE/Contoso"/>
</move>
</input>
</nds>
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes:
NotesSubscriptionShim: Connected to CN=FEUPAR01HUBLODILPRP/O=SRV
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes:
NotesSubscriptionShim: Connected as CN=Admin IdolNovell/OU=DE/O=Contoso
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes:
NotesSubscriptionShim: Reading from names.nsf
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes:
NotesSubscriptionShim: Input Document contains 1 Identity Manager
commands
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes: Subscriber Move Op:
UNID = 9510FACB39A4C2EDC12579B800591390
DirXML: [12/03/12 14:04:47.42]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Patrick KLEIN/OU=DE/O=Contoso) in heirarchy to certifier
/EXT/DE/Contoso
DirXML: [12/03/12 14:04:47.75]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Patrick KLEIN/OU=DE/O=Contoso) in heirarchy request
returned:
DirXML: [12/03/12 14:04:48.33]: TRACE: LotusNotes: findAdminPNotesID:
No entries found with query: @Matches (ProxyAction; "6") & @Matches
(Form; "AdminRequest") & @Matches (ProxyNameList; "CN=Patrick
KLEIN/OU=DE/O=Contoso") & @Matches (ProxyTargetCertifier;
"OU=EXT/OU=DE/O=Contoso") & @Matches (FullName; "CN=Admin
IdolNovell/OU=DE/O=Contoso") & @Matches (ProxyAuthor; "CN=Admin
IdolNovell/OU=DE/O=Contoso") & @Matches ($OnBehalfOf; "CN=Admin
IdolNovell/OU=DE/O=Contoso") & @Matches ($UpdatedBy; "CN=Admin
IdolNovell/OU=DE/O=Contoso")
DirXML: [12/03/12 14:04:48.33]: TRACE: LotusNotes: Subscriber: AdminP
Move User (CN=Patrick KLEIN/OU=DE/O=Contoso) in heirarchy request
returned an empty string.
DirXML: [12/03/12 14:04:48.33]: TRACE: LotusNotes: Subscriber: AdminP
Move User request must be completed by the Notes Administrator.
DirXML: [12/03/12 14:04:48.83]: TRACE: LotusNotes: processMoveEvent:
Domino Console Command: tell adminp process all returned: Command has
been executed on remote server. Use 'Live' console option, in future, to
view response from server.
DirXML: [12/03/12 14:04:48.83]: TRACE: Remote Loader:
SubscriptionShim.execute() returned:
DirXML: [12/03/12 14:04:48.83]: TRACE: <nds dtdversion="2.0"
ndsversion="8.x">
<source>
<product build="20110525_152103" instance="LotusNotes"
version="3.5.7">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status
event-id="trigger-job:CTN-user-statuschange-job#20121203130443#0#0"
level="success"/>
</output>
</nds>

Do you have an idea on how to fix the problem, and make the move of
"internal" to "external" without an administrator completion?

Thank you in advance.


--
bensalem
------------------------------------------------------------------------
bensalem's Profile: https://forums.netiq.com/member.php?userid=391
View this thread: https://forums.netiq.com/showthread.php?t=46317