Hi all,

One of our IDM servers ran out of disk space on the var partition due to
a massive log file (I've now restricted it's size!). Once I deleted the
log file and rebooted the server the AD driver successfully started up
again, however I am not getting any users to sync from eDirectory to
ActiveDirectory any more. So I enabled driver logging to try and find
out what's going on and it looks like the users are getting vetoed in
the "sub-mp" policy. This is an example with a test user "jdavis6":

[07/15/14 12:31:30.815]:AD Driver ST:Applying policy: %+C%14Csub-mp%-C.
[07/15/14 12:31:30.815]:AD Driver ST: Applying to add #1.
[07/15/14 12:31:30.815]:AD Driver ST: Evaluating selection criteria for rule 'veto out-of-scope events'.
[07/15/14 12:31:30.816]:AD Driver ST: (if-op-property 'attempt-to-match' not-available) = TRUE.
[07/15/14 12:31:30.816]:AD Driver ST: Rule selected.
[07/15/14 12:31:30.816]:AD Driver ST: Applying rule 'veto out-of-scope events'.
[07/15/14 12:31:30.817]:AD Driver ST: Action: do-veto().
[07/15/14 12:31:30.817]:AD Driver ST:Policy returned:
[07/15/14 12:31:30.817]:AD Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<product edition="Standard" version="">DirXML</product>
<contact>Novell, Inc.</contact>
[07/15/14 12:31:30.818]:AD Driver ST:Processing returned document.
[07/15/14 12:31:30.819]:AD Driver ST:Processing operation <status> for .
[07/15/14 12:31:30.821]:AD Driver ST:
DirXML Log Event -------------------
Driver: \HESLOP\DANEBANK\Services\AD-Driverset\AD-Danebank
Channel: Subscriber
Object: \HESLOP\DANEBANK\Students\2016\jdavis6
Status: Warning
Message: Code(-8016) Operation vetoed by object matching policy.

When I look at the policy, I don't quite understand what
"attempt-to-match" is doing or if this is even the issue.
Here is a copy of the full log file http://tinyurl.com/ozj3tcy
And this is the policy XML http://tinyurl.com/ll4yfdv

Thanks a lot for the help.


jimdavis66's Profile: https://forums.netiq.com/member.php?userid=7720
View this thread: https://forums.netiq.com/showthread.php?t=51317