IDM 4.01, User App 4.01 (Build Revision 37294) no patches yet. (Ya I

I am working on an SAP USER (UM) driver, and it generates valid XML as
its EntitlementConfiguration object. But the code map refresh errors
when parsing it. It reads it (per the extended UA trace):

[6/5/13 10:01:24:691 EDT] 0000004b SystemOut O DEBUG [RBPM]
[com.novell.idm.nrf.persist.IdmResourceDAO:createId mResource] Start
[6/5/13 10:01:24:691 EDT] 0000004b SystemOut O DEBUG [RBPM]
[com.novell.idm.nrf.persist.IdmResourceDAO:createId mResource] In
createIdmResource for:
xmldata=<entitlement-configuration driver-type="SAPUM"
min-driver-version="3.6.0" modified="20130605014810">

I will paste the XML it finds a bit later.

But it fails to parse it:

[6/5/13 10:01:25:649 EDT] 0000004b SystemOut O ERROR [RBPM]
[com.novell.idm.nrf.persist.DirXMLDriverDAO:loadEna bledDriverCache]
Error occurred parsing the entitlement configuration XML:
cn=EntitlementConfiguration,cn=SAP-USER2,cn=driverSet,ou=services,o=tstidmjava.lang.I llegalArgumentException:
com.novell.idm.nrf.persist.entitlementConfig.SOURC ETYPE.fromValue(
com.novell.idm.nrf.persist.entitlementConfig.Param eter_JAXB_Deserialization_Stub.writeAttributePrope rty(com.novell.idm.nrf.persist.entitlementConfig.P

So the issue is the 'connection' value.

The XML of the EntitlementConfiguration object is this:

<entitlement data-collection="true"
parameter-format="legacy" resource-mapping="true" role-mapping="true">
<type category="security account" id="user"
<value langCode="EN">User</value>
<parameter mandatory="true"
name="LSNAME" source="connection"/>
<nds dtdversion="2.0">
class-name="US" scope="subtree">

<search-class class-name="US"/>

<read-attr attr-name="LOCKUSER"/>
<account-id source="read-attr"
<account-id source="src-dn"/>
<account-id source="association"/>
<account-status active="0" inactive="1"
source="read-attr" source-name="LOCKUSER"/>
<connection name="DV3CLNT400">
<query-attr name="dest-dn">\DV3CLNT400</query-attr>
<query-instance langCode="EN">
<search-attr attr-name="LANGCODE">

There are two points of interest here:

1) The <connections> node with a <connection> node underneath. This is
basically meant to be able to support the Fanout Configuration. The itp
rule that builds this object, iterates over the Structured GCV that you
define for each system that it fans out too.

2) But the actual error (since I tried it without the <connections>
node, once I saw the error) is probably on the:


(Sorry, XPATH is easiest way to describe it).

That is, the line that says:
<parameter mandatory="true" name="LSNAME" source="connection"/>

So I know that you need a payload for the entitlement that looks at
least like this:
ID=geoffc|LSNAME=DV3CLNT400|CTYPE=non-cua (Legacy format)
{"ID":"geoffc","LSNAME":"DV3CLNT400","CTYPE":"n on-cua"}
(IDM4, aka JSON format)

So I can see it is trying to get the value for the connection.

But of course the format of this XML object is ill defined (unless I am
wrong and someone knows where it is documented).

This 'stuff' is included in the Packaged so this is
officially 'supported' per the notion that packaged configs are supported.

So question becomes, is in a <parameter> node, is source="connection"
legal in the EntitlementConfiguration object, and if so, does UA 4.01
support this in its code map refresh? (Clearly mine does not like it).

Secondarily, are there any docs on this so I can troubleshoot further on
my own?