Hi,

Trying to load authorizations for notesAccount2 on a Lotus Notes driver
from RMA (Role Mapping Administrator) it fails with the error:
"An error occurred while loading authorizations"

Looking at the idmmap.log on Tomcat, we see the error:

Thread-275 2014-06-03 12:46:57,598 ERROR
[com.novell.rolemap.server.impl.ldap.util.IdmQueryrocessQueryResponse]
Error querying application roles for entitlement:
CN=notesAccount2,CN=DrvNotes,CN=driverset1,O=syste mrvNotes
Thread-275 2014-06-03 12:46:57,599 ERROR
[com.novell.rolemap.server.impl.ldap.util.IdmQueryrocessQueryResponse]
Failed to parse query result: null
java.lang.IllegalArgumentException
at
com.novell.rolemap.server.impl.db.persist.Hibernat eDAO.substituteQuery(HibernateDAO.java:208)
at
com.novell.rolemap.server.impl.db.persist.Hibernat eDAO.queryUnique(HibernateDAO.java:238)
at
com.novell.rolemap.server.impl.db.persist.QueryRes ultDAO.getQueryResultNoLabels(QueryResultDAO.java: 138)
at
com.novell.rolemap.server.impl.ldap.util.IdmQuery. processQueryResponse(IdmQuery.java:566)
at
com.novell.rolemap.server.impl.ldap.util.IdmQuery. submit(IdmQuery.java:262)
at
com.novell.rolemap.server.impl.ldap.util.IdmLogica lSystem.submitQueries(IdmLogicalSystem.java:157)
at
com.novell.rolemap.server.impl.ldap.util.IdmEntitl ement.submitQueries(IdmEntitlement.java:659)
at
com.novell.rolemap.server.impl.ldap.util.Entitleme ntUtil.loadQueryResultsForLogicalSystem(Entitlemen tUtil.java:421)
at
com.novell.rolemap.server.impl.service.Configurati onManager$LoadThread.run(ConfigurationManager.java :1347)


So I suspect the problem is with a malformed query result from the
driver.

The following is an abstract from the Lotus Notes Driver trace:

INJECTED DOCUMENT:
<nds dtdversion="2.0">
<input>
<query class-name="NotesSystem" scope="subtree">
<search-class class-name="NotesSystem"/>
<read-attr attr-name="NotesSystemDescription"/>
<read-attr attr-name="NotesSystemDisplayName"/>
<read-attr attr-name="NotesSystemValue"/>
<operation-data>
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</query>
</input>
</nds>


AFTER EXCUTING THE NOVLNOTEENT-OTP-ENTITLEMENTSIMPL POLICY, THE RESULT
IS (I DON'T LIKE THE 5 BLANK LINES BEFORE \"SEARCH-CLASS\"):

<nds dtdversion="2.0">
<input>
<query event-id="query-driver-ident" scope="entry">





<search-class class-name="__driver_identification_class__"/>
<read-attr/>
<operation-data UserAccountEntitlementQuery="">
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</query>
</input>
</nds>


AND FINALLY, WHAT I SUSPECT IS THE RESULTING DOCUMENT SENT TO RMA IS:

<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20120601_170505" instance="DrvNotes"
version="3.5.9">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="__driver_identification_class__"
event-id="query-driver-ident">
<attr attr-name="driver-id">
<value type="string">NOTES</value>
</attr>
<attr attr-name="driver-version">
<value type="string">3.5.9</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">4</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
<operation-data UserAccountEntitlementQuery="">
<rmap-data>
<rmap-identity format="ldap"
type="dn">cn=uaadmin,ou=sa,o=data</rmap-identity>
</rmap-data>
</operation-data>
</instance>
<instance class-name="NotesSystem" src-dn="">
<attr attr-name="NotesSystemDisplayName">
<value>Account for Notes System</value>
</attr>
<attr attr-name="NotesSystemDescription">
<value>User account in Notes System.</value>
</attr>
<attr attr-name="NotesSystemValue">
<value>Notes System</value>
</attr>
</instance>
</output>
</nds>


I'm almost sure we have not changed anything from the default Lotus
Notes driver entitlements packages.

Does anyone have any idea or see if is there something missing?

Regards
Jose Luis


--
jlrodriguez
------------------------------------------------------------------------
jlrodriguez's Profile: https://forums.netiq.com/member.php?userid=359
View this thread: https://forums.netiq.com/showthread.php?t=51008