Hello all,

Sorry for the long wait for a reply, been very busy with other
projects..

today ( like an hour ago) i've managed to solve it after i had gathered
logging.

Here was the cause :

Class authsamlaffiliate was missing it's optional attributes (
authsamlProviderID, authsamlValidBefore, authsamlValidAfter,
authsamlTrustedCertDN, authsamlCertContainerDN, authsamlCheckCRL )

i found this out by tracing eDir and looking what went wrong, here is
the exact trace :


Code:
--------------------
12:46:31 A7620700 LDAP: DoModify on connection 0x101a3180
12:46:31 A7620700 LDAP: modify: dn (cn=Default Notification Collection,cn=Security)
12:46:31 A7620700 LDAP: modifications:
12:46:31 A7620700 LDAP: delete: notfSMTPEmailHost
12:46:31 A7620700 LDAP: DDCModifyEntry failed, err = no such attribute (-603)
12:46:31 A7620700 LDAP: Sending operation result 16:"":"NDS error: no such attribute (-603)" to connection 0x101a3180
12:46:31 A6CFE700 LDAP: DoModify on connection 0x101a3180
12:46:31 A6CFE700 LDAP: modify: dn (cn=Default Notification Collection,cn=Security)
12:46:31 A6CFE700 LDAP: modifications:
12:46:31 A6CFE700 LDAP: delete: notfSMTPEmailUserName
12:46:31 A6CFE700 LDAP: DDCModifyEntry failed, err = no such attribute (-603)
12:46:31 A6CFE700 LDAP: Sending operation result 16:"":"NDS error: no such attribute (-603)" to connection 0x101a3180
12:46:31 A6BFD700 LDAP: DoModify on connection 0x101a3180
12:46:31 A6BFD700 LDAP: modify: dn (cn=Default Notification Collection,cn=Security)
12:46:31 A6BFD700 LDAP: modifications:
12:46:31 A6BFD700 LDAP: delete: notfSMTPEmailFrom
12:46:31 A6BFD700 LDAP: DDCModifyEntry failed, err = no such attribute (-603)
12:46:31 A6BFD700 LDAP: Sending operation result 16:"":"NDS error: no such attribute (-603)" to connection 0x101a3180
12:46:31 A6CFE700 LDAP: DoSearch on connection 0x101a3180
12:46:31 A6CFE700 LDAP: Search request:
base: "cn=RBPMTrustedRootContainer,cn=Security"
scope:0 dereference:0 sizelimit:1000 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
no attributes
12:46:31 A6CFE700 LDAP: Cannot resolve NDS name 'CN=RBPMTrustedRootContainer.CN=Security' in ResolveAndAuthNDSName, err = no such entry (-601)
12:46:31 A6CFE700 LDAP: Base "cn=RBPMTrustedRootContainer,cn=Security" not found, err = no such entry (-601)
12:46:31 A6CFE700 LDAP: Sending operation result 32:"cn=Security":"NDS error: no such entry (-601)" to connection 0x101a3180
12:46:31 A7620700 LDAP: DoAdd on connection 0x101a3180
12:46:31 A7620700 LDAP: add: dn (cn=RBPMTrustedRootContainer,cn=Security)
12:46:31 A7620700 LDAP: Sending operation result 0:"":"" to connection 0x101a3180
12:46:31 A8216700 LDAP: DoAdd on connection 0x101a3180
12:46:31 A8216700 LDAP: add: dn (cn=RBPMTrustedRoot_1436265991365,cn=RBPMTrustedRo otContainer,cn=Security)
12:46:31 A8216700 LDAP: Sending operation result 0:"":"" to connection 0x101a3180
12:46:31 A7620700 LDAP: DoModify on connection 0x101a3180
12:46:31 A7620700 LDAP: modify: dn (cn=RBPMTrustedRootContainer,cn=Security)
12:46:31 A7620700 LDAP: modifications:
12:46:31 A7620700 LDAP: add: ndspkiTrustedRootList
12:46:31 A7620700 LDAP: Sending operation result 0:"":"" to connection 0x101a3180
12:46:31 C444A700 LDAP: DoAdd on connection 0x101a3180
12:46:31 C444A700 LDAP: add: dn (cn=RBPMSAML_1436265991380,cn=SAML Assertion,cn=Authorized Login Methods,cn=Security)
12:46:31 C444A700 LDAP: DDCCreateEntryEx failed, err = illegal attribute (-608)
12:46:31 C444A700 LDAP: Sending operation result 65:"":"NDS error: illegal attribute (-608)" to connection 0x101a3180
12:46:31 A8115700 LDAP: DoUnbind on connection 0x101a3180
12:46:31 A8115700 LDAP: Connection 0x101a3180 closed

--------------------


As you can see it fails on adding the authsamlaffiliate object.

Reading a bit about it ( and the article about it by Geoff on OSP made
me look further in that direction) made me think about the schema, so i
grabbed an IDM 4.02 iso and grabbed the SAML zip which holds the schema
for it, and looked it thru, and i found the difference in the class.

As i had all atributes i just added the ones as specified in the
schemafile to the class via iManager.. and ran a fresh installer which
then ran succesfully, and without pain started the UA.

How this was caused i dont know, as this was a regular customer-install
as so many before that....

anyway, just wanted to share my search and its positive end ( both for
me and the customer )

Michael


--
Shadowm
------------------------------------------------------------------------
Shadowm's Profile: https://forums.netiq.com/member.php?userid=6005
View this thread: https://forums.netiq.com/showthread.php?t=53235