When I turn on all of the logging for work flows in tomcat/conf I see the error:

Unexpected error while provisioning changeItem id: 5. Reason: Item 'REMOVE_PERMISSION_ASSIGNMENT' does not contain all required provisioning attributes (permProvAttr, permProvId, accountProvId).



However, when I export the eDir LDAP fulfillment json I don't see these attributes and not sure how to configure to add them in. Any ideas?



{"targetId":13,"name":"eDirectory LDAP Fulfillment","displayName":"eDirectory LDAP Fulfillment","description":"eDirectory LDAP Service Fulfillment template","isDefault":false,"isSystem":false,"type ":"CUSTOM","typeDisplayName":"eDirectory LDAP","isManual":false,"isIdmWorkflow":false,"isId mAuto":false,"dataCollectors":{"arraySize":1,"coll ectors":[{"collectorId":19,"name":"eDirectory LDAP Fulfillment","collectorType":"FULFILLMENT","templa teId":72,"templateUniqueId":"EDirLdapFulfillmentTe mplate","templateVersion":"3.0.0","configuration": "{\"service-identifier\":\"EDirLdapFulfillmentTemplate-13-19-27229a65d1ac488e9fdcfeed76149d81\",\"collectorType \":\"FULFILLMENT\",\"class\":\"com.netiq.daas.fulf illment.ldapservice.LDAPFulfillment\",\"allow-connection-test\":true,\"change_request_types\":[\"REMOVE_PERMISSION_ASSIGNMENT\",\"ADD_PERMISSION_ TO_USER\",\"REMOVE_ACCOUNT\",\"ADD_APPLICATION_TO_ USER\",\"REMOVE_ACCOUNT_PERMISSION\"],\"version\":\"3.0.0\",\"service-parms\":[{\"name\":\"server\",\"display-name\":\"Host\",\"description\":\"IP or DNS address of eDirectory server\",\"data-type\":\"string\",\"required\":true,\"value\":\"10 .0.2.5\"},{\"name\":\"port\",\"display-name\":\"Port\",\"description\":\"LDAP Service Port Number\",\"data-type\":\"numeric\",\"default-value\":389,\"required\":true,\"value\":\"636\"},{ \"name\":\"user\",\"display-name\":\"User Name\",\"description\":\"User name used to connect to eDirectory Server\",\"data-type\":\"string\",\"required\":true,\"credential-type\":\"user\",\"credential-position\":0,\"value\":\"cn=admin,ou=sa,o=system\" },{\"name\":\"password\",\"display-name\":\"Password\",\"description\":\"Password\",\ "data-type\":\"password\",\"required\":true,\"credential-type\":\"password\",\"credential-position\":0,\"value\":\"$$$$\"},{\"name\":\"secur ity-certificate\",\"display-name\":\"Server Certificate\",\"description\":\"Base-64 encoded certificate from target eDirectory Server\",\"data-type\":\"string\",\"certificate-parm\":true,\"conn-parms\":\"[\\\"server\\\",\\\"port\\\"]\",\"required\":false,\"default-value\":\"\",\"value\":\"MIIGjzCCBXegAwIBAgIUAxXz9 s6r2usExElkSXT\\/06u58S8wDQYJKoZIhvcNAQELBQAwLzEaMBgGA1UECxMRT3JnYW 5pemF0aW9uYWwgQ0ExETAPBgNVBAoTCElEVi1UUkVFMB4XDTE4 MTEyMzE1Mzc1NFoXDTIwMTEyMjE1Mzc1NFowIjERMA8GA1UECh MISURWLVRSRUUxDTALBgNVBAMTBElEVjEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDJpndP8WK6MKMTk79jt+QgLq +z283J8HSDHjQvwjwulPTdD8MBY0mjCJwJLwg4JAX1rPDwsULU wmjFa1zfrFwWgIl18nRCAguLX9pzmRbGqC4BrCS9pvjjJRxQ0h Dj0OQmRdh3g6xluJSaNhfA2QWpEKSfdL0Sj8Q4drmS3YsF5w9n 84lL9bPAnEEQQS7Y52GtC\\/bGz20MlpXxEXTQ8PK2iy1C\\/HCQJS4T35\\/lBF\\/03hoh6R1H7wCPl4SwCCihP+ggKSP4ufSPpEMy5SCsZyM8J\\/evaDvmXV9wlLr2f21aG+Jvw2a0GwL5qJaA0kX6\\/6snmDuoCINp3wm1DUIx8SYZAgMBAAGjggOuMIIDqjAdBgNVHQ4 EFgQUISa+ZSKtTZ2bIIZyNaHKUm9l8xgwHwYDVR0jBBgwFoAUY iNa2nM3uQM71gI5X\\/2HdtQVxeowDwYDVR0RBAgwBocECgACBTALBgNVHQ8EBAMCBaAw ggHMBgtghkgBhvg3AQkEAQSCAbswggG3BAIBAAEB\\/xMdTm92ZWxsIFNlY3VyaXR5IEF0dHJpYnV0ZSh0bSkWQ2h0dHA 6Ly9kZXZlbG9wZXIubm92ZWxsLmNvbS9yZXBvc2l0b3J5L2F0d HJpYnV0ZXMvY2VydGF0dHJzX3YxMC5odG0wggFIoBoBAQAwCDA GAgEBAgFGMAgwBgIBAQIBCgIBaaEaAQEAMAgwBgIBAQIBADAIM AYCAQECAQACAQCiBgIBFwEB\\/6OCAQSgWAIBAgICAP8CAQADDQCAAAAAAAAAAAAAAAADCQCAAAA AAAAAADAYMBACAQACCH\\/\\/\\/\\/\\/\\/\\/\\/\\/\\/AQEAAgQG8N9IMBgwEAIBAAIIf\\/\\/\\/\\/\\/\\/\\/\\/\\/8BAQACBAbw30ihWAIBAgICAP8CAQADDQBAAAAAAAAAAAAAAAAD CQBAAAAAAAAAADAYMBACAQACCH\\/\\/\\/\\/\\/\\/\\/\\/\\/\\/AQEAAgQR\\/66BMBgwEAIBAAIIf\\/\\/\\/\\/\\/\\/\\/\\/\\/8BAQACBBH\\/roGiTjBMAgECAgEAAgIA\\/wMNAIAAAAAAAAAAAAAAAAMJAIAAAAAAAAAAMBIwEAIBAAIIf\\/\\/\\/\\/\\/\\/\\/\\/\\/8BAQAwEjAQAgEAAgh\\/\\/\\/\\/\\/\\/\\/\\/\\/\\/wEBADCCAXgGA1UdHwSCAW8wggFrMCagJKAihiBodHRwOi8vMTA uMC4yLjU6ODAyOC9jcmwvb25lLmNybDBaoFigVoZUbGRhcDovL zEwLjAuMi41OjM4OS9DTj1PbmUsQ049T25lJTIwLSUyMENvbmZ pZ3VyYXRpb24sQ049Q1JMJTIwQ29udGFpbmVyLENOPVNlY3Vya XR5MCegJaAjhiFodHRwczovLzEwLjAuMi41OjgwMzAvY3JsL29 uZS5jcmwwW6BZoFeGVWxkYXBzOi8vMTAuMC4yLjU6NjM2L0NOP U9uZSxDTj1PbmUlMjAtJTIwQ29uZmlndXJhdGlvbixDTj1DUkw lMjBDb250YWluZXIsQ049U2VjdXJpdHkwX6BdoFukWTBXMQwwC gYDVQQDEwNPbmUxHDAaBgNVBAMTE09uZSAtIENvbmZpZ3VyYXR pb24xFjAUBgNVBAMTDUNSTCBDb250YWluZXIxETAPBgNVBAMTC FNlY3VyaXR5MA0GCSqGSIb3DQEBCwUAA4IBAQBhGxN3CkMc2Qy Z25M+cNfmXzsNKQpMkQGo0Y\\/HWsLJiMp41CwRe8xDye+XhQLe6XcRqg30wVoocEC2JvzwFQMck sbTQZk7SLECFNirTij4jGbkHep\\/Bv790yrAul3WpqVRNiMaFT8QsPLU3ebYS6Hwmh7cNJHImhXPJe Oc8t\\/iQocpSaeh7vDa6TUoJOSnWY2QPxEUmAcWCGwwsIBLbKdsNC+jv 5UMZCmmkOmMmQVDsLccd+RjuROJ7kGrjkB2IsQBzYTbcB7txkC 9xvs0\\/8rQ8HZqNb7wketc\\/LJmSddeLU4I7\\/R8AqHPCdEfg3xvKMSH6Da3OZyvsNyZrsdqGkoQ\",\"certifi cateLoading\":false},{\"name\":\"reciprocal-attrs\",\"display-name\":\"Set reciprocal attributes?\",\"description\":\"Select 'Yes' to set User and Group security attributes. Select 'No' to only set LDAP membership\",\"data-type\":\"string\",\"default-value\":1,\"required\":false,\"options\":[{\"value\":1,\"display-name\":\"Yes\"},{\"value\":0,\"display-name\":\"No\"}],\"selectedValue\":{\"value\":1,\"display-name\":\"Yes\"},\"value\":1},{\"name\":\"server-type\",\"display-name\":\"Server Type\",\"description\":\"Type of LDAP Server\",\"data-type\":\"string\",\"default-value\":\"EDIR\",\"required\":true,\"hidden\":true ,\"value\":\"EDIR\"}],\"ecma-scripts\":[{\"name\":\"userProfile\",\"display-name\":\"Generated script for \\\"userProfile\\\" mapping\",\"description\":\"Generated script for \\\"userProfile\\\" mapping\",\"script\":\"\\/\\/ The following script is a sample Account creation payload generator.\\n\\/\\/ It utilizes firstName, lastName, title, and workforceId attributes.\\n\\/\\/ These must be configured as 'Recipient' Fulfillment Context Attributes.\\n\\/\\/ For eDirectory, the mandatory attributes that must be generated are 'cn' and\\n\\/\\/ 'sn'.\\n\\n\\/\\/ inputValue is string, we need to parse it to convert it into a javascript object\\n\\/\\/ If Recipient context attributes are not configured, it will be an empty string\\nif (inputValue === null || inputValue.length === 0) {\\n\\toutputValue = '';\\n} else {\\n\\tvar userProfileParsed = JSON.parse(inputValue);\\n\\tvar firstName = userProfileParsed.firstName ? userProfileParsed.firstName : '';\\n\\tvar lastName = userProfileParsed.lastName ? userProfileParsed.lastName : '';\\n\\tvar title = userProfileParsed.jobTitle ? userProfileParsed.jobTitle : '';\\n\\tvar workforceId = userProfileParsed.workforceId ? userProfileParsed.workforceId : '';\\n\\tvar targetDn = 'ou=Users,o=Test';\\n\\n\\tvar outObj = {};\\n\\tvar cn = firstName.substring(0,1) + lastName;\\n\\toutObj.cn = cn.toLowerCase();\\n\\n\\toutObj.fullName = firstName + ' ' + lastName;\\n\\toutObj.givenName = firstName;\\n\\toutObj.sn = lastName;\\n\\toutObj.title = title;\\n\\toutObj.workforceID = workforceId;\\n\\toutObj.targetContainer = targetDn;\\n\\n\\t\\/\\/ Passwords can only be set when using SSL connection!\\n\\t\\/\\/ Uncomment and modify the following line to set password for new accounts.\\n\\toutObj.password = 'Password123!';\\n\\n\\t\\/\\/ enable debug by uncommenting lines below\\n\\n\\t\\/\\/var logger = org.slf4j.LoggerFactory.getLogger(\\\"debug\\\");\ \n\\t\\/\\/logger.info(\\\"**********\\\");\\n\\t\\/\\/logger.info(\\\"inputValue is: \\\" + JSON.stringify(inputValue));\\n\\t\\/\\/logger.info(\\\"outputValue is: \\\" + JSON.stringify(outObj));\\n\\t\\/\\/logger.info(\\\"**********\\\");\\n\\n\\toutputVal ue = JSON.stringify(outObj);\\n}\"}],\"views\":[{\"name\":\"fulfillment-configuration\",\"display-name\":\"Fulfillment Item configuration and mapping\",\"output-transforms\":[{\"app-name\":\"userProfile\",\"script-name\":\"userProfile\"}],\"input-transforms\":[],\"schema-map-filter\":{\"generic-map\":[{\"view-name\":\"comment\",\"required\":true,\"app-name\":\"comment\"},{\"view-name\":\"fulfillmentId\",\"required\":true,\"app-name\":\"fulfillmentId\"}],\"fulfillment-parms\":[{\"display-name\":\"Fulfillment payload\",\"description\":\"Fulfillment payload\",\"data-type\":\"string\",\"app-name\":\"provPayload\",\"hidden\":true,\"required\ ":true,\"view-name\":\"FULL_PAYLOAD\"},{\"display-name\":\"Account creation payload\",\"description\":\"User Profile attributes used for creating new accounts. Account provisioning prohibited if left blank\",\"data-type\":\"string\",\"app-name\":\"userProfile\",\"required\":false,\"view-name\":\"userProfile\"}]},\"inputMapErrorMsg\":\"\"}],\"supportedChangeItems\":{\"REMOVE_PERMISSION_ASS IGNMENT\":true,\"ADD_PERMISSION_TO_USER\":false,\" REMOVE_ACCOUNT\":true,\"ADD_APPLICATION_TO_USER\": false,\"REMOVE_ACCOUNT_PERMISSION\":true}}","versi on":"1.0","link":"/api/dcs/collectors/19","linkStatus":"/api/dcs/collectors/19/status","linkSchedules":"/api/dcs/collectors/19/schedules","lastUpdateTime":1554142972940}]}}