We use the roles-Based provisioning application for user self-service.
When a user requests a login ID, if they already exist in the ID Vault
(as a user in an inactive users OU, typically created by a jdbc driver)
their chosen login is captured in an attribute and the existing object
is renamed. When the rename is processed by a Null driver, the user
object is moved into the active users OU.

What I see on the move is an error message and a retry request for 30
seconds later. The retry is successful. My thinking is that IDM doesn't
want to move the object until the rename has successfully synced across
the sundry replica holders. While the operation is ultimately
successful, I would prefer to have it succeed on the first attempt if
anyone has any suggestions about how I can accomplish that. Alternately,
if there is something else causing this, I need to address that.

Traces follow:

[12/16/09 14:23:06.350]:null ST: Pumping XDS to eDirectory.
[12/16/09 14:23:06.351]:null ST: Performing operation move for
\MYID-TREE\UGA\CoreIDs\edcxxx.
[12/16/09 14:23:06.424]:null ST: Processing returned document.
[12/16/09 14:23:06.424]:null ST: Processing operation <status> for .
[12/16/09 14:23:06.424]:null ST:
DirXML Log Event -------------------
Driver: \MYID-TREE\UGA\services\UGADriverSet\st-fs-bc-null
Channel: Subscriber
Status: Retry
Message: Code(-9011) eDirectory returned an error indicating that
the operation should be retried later: novell.jclient.JCException:
resolve -626 ERR_ALL_REFERRALS_FAILED
[12/16/09 14:23:06.426]:null ST: Direct command from policy result
[12/16/09 14:23:06.427]:null ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="idm3#20091216192306#6#2"
level="retry">Code(-9011) eDirectory returned an error indicating that
the operation should be retried later: novell.jclient.JCException:
resolve -626 ERR_ALL_REFERRALS_FAILED<application>DirXML</application>
<module>st-fs-bc-null</module>
<object-dn></object-dn>
<component>Subscriber</component>
</status>
</output>
</nds>
[12/16/09 14:23:06.430]:null ST:
DirXML Log Event -------------------
Driver: \MYID-TREE\UGA\services\UGADriverSet\st-fs-bc-null
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status
indicating that the operation should be retried later. Detail from
driver: Code(-9011) eDirectory returned an error indicating that the
operation should be retried later: novell.jclient.JCException: resolve
-626 ERR_ALL_REFERRALS_FAILED<application>DirXML</application>
<module>st-fs-bc-null</module>
<object-dn></object-dn>
<component>Subscriber</component>
[12/16/09 14:23:06.433]:null ST:Requesting 30 second retry delay.

Followed later by:

[12/16/09 14:23:36.600]:null ST: Pumping XDS to eDirectory.
[12/16/09 14:23:36.600]:null ST: Performing operation move for
\MYID-TREE\UGA\CoreIDs\edcxxx.
[12/16/09 14:23:36.663]:null ST: Moving entry
\MYID-TREE\UGA\CoreIDs\edc920 to \MYID-TREE\UGA\users.
[12/16/09 14:23:36.837]:null ST: Waiting for moved object
\MYID-TREE\UGA\users to replicate from master replica.
[12/16/09 14:23:38.846]:null ST: Waiting for moved object
\MYID-TREE\UGA\users to replicate from master replica.
[12/16/09 14:23:40.853]:null ST: Processing returned document.
[12/16/09 14:23:40.853]:null ST: Processing operation <status> for .
[12/16/09 14:23:40.853]:null ST:
DirXML Log Event -------------------
Driver: \MYID-TREE\UGA\services\UGADriverSet\st-fs-bc-null
Channel: Subscriber
Status: Success


--
keithbmartin
------------------------------------------------------------------------
keithbmartin's Profile: http://forums.novell.com/member.php?userid=48654
View this thread: http://forums.novell.com/showthread.php?t=396078