The connected system for this LDAP driver is Sun Directory Server. I am
trying to get user objects to match from eDir to LDAP. I am trying to
match a custom attribute from eDir (utcID) to pdsLoginId on the Sun
box.

The pdsLoginId attribute comes from the pdsPersonOC class which is used
by the inetOrgPerson base class for users in the connected LDAP. My
problem seems to be that while the driver can lookup the value for
utcID, it's not finding the pdsLoginId on the other side.

Each side of the connector uses a flat container for users (so no users
hiding in other places). It seems like when the policy tries to match
it only looks at the inetOrgPerson class even though in the policy I
tell it that the pdsLoginId attribute is part of the pdsPersonOC class:

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Applying rule 'match
users based on utcID == pdsLoginId'.

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Action:
do-find-matching-object(scope="subtree",arg-dn(token-global-variable("driver.ldap.base.container")),arg-match-attr("utcID",token-dest-attr("pdsLoginId",class-name="pdsPersonOC"))).

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST:
arg-dn(token-global-variable("driver.ldap.base.container"))

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST:
token-global-variable("driver.ldap.base.container")

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Token Value:
"OU=People,o=utc.edu,o=cp".

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Arg Value:
"OU=People,o=utc.edu,o=cp".

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST:
arg-match-attr("utcID",token-dest-attr("pdsLoginId",class-name="pdsPersonOC"))

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST:
arg-string(token-dest-attr("pdsLoginId",class-name="pdsPersonOC"))

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST:
token-dest-attr("pdsLoginId",class-name="pdsPersonOC")

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Token
Value: "".

[04/19/2010 15:51:59.363] Vault-to-tLuminis ST: Arg Value:
"".

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Query from
policy

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST:

<nds dtdversion="3.5" ndsversion="8.x">

<source>

<product version="3.6.10.4747">DirXML</product>

<contact>Novell, Inc.</contact>

</source>

<input>

<query class-name="User" dest-dn="OU=People,o=utc.edu,o=cp"
scope="subtree">

<search-class class-name="User"/>

<search-attr attr-name="utcID">

<value type="string"/>

</search-attr>

<read-attr/>

</query>

</input>

</nds>

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Fixing up
association references.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Applying schema
mapping policies to output.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Applying policy:
smp.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Mapping
attr-name 'utcID' to 'pdsLoginId'.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Mapping
class-name 'User' to 'inetOrgPerson'.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Mapping
class-name 'User' to 'inetOrgPerson'.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Applying output
transformation policies.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Applying policy:
otp-EntitlementsImpl.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Applying to
query #1.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Evaluating
selection criteria for rule 'Intercept outbound queries for
LDAPAccount'.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST:
(if-class-name equal "LDAPAccount") = FALSE.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Rule
rejected.

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST: Policy
returned:

[04/19/2010 15:51:59.364] Vault-to-tLuminis ST:

<nds dtdversion="3.5" ndsversion="8.x">

<source>

<product version="3.6.10.4747">DirXML</product>

<contact>Novell, Inc.</contact>

</source>

<input>

<query class-name="inetOrgPerson" dest-dn="OU=People,o=utc.edu,o=cp"
event-id="0" scope="subtree">

<search-class class-name="inetOrgPerson"/>

<search-attr attr-name="pdsLoginId">

<value type="string"/>

</search-attr>

<read-attr/>

</query>

</input>

</nds>



More detail of this transaction is attached. I know for sure that
there is a user in the LDAP app with a pdsLoginId attribute value that
matches for the one that I am searching. I just looks like it isn't
searching the needed class when performing the query.



Any ideas? All help is greatly appreciated.



-Morgan


+----------------------------------------------------------------------+
|Filename: TraceLevel3.zip |
|Download: http://forums.novell.com/attachment....achmentid=4288 |
+----------------------------------------------------------------------+

--
morganginga
------------------------------------------------------------------------
morganginga's Profile: http://forums.novell.com/member.php?userid=51617
View this thread: http://forums.novell.com/showthread.php?t=408129