Hello everyone,

For several reasons we are trying to add the nrfAssociatedRoles
attribute manually to dynamic groups we create using a delimited-text
driver. We have created some roles in the User Application and want to
write the link to one of those roles to the nrfAssociatedRoles attribute
in the dynamic group. However, when we try to do that, we get an
'createEntry -672 ERR_NO_ACCESS' error.

I was wondering if anyone knows why we are getting this error and if it
is even possible what we are trying to do. We have set the driver's
security equivalences both to eDirectory/IDM administrator and User App
administrator but this did not work. Also, when we create a dynamic
group without the nrfAssociatedRoles attribute, this goes perfectly
well.

Using eDirectory 8.8.5, User App 3.7 and IDM 3.6.1.

All help is greatly appreciated!

Some level 3 tracing:


<nds dtdversion="1.1" ndsversion="8.6" xml:space="default">
<input>
<add class-name="dynamicGroup"
dest-dn="IAM\Groups\dg_Company_Architect_10001234">
<add-attr attr-name="CN">
<value type="string">dg_Company_Architect_10001234</value>
</add-attr>
<add-attr attr-name="nrfAssociatedRoles">
<value type="structured">
<component name="nameSpace">0</component>
<component
name="volume">IAM\Services\IDM\DriverSet\UserAppli cation\AppConfig\RoleConfig\RoleDefs\Level20\Test
role</component>
<component
name="path">&lt;assignment>&lt;start_tm>2011021613 3540Z&lt;/start_tm>&lt;req>cn=padmin,ou=Services,o=IAM&lt;/req>&lt;req_desc>Dynamic
Group tbv autorisatie regels&lt;/req_desc>&lt;/assignment></component>
</value>
</add-attr>
<add-attr attr-name="Object Class">
<value type="string">dynamicGroup</value>
</add-attr>
<add-attr attr-name="Object Class">
<value type="string">nrfGroup</value>
</add-attr>
</add>
</input>
</nds>
[02/18/11 15:52:48.979]elimited Text PT:Found non-class attribute
nrfAssociatedRoles.
[02/18/11 15:52:48.979]elimited Text PT:No command transformation
policies.
[02/18/11 15:52:48.980]elimited Text PT:Filtering out
notification-only attributes.
[02/18/11 15:52:48.980]elimited Text PT:Pumping XDS to eDirectory.
[02/18/11 15:52:48.980]elimited Text PT:Performing operation add for
IAM\Groups\dg_Company_Architect_10001234.
[02/18/11 15:52:48.981]elimited Text PT:Adding entry
IAM\Groups\dg_Company_Architect_10001234.
[02/18/11 15:52:48.981]elimited Text PT:Creating RDN
dg_Company_Architect_10001234 in context IAM\Groups.
[02/18/11 15:52:48.988]elimited Text PT:
DirXML Log Event -------------------
Driver: \IAM-TREE\IAM\Services\IDM\DriverSet\Delimited Text
Channel: Publisher
Object: (IAM\Groups\dg_company_Architect_10001234)
Status: Error
Message: Code(-9010) An exception occurred:
novell.jclient.JCException: createEntry -672 ERR_NO_ACCESS
[02/18/11 15:52:48.995]elimited Text PT:Fixing up association
references.
[02/18/11 15:52:48.996]elimited Text PT:Applying schema mapping
policies to output.
[02/18/11 15:52:48.996]elimited Text PT:Applying policy:
%+C%14Csmp-MappingRule%-C.
[02/18/11 15:52:48.996]elimited Text PT:No output transformation
policies.
[02/18/11 15:52:48.997]elimited Text PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.14.5471">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="error">Code(-9010) An exception
occurred: novell.jclient.JCException: createEntry -672
ERR_NO_ACCESS<application>DirXML</application>
<module>Delimited Text</module>
<object-dn>
(IAM\Groups\dg_Company_Architect_10001234)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[02/18/11 15:52:48.999]elimited Text PTelimited Text: Renamed file
path:/opt/novell/csv/input/autorisatie_regels.csv.bak


--
lqraven
------------------------------------------------------------------------
lqraven's Profile: http://forums.novell.com/member.php?userid=81918
View this thread: http://forums.novell.com/showthread.php?t=432820