-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Usually you need an association in order for modifies/renames to work, and
sometimes policy can be used on a modify to create the association.
without it the system doesn't know what to modify/rename. Associate the
objects and see if the rename then works properly.

Good luck.





On 07/06/2011 12:06 PM, srivastavaa wrote:
>
> Hi,
>
> we are writing a driver to OID. Here is requirement in brief:
>
> a) On rename of a group on IDV, rename event should be fired on OID for
> a role object and this role object is not available on IDV .. its
> created/renamed and deleted only on OID based on IDV Group
> creation/rename/deletion.
>
> On the subscriber channel, when we try to rename the role object on OID
> based on IDV Group rename, we get "No association key for rename
> operation."
>
> Here is a snippet from the log .. not sure why this will happen .. can
> we not modify an object that is not being synched between IDV and OID
> directly from Shim .. using another event as trigger (in this case a
> rename).
>
> <nds dtdversion="3.5" ndsversion="8.x">
> <source>
> <product version="4.0.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <rename
> dest-dn="com\OracleContext\Products\OracleDBSecurity\Or acleDefaultDomain\ER-testGroup30"
> event-id="ism-idv#20110706162801#1#2:15671ead-6a46-442f-e9ab-ad1e6715466a">
> <new-name>ER-testGroup303</new-name>
> </rename>
> </input>
> </nds>
> [07/06/11 16:28:16.404]:OID ST: Remote Interface Driver: Document
> sent.
> [07/06/11 16:28:16.436]:OID :Remote Interface Driver: Received.
> [07/06/11 16:28:16.436]:OID :
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20100929_091301" instance="OID"
> version="3.5.12">Identity Manager Driver for LDAP</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status
> event-id="ism-idv#20110706162801#1#2:15671ead-6a46-442f-e9ab-ad1e6715466a"
> level="error">No association key for rename operation.</status>
> </output>
> </nds>
> [07/06/11 16:28:16.438]:OID :Remote Interface Driver: Received document
> for subscriber channel
> [07/06/11 16:28:16.438]:OID :Remote Interface Driver: Waiting for
> receive...
> [07/06/11 16:28:16.438]:OID ST: SubscriptionShim.execute() returned:
> [07/06/11 16:28:16.439]:OID ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20100929_091301" instance="OID"
> version="3.5.12">Identity Manager Driver for LDAP</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status
> event-id="ism-idv#20110706162801#1#2:15671ead-6a46-442f-e9ab-ad1e6715466a"
> level="error">No association key for rename operation.</status>
> </output>
> </nds>
> [07/06/11 16:28:16.440]:OID ST: Applying input transformation
> policies.
> [07/06/11 16:28:16.440]:OID ST: Applying policy:
> %+C%14Cpp-ipt-roleGrpMapping%-C.
> [07/06/11 16:28:16.440]:OID ST: Applying to status #1.
> [07/06/11 16:28:16.441]:OID ST: Evaluating selection criteria for
> rule 'Add Group to Role'.
> [07/06/11 16:28:16.441]:OID ST: (if-operation equal "status") =
> TRUE.
> [07/06/11 16:28:16.441]:OID ST: (if-xpath true
> "@level='success'") = FALSE.
> [07/06/11 16:28:16.441]:OID ST: Rule rejected.
> [07/06/11 16:28:16.441]:OID ST: Policy returned:
> [07/06/11 16:28:16.442]:OID ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20100929_091301" instance="OID"
> version="3.5.12">Identity Manager Driver for LDAP</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status
> event-id="ism-idv#20110706162801#1#2:15671ead-6a46-442f-e9ab-ad1e6715466a"
> level="error">No association key for rename operation.</status>
> </output>
>
> Thanks,
> Amit
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOFLr2AAoJEF+XTK08PnB5ztQP/iFWEhHbdpUEccokTN9y/Zl8
g62f7oXkWZqiwjBfmoA6Rt/8fhCSyCuw7vJmr00XZiXLAQyXr2CpJvwBoS+0PHzJ
TOK0OOgUirCSZAJU/4mBb+y71A5BAFlpwPgMMlRvwopCsSIdwWq/wPOVYQ4DjfX7
MCcKkaH8tjXq8+jybvgTiG7L2jKQroDWdhrnMX/3mJB4J2uepP0m2QQoi4P4TvGv
SNBSUWOSaJYiR27GP4sg3wdHiqyM6F7DP5lDa8yLZSecc63jOa qdih5BQzwiSUKJ
IxQ5rKNBRdtuq0OuU+Y74A6VvJ43y9lY+/TSxqH1GmfNna+lLfO6mugD2m5cTfRw
B7tPhLRP6eUjL2JyaD2BqpJSOySIYtenEtq2HU2yhamrgd3CrI 6Ep7iJfz31CMQy
8jUrLk5ANUjq/w+WE3vVQQZwc9p/OE446RWQh3sCWHhu2J+m5QN/NEDhmz4tVIa7
lG1orIgadXNtdW9zWQS5JJ3m6ghr2tkvifhZlUoUAYVrfRt7ge XuBGAJ5ZzWUium
xTUTGriVIxXCgOCMZwifRxlaRQli0pKg/AjPbrXdMa8nzrfh/D3SHNgIIiwFIF14
JhKX0FIBITkm9bVI+1Uxezj5pBlsSoMyKJ2uVfBCUXwcdfIIvy aLPaxZScAf1iA0
0PMqM7iVFIzw0bUUBsEC
=BXfg
-----END PGP SIGNATURE-----