Hello,

I want to use our HR system to initiate user creation into the IDVault.
I've been hacking at the JDBC driver and have been able to gather basic
account info into the IDV as well as a clear text 'initial password'
(which the HR system will set and notifies the user of). I didn't
really know where to stuff the 'initial password' data so I picked
'Unknown Auxiliary Class' for now... (Where are you supposed to shove
this sort of data in edir? Am I supposed to extend the edir schema?)
Anyway, my first attempt at setting the password was to modify the
'Password(Pub)-Default Password Policy' in the JDBC driver.

In my trace, I can see the clear text password being passed down and I
think it is being transformed appropriately... Unfortunately I'm still
unable to log in with the password. Please help!


[06/03/09 15:07:07.422]:jdbctest PT:Applying command transformation
policies.
[06/03/09 15:07:07.422]:jdbctest PT:Applying policy:
%+C%14CPassword(Pub)-Default Password Policy%-C.
[06/03/09 15:07:07.423]:jdbctest PT: Applying to add #1.
[06/03/09 15:07:07.423]:jdbctest PT: Evaluating selection criteria
for rule 'On User add, set initial password to 'initialpwd' (Unknown
Auxila
ry Class)'.
[06/03/09 15:07:07.423]:jdbctest PT: (if-operation equal "add") =
TRUE.
[06/03/09 15:07:07.423]:jdbctest PT: (if-class-name equal "User")
= TRUE.
[06/03/09 15:07:07.424]:jdbctest PT: (if-password not-available) =
TRUE.
[06/03/09 15:07:07.424]:jdbctest PT: Rule selected.
[06/03/09 15:07:07.424]:jdbctest PT: Applying rule 'On User add, set
initial password to 'initialpwd' (Unknown Auxilary Class)'.
[06/03/09 15:07:07.424]:jdbctest PT: Action:
do-set-dest-password(token-src-attr("Unknown Auxiliary
Class",class-name="User")).
[06/03/09 15:07:07.425]:jdbctest PT:
arg-string(token-src-attr("Unknown Auxiliary Class",class-name="User"))
[06/03/09 15:07:07.425]:jdbctest PT: token-src-attr("Unknown
Auxiliary Class",class-name="User")
[06/03/09 15:07:07.426]:jdbctest PT: Query from policy
[06/03/09 15:07:07.426]:jdbctest PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User"
dest-dn="IDU=466,table=USR,schema=INDIRECT" scope="entry">
<association>IDU=466,table=USR,schema=INDIRECT</association>
<read-attr attr-name="Unknown Auxiliary Class"/>
</query>
</input>
</nds>
[06/03/09 15:07:07.427]:jdbctest PT: Fixing up association
references.
[06/03/09 15:07:07.427]:jdbctest PT: Applying schema mapping
policies to output.
[06/03/09 15:07:07.428]:jdbctest PT: Applying policy:
%+C%14CSchema+Mapping+Rule%-C.
[06/03/09 15:07:07.428]:jdbctest PT: Mapping attr-name
'Unknown Auxiliary Class' to 'initialpwd'.
[06/03/09 15:07:07.428]:jdbctest PT: Mapping class-name
'User' to 'indirect.usr'.
[06/03/09 15:07:07.428]:jdbctest PT: Applying output
transformation policies.
[06/03/09 15:07:07.429]:jdbctest PT: Applying policy:
%+C%14COutput Transformation%-C.
[06/03/09 15:07:07.429]:jdbctest PT: Applying to query
#1.
[06/03/09 15:07:07.429]:jdbctest PT: Evaluating
selection criteria for rule 'User: Reformat fax number as string'.
[06/03/09 15:07:07.430]:jdbctest PT: (if-class-name
equal "indirect.usr") = TRUE.
[06/03/09 15:07:07.430]:jdbctest PT: Rule selected.
[06/03/09 15:07:07.430]:jdbctest PT: Applying rule
'User: Reformat fax number as string'.
[06/03/09 15:07:07.431]:jdbctest PT: Action:
do-reformat-op-attr("faxno",token-xpath("$current-value/component[@name='faxNumber'
]")).
[06/03/09 15:07:07.431]:jdbctest PT: Policy returned:
[06/03/09 15:07:07.431]:jdbctest PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="indirect.usr"
dest-dn="IDU=466,table=USR,schema=INDIRECT" event-id="0" scope="entry">
<association>IDU=466,table=USR,schema=INDIRECT</association>
<read-attr attr-name="initialpwd"/>
</query>
</input>
</nds>
[06/03/09 15:07:07.432]:jdbctest PT: Applying policy:
%+C%14CPassword(Sub)-Pub Email Notifications%-C.
[06/03/09 15:07:07.433]:jdbctest PT: Applying to query
#1.
[06/03/09 15:07:07.433]:jdbctest PT: Evaluating
selection criteria for rule 'Send e-mail for a failed publish password
operation'.
[06/03/09 15:07:07.433]:jdbctest PT:
(if-global-variable 'notify-user-on-password-dist-failure' equal "true")
= FALSE.
[06/03/09 15:07:07.434]:jdbctest PT: Rule rejected.
[06/03/09 15:07:07.434]:jdbctest PT: Policy returned:
[06/03/09 15:07:07.434]:jdbctest PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="indirect.usr"
dest-dn="IDU=466,table=USR,schema=INDIRECT" event-id="0" scope="entry">
<association>IDU=466,table=USR,schema=INDIRECT</association>
<read-attr attr-name="initialpwd"/>
</query>
</input>
</nds>
[06/03/09 15:07:07.436]:jdbctest PT: Querying publisher
shim.
[06/03/09 15:07:07.436]:jdbctest PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="indirect.usr"
dest-dn="IDU=466,table=USR,schema=INDIRECT" event-id="0" scope="entry">
<association>IDU=466,table=USR,schema=INDIRECT</association>
<read-attr attr-name="initialpwd"/>
</query>
</input>
</nds>
[06/03/09 15:07:07.437]:jdbctest PT: SELECT idu, initialpwd
FROM indirect.usr WHERE idu = ?
[06/03/09 15:07:07.438]:jdbctest PT: IN @ index 1,
field 'idu', value = 466
[06/03/09 15:07:07.439]:jdbctest PT: RS field
'initialpwd', length: 12, value = 'password123!'
[06/03/09 15:07:07.439]:jdbctest PT: Publisher shim
returned:
[06/03/09 15:07:07.439]:jdbctest PT:
<nds dtdversion="2.0" ndsversion="8.x" xmlns:jdbc="urn:dirxml:jdbc">
<source>
<product build="20080710_0850" instance="JDBC-test"
version="3.5.2">DirXML Driver for JDBC</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="indirect.usr" event-id="0"
src-dn="IDU=466,table=USR,schema=INDIRECT">
<association
state="associated">IDU=466,table=USR,schema=INDIRE CT</association>
<attr attr-name="initialpwd">
<value type="string">password123!</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>


--
dorao
------------------------------------------------------------------------
dorao's Profile: http://forums.novell.com/member.php?userid=16311
View this thread: http://forums.novell.com/showthread.php?t=374970