Tuesday, November 13, 2007

LDAP Adapter Gotcha...

The Problem: CTGIMD014I 1 reconciliation entries were not processed for the following accounts: eruid=users.

I had this problem on one of my TIM servers. It was relatively early on in the build process for this environment and I had created a service for an LDAP which I was to be provisioning user accounts. Really straight forward stuff here. But, I kept having these recon warnings. The Reconciliation would complete with the warning noted in the title of this post. The trace.log showed several errors like this one:

*********** ENTRY **********
$dn: DN:eruid=users
erLdapContainerName: dc=mydomain,dc=com
objectclass: OBJ:erLDAPUserAccount
cn: users
eruid: users
erAccountStatus: 1
*********** ENTRY END ******

![CDATA[Unable to create orphaned account]]

![CDATA[Thread 2 Encountered an exception processing eruid=users: CTGIMS001E At least one required attribute is missing.]]

So ITIM was trying to orphan a bunch of accounts and it came across an account called "users". Well the reason for this apparently is because of the fact that I had created a container in my target LDAP called cn=users. I had provisioned my LDAP users into this container. The LDAP Adapter apparently has a problem with the search base being cn=users,dc=mydomain,dc=com.

The Fix:

To fix this I simply re-created the users container as an OU. So I deleted the users from the cn=users container, then deleted the container and re-created it as an OU. I changed the search base on the service and now everything works fine.

I know that typically containers such as cn=something are usually seen more often in AD, but ITDS had no problem letting me create these. Technically for my solution it really makes no difference so it was easy enough to just blow away the containers and re-create them as OU's. Just a little gotcha with the LDAP Adapter I guess. BTW, IBM Tech support caught this very quickly where I just didn't see it. Thanks Melvin!

3 comments:

Anonymous said...

Do You interesting how to [b]Buy Viagra in Canada[/b]? You can find below...
[size=10]>>>[url=http://listita.info/go.php?sid=1][b]Buy Viagra in Canada[/b][/url]<<<[/size]

[URL=http://imgwebsearch.com/30269/link/buy%20viagra/1_valentine3.html][IMG]http://imgwebsearch.com/30269/img0/buy%20viagra/1_valentine3.png[/IMG][/URL]
[URL=http://imgwebsearch.com/30269/link/buy%20viagra/3_headsex1.html][IMG]http://imgwebsearch.com/30269/img0/buy%20viagra/3_headsex1.png[/IMG][/URL]
[b]Bonus Policy[/b]
Order 3 or more products and get free Regular Airmail shipping!
Free Regular Airmail shipping for orders starting with $200.00!

Free insurance (guaranteed reshipment if delivery failed) for orders starting with $300.00!
[b]Description[/b]

Generic Viagra (sildenafil citrate; brand names include: Aphrodil / Edegra / Erasmo / Penegra / Revatio / Supra / Zwagra) is an effective treatment for erectile dysfunction regardless of the cause or duration of the problem or the age of the patient.
Sildenafil Citrate is the active ingredient used to treat erectile dysfunction (impotence) in men. It can help men who have erectile dysfunction get and sustain an erection when they are sexually excited.
Generic Viagra is manufactured in accordance with World Health Organization standards and guidelines (WHO-GMP). Also you can find on our sites.
Generic Viagra is made with thorough reverse engineering for the sildenafil citrate molecule - a totally different process of making sildenafil and its reaction. That is why it takes effect in 15 minutes compared to other drugs which take 30-40 minutes to take effect.
[b][/b]
Even in the most sexually liberated and self-satisfied of nations, many people still yearn to burn more, to feel ready for bedding no matter what the clock says and to desire their partner of 23 years as much as they did when their love was brand new.
The market is saturated with books on how to revive a flagging libido or spice up monotonous sex, and sex therapists say “lack of desire” is one of the most common complaints they hear from patients, particularly women.

Najaiha Khawar said...

Integration of OpenLdap and Tivoli Identity Manager

I am trying to integrate Openldap with Tivoli Identity Manager. I am using the LDAP adaptor for that. I have imported LdapProfile.jar file in Tivoli Identity Manager.

When I try to create a Ldap service on Tivoli Identity Manager console I get the errors; communication errror, no route to host.Test connection fails.

What I am doing is I am using openldap on one virtual machine. and TIM on other virtual machine. In the service creation i am giving the ip address of openldap vm.


Credentials of OpenLDAP:
url: ldap://localhost:389
rootdn= cn=root,o=ibm,dc=com
password= secret

Please help me..Thanks

Calyin Dyol said...

Nice Post Love Reading Its

Tadalis 20

kamagra 100mg

generic Viagra 100mg

silagra