none
OpenLDAP MA Not "percolating" export errors (LDAP error 21) to Console? RRS feed

  • Question

  • Hi,

    It's been quite awhile since I've worked with FIM/ILM, but I was asked to provide some support recently...

    We are using the OpenLDAP MA to connect to an Oracle OUD instance, and we happen to have validation enabled on some of the attributes in the OUD, where the validation checks for the attribute value and if it is not among a list of valid values, the OUD gives and "LDAP Error 21".

    We noticed that when we are running an Export, the FIM/ILM console is not showing any errors in this case.

    Shouldn't the MA be somehow causing an error to be appearing in the console? Or, is there a way to configure the OpenLDAP MA to do that?

    Also, does that MA do any logging of its activities, and if so, where should the log file be?

    Thanks,

    Jim

    Wednesday, June 12, 2019 5:30 PM

All replies

  • Hi,

    I forgot to mention that we *think*, but are not sure, that there is an error and some warnings in the Event viewer appearing.  The reason that we aren't sure is that the error and warning don't mention which attribute it is getting an error on.

    Either way, ideally, we feel like, operationally, the validation errors should have also appeared in the console?

    Thanks,

    Jim

    Wednesday, June 12, 2019 6:01 PM
  • Hi Jim-

    Is this the open source OpenLDAP MA? That hasn't been updated in a very, very long time. There's a Generic LDAP MA that Microsoft has now which you might want to look at transitioning to. 


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Sunday, June 16, 2019 2:41 PM
    Moderator
  • Hi,

    I *think* that it may be the old one (the openLDAP MA).

    Does the new MS one also use a text file on the filesystem like the openLDAP MA used to?  I am asking because the connector that we are using does use a text file on the filesystem for the data.

    Jim

    EDIT: They checked and the DLL is openLDAPXMA.dll.  I am assuming that is the old openldap MA and NOT the Microsoft one?

    Also, if we are still using the old openLDAP XMA, how different is the new one that you mentioned?

    EDIT 2: I am looking at the FIM I just stood up and I don't see a new Generic LDAP MA?  Is there something additiona/special that I need to do to make that available in FIM, like a separate download or something?

    • Edited by jimcpl Monday, June 17, 2019 5:43 PM
    Monday, June 17, 2019 5:21 PM
  • Yes that's the old open source project from a (very) long time ago. The Generic LDAP MA is here - https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-genericldap. Architecturally it uses an entirely different set of APIs to interact with FIM/MIM and it's being actively maintained. 

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Monday, June 17, 2019 6:13 PM
    Moderator