Recently geoffc submitted a very useful hint about the 9063 error. However, I know that most administrators do not watch their trace files as well as they should, and having trace level set to 3 to see the details will slow down the drivers. If you want to be notified when an IDM -9063 error occurs, but you do not have Audit or Sentinel running, you can use email notifications.

The following code snippet placed in the Publisher Channel Input Transformation Policy Set will detect an error -9063 and send an email complete with the failed user object dn. (The snippet is also attached for easy downloading).

   <description>Status Error Handling: User Already Associated</description>
	<if-operation op="equal">status</if-operation>
	<if-xpath op="true">./@level='error'</if-xpath>
	<if-xpath op="true">contains(./text(),'-9063')</if-xpath>
      <do-set-local-variable name="lv-dn" scope="policy">
	   <token-xpath expression="object-dn"/>
      <do-send-email server="" type="text">
	<arg-string name="to">
	   <token-text xml:space="preserve"></token-text>
	<arg-string name="subject">
	   <token-text xml:space="preserve">Error 9063 Detected</token-text>
	<arg-string name="message">
	   <token-text xml:space="preserve">Error 9063 was detected during a match of user </token-text>
	   <token-local-variable name="lv-dn"/>

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • geoffc says:

    What is nice about this tip is that if you have a series of errors that come back in this format, you can build some error reporting in.

    Would be nice to put all these in a library and link them into each driver. Rather than reinvent the wheel each time.

    Hmm, great approach! Lots of fun things we could do with this idea!

  • peterhine says:

    What product is this for ? Mr Novell, some referencing would be nice on the tips you publish.


    • geoffc says:

      Peter, you make a good point. I went and looked back at the original article that bstumpp was referring too, and I see I never actually said it was for Novell Identity Manager (probably would work from IDM 2.x and higher, nothing version specific in it. I THINK it would not work in DirXML 1.1a though).

      bstumpp did reference the original article, and there are a number of hints that might give it away. But your point is valid, it does not come out and say it.

      In the original article I know I was assuming it would be published within the Identity Management section of Cool Solutions, which makes explicitly mentioning it seem redundant. On this new site, it is not so clear which area it is posted under.

      I will watch out for that and be more careful to mention products and versions for new articles. (I could ask the editors to add a comment about the product if you would like).

By: bstumpp
Jan 9, 2008
2:10 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow