Capturing an IDM -9063 Error



By: bstumpp

January 9, 2008 2:10 pm

Reads: 183

Comments:3

Rating:0

Recently geoffc submitted a very useful hint about the 9063 error. However, I know that most administrators do not watch their trace files as well as they should, and having trace level set to 3 to see the details will slow down the drivers. If you want to be notified when an IDM -9063 error occurs, but you do not have Audit or Sentinel running, you can use email notifications.

The following code snippet placed in the Publisher Channel Input Transformation Policy Set will detect an error -9063 and send an email complete with the failed user object dn. (The snippet is also attached for easy downloading).

<rule>
   <description>Status Error Handling: User Already Associated</description>
   <conditions>
      <and>
	<if-operation op="equal">status</if-operation>
	<if-xpath op="true">./@level='error'</if-xpath>
	<if-xpath op="true">contains(./text(),'-9063')</if-xpath>
      </and>
   </conditions>
   <actions>
      <do-set-local-variable name="lv-dn" scope="policy">
	<arg-string>
	   <token-xpath expression="object-dn"/>
	</arg-string>
      </do-set-local-variable>
      <do-send-email server="mail.company.com" type="text">
	<arg-string name="to">
	   <token-text xml:space="preserve">idmadmin@company.com</token-text>
	</arg-string>
	<arg-string name="subject">
	   <token-text xml:space="preserve">Error 9063 Detected</token-text>
	</arg-string>
	<arg-string name="message">
	   <token-text xml:space="preserve">Error 9063 was detected during a match of user </token-text>
	   <token-local-variable name="lv-dn"/>
	</arg-string>
      </do-send-email>
   </actions>
</rule>

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

3 Comments

  1. By:geoffc

    What is nice about this tip is that if you have a series of errors that come back in this format, you can build some error reporting in.

    Would be nice to put all these in a library and link them into each driver. Rather than reinvent the wheel each time.

    Hmm, great approach! Lots of fun things we could do with this idea!

  2. By:peterhine

    What product is this for ? Mr Novell, some referencing would be nice on the tips you publish.

    p

    • By:geoffc

      Peter, you make a good point. I went and looked back at the original article that bstumpp was referring too, and I see I never actually said it was for Novell Identity Manager (probably would work from IDM 2.x and higher, nothing version specific in it. I THINK it would not work in DirXML 1.1a though).

      bstumpp did reference the original article, and there are a number of hints that might give it away. But your point is valid, it does not come out and say it.

      In the original article I know I was assuming it would be published within the Identity Management section of Cool Solutions, which makes explicitly mentioning it seem redundant. On this new site, it is not so clear which area it is posted under.

      I will watch out for that and be more careful to mention products and versions for new articles. (I could ask the editors to add a comment about the product if you would like).

Comment