I needed to get driver errors emailed to allow speedy troubleshooting. I found the rule by Jeff Johnson but it didn’t quite do what we wanted.

I have modified it to produce an output like the one reproduced below;

<i>alert level - "error"  has occurred on object "<---Object DN--->"
at time: 02.05.08,11:26:12
Error information;
event-id  <-event id from the trace---->
Event message "<--event message from the trace-->"
on the "<--Publisher or subscriber as appropriate-->" channel.</i>

I put the rule in a library in each tree and linked it to the input transform of each driver that I wanted to monitor. This way it catches the status errors coming back. Two gcv’s are refernced in this rule, one for email server and one for email destination.

To really get to the bottom of errors speedily it helps to have the original transaction in the email, especially with AD drivers which give a poor response. To achieve this do the following;

create a rule using the code here and set it as the last rule on your output transform

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\Program Files\Novell\Designer\eclipse\plugins\com.novell.idm.policybuilder_3.0.1.200811201116\DTD\dirxmlscript3.5.1.dtd"><policy>
	<description>To allow accurate error reporting it is necessary to add the whole transaction XML document to the operation property. This is then kept by the driver and added back to the  returned status document. this allows the error emails to contain the full transaction.
This rule needs to be applied to the output transform of the channel.
		<description>set operation property</description>
		<comment xml:space="preserve">set operation property</comment>
		<comment name="author" xml:space="preserve">M Lamont with a bit of help from Jim goodall and Father Ramon</comment>
		<comment name="version" xml:space="preserve">1.0</comment>
		<comment name="lastchanged" xml:space="preserve">2 Feb 09</comment>
			<do-set-op-property name="Document-Data-Sent">
						<token-xpath expression="."/>

This attaches the transaction to the event when the result returns.

Then use this code to generate the email, this needs to be on the input transform;

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\Program Files\Novell\Designer\eclipse\plugins\com.novell.idm.policybuilder_3.0.1.200811201116\DTD\dirxmlscript3.5.1.dtd"><policy>
		<description>Email on non success status</description>
		<comment xml:space="preserve">If the status level does not equal SUCCESS, send an email alert to IDMAdmin team.</comment>
		<comment name="author" xml:space="preserve">Jeff Johnson and Mark Lamont</comment>
		<comment name="version" xml:space="preserve">1.1</comment>
		<comment name="lastchanged" xml:space="preserve">01-05-08</comment>
				<if-operation op="equal">status</if-operation>
				<if-xpath op="true">@level!='success'</if-xpath>
						<if-xpath op="true"> text()="Code(-8017) Operation vetoed by object creation policy."</if-xpath>
			<do-send-email server="~gcvEMailServer~" type="text">
				<arg-string name="from">
					<token-text xml:space="preserve">noreply@xxxxxx</token-text>
				<arg-string name="to">
					<token-global-variable name="gcvEMailDest"/>
				<arg-string name="subject">
					<token-text xml:space="preserve">IDM ALERT  - Error on </token-text>
					<token-global-variable name="ConnectedSystemName"/>
				<arg-string name="message">
					<token-text xml:space="preserve">alert level - "</token-text>
					<token-xpath expression="@level"/>
					<token-text xml:space="preserve">"  has occurred on object "</token-text>
					<token-xpath expression="object-dn"/>
					<token-text xml:space="preserve">"
at time: </token-text>
					<token-time format="dd.MM.yy,HH:mm:ss" lang="en-GB"/>
					<token-text xml:space="preserve">
Error information; 
					<token-text xml:space="preserve">event-id  </token-text>
					<token-xpath expression="@event-id"/>
					<token-text xml:space="preserve">
Event message "</token-text>
					<token-xpath expression="text()"/>
					<token-text xml:space="preserve">"
on the </token-text>
					<token-xpath expression="component"/>
					<token-text xml:space="preserve"> channel.</token-text>
					<token-text xml:space="preserve">

Original transaction document

					<token-xpath expression="self::status/operation-data/@*"/>

note we ignore event vetoed by transaction policy events The last part of the email code (self::status/operation-data/@*”/) writes the previously set operation-data into the email.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

May 2, 2008
5:04 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow