IDM NotesDriverShim Stalls When Creating a User. What Could Be The Cause?



By: pnuffer

July 3, 2008 10:27 am

Reads: 200

Comments:0

Rating:0


Question:

eDir and Identity Manager engine are running on a Linux server. The Lotus Domino server is on different Linux server. I have installed the Remote Loader (RL) and the Lotus Notes Driver on the server where Domino is installed. Creating a user seems to make the RL or the NotesDriverShim hang when sending commands to the Domino server. The remote loader trace stops and the last line displayed is:

DirXML: [09/29/05 15:04:01.66]: TRACE: Notes: registerNotesUser – SearchKey = DirXML Notes Driver AddKey =1127999041660.

Below is a portion of the trace before the hang.

DirXML: [09/29/05 15:04:01.58]: TRACE:  <nds dtdversion="2.0" ndsversion="8.x">
        <source>
                <product version="2.0.8.20050127 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <add certify-user="Yes" class-name="Person" create-mail="Yes" dest-dn="CN=fbrin/O=INFO" event-id="linux#20050929210323#1#2" mail-file-inherit-flag="No" qualified-src-dn="O=Bot\OU=Bot-FR\OU=Usr\CN=fbrin" src-dn="\MY-TREE\Bot\Bot-FR\Usr\fbrin" src-entry-id="33196">
                        <add-attr attr-name="LastName">
                                <value timestamp="1127568811#3" type="string">Brin</value>
                        </add-attr>
                        <add-attr attr-name="OfficePhoneNumber">
                                <value timestamp="1128030102#7" type="teleNumber">1234567890</value>
                        </add-attr>
                        <add-attr attr-name="FirstName">
                                <value timestamp="1127568950#1" type="string">Fred</value>
                        </add-attr>
                        <add-attr attr-name="InternetAddress">
                                <value timestamp="1127569949#1" type="string">Fred.Brin@mycompany.com</value>
                        </add-attr>
                </add>
        </input>
</nds>
DirXML: [09/29/05 15:04:01.58]: TRACE:  Notes: NotesSubscriptionShim: Connected to CN=Test/O=INFO
DirXML: [09/29/05 15:04:01.58]: TRACE:  Notes: NotesSubscriptionShim: Connected as CN=_admin/O=INFO
DirXML: [09/29/05 15:04:01.58]: TRACE:  Notes: NotesSubscriptionShim: Reading from names.nsf
DirXML: [09/29/05 15:04:01.58]: TRACE:  Notes: NotesSubscriptionShim:  Input Document contains 1 DirXML commands
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - Certifier ID File: /local/notesdata/cert.id
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - is North American: false
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - Creating Mail File:false
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - Storing UserID File in Address Book: false
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - Updating Notes Address Book (names.nsf)true
DirXML: [09/29/05 15:04:01.60]: TRACE:  Notes: registerNotesUser - Log File: certlog.nsf
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - Server Name: CN=Test/O=INFO
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - OU:
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - LastName: Brin
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - FirstName: Fred
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - MiddleInitial: null
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - ShortName: null
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - Use Certificate Authority: false
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - Cert ID File: /local/notesdata/cert.id
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - Certifier Pwd: <!-- content suppressed -->
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - ID File: /local/notesdata/ids/people/FredBrin.id
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - ID File Expiration Interval 2 years
DirXML: [09/29/05 15:04:01.61]: TRACE:  Notes: registerNotesUser - ID File Expiration Date: 29/09/2007 03:04:01 PM CEDT
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - ID Type (int): 173
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Minimum Password Length: null(5)
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Sync Internet Password: false
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Location: null
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Forwarding e-mail address: null
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Policy Name: null
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - Enforce Unique Short Name: false
DirXML: [09/29/05 15:04:01.62]: TRACE:  Notes: registerNotesUser - DO NOT create ID File: false
DirXML: [09/29/05 15:04:01.65]: TRACE:  Notes: registerNotesUser - Create Roaming User: false
DirXML: [09/29/05 15:04:01.65]: TRACE:  Notes: registerNotesUser - AltFullName: null
DirXML: [09/29/05 15:04:01.65]: TRACE:  Notes: registerNotesUser - AltFullNameLanguage: null
DirXML: [09/29/05 15:04:01.65]: TRACE:  Notes: registerNotesUser - AltOrgUnit: null
DirXML: [09/29/05 15:04:01.65]: TRACE:  Notes: registerNotesUser - AltOrgUnitLanguage: null
DirXML: [09/29/05 15:04:01.66]: TRACE:  Notes: registerNotesUser - SearchKey = DirXML Notes Driver AddKey = 1127999041660

Answer:

It appears that the NotesDriverShim is hanging during the user registration process. Hopefully answering these questions can lead to a solution.

  1. Is a resultant FredBrin.id file created in the /local/notesdata/ids/people/ directory?
  2. If one is created, can it be used to successfully authenticate as Fred Brin?
  3. Does the Notes Driver User have appropriate administrative rights (Manager level ACL) to the certlog.nsf file?
  4. Can you register a user manually; from the Domino Administrator client [authenticated as the same Notes Driver user (/local/notesdata/_admin.id)] using the same Notes cert.id and password that the NotesDriverShim is using? If so, this is an indication that the Notes User has adequate rights to create a user with the designated cert.id.

Now that you know the password for cert.id file works, verify the password for the cert.id file is correctly configured for the driver (i.e. reset the password if using named passwords).

Instances have been seen where a corrupt cert.id can cause the Domino server to hang during the user registration/certification process. Have you tried to utilize a different cert.id file (one that you have validated its usage manually via the Domino Administrator client)?

One possibility may be, if the cert.id password is missing or incorrect, the Lotus Notes Java API [called by NotesDriverShim via the Remote Loader running as a background process (daemon)] could be prompting for a password, and waiting for the user to enter it before proceeding. This hangs the remote loader’s operation. The Remote Loader does not have an active interface (terminal window) for the user to enter the password…so there is nothing you can do except kill the RL process and try again. In this same situation, if the user were running the pure java remote loader via a terminal window, the admin/user would probably see a cursor prompt waiting for them to type in a password before proceeding. If the user enters the correct password, all would probably work fine…until the next user registration occurred in the NotesDriverShim.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment