Issue: While implementing the Resource Weightage feature in Identity Applications, if the schema for resource weightage attribute is not synchronized across all servers, you may observe the following error in the DSTrace (where User Application driver and Role and Resource Service driver logs are generated):
com.sssw.b2b.rt.GNVException: rt007005:Error encountered executing WSDL Action
The following error message is displayed in the catalina.out log file:
ERROR [com.netiq.idm.cis.PermIndex] (RBPM pool-1-permindex executor-ND-thread-1) [RBPM] Unrecoverable error during creation of Permission Index org.apache.solr.common.SolrException: No such core: iw
This issue applies to Identity Manager 4.8.1 or later.
Workaround: To resolve these errors, perform the following actions:
Extend the Identity Vault schema:
Linux:
Log in to the server where you need to extend the Identity Vault schema.
Navigate to /opt/novell/eDirectory/bin directory.
Run the following command:
./idm-install-schema
Windows:
Log in to the server where you need to extend the Identity Vault schema.
Create a new file in your preferred directory.
For example, create nrf-extensions.sch file in the C:\Temp directory.
Open the nrf-extensions.sch file and add the following content:
--
-- The nrfResourceWeightage attribute contained by nrfResource object class specifies the weightage of
-- resource object which is used for assignment/revocation based on priority
--
NDSSchemaExtensions DEFINITIONS ::=
BEGIN
"nrfResourceWeightage" ATTRIBUTE ::=
{
Operation ADD,
Flags {DS_SYNC_IMMEDIATE, DS_SINGLE_VALUED_ATTR},
SyntaxID SYN_INTEGER,
ASN1ObjID {2 16 840 1 113719 1 33 4 174}
}
"nrfResource" OBJECT-CLASS ::=
{
Operation MODIFY,
MayContain {"nrfResourceWeightage"}
}
ENDNavigate to the C:\NetIQ\eDirectory\ directory.
Run the following command to extend the schema:
ice -l <schema_update_log> -C -a -S SCH -f <file that you created in step 2> -D LDAP -s <eDirectory DNS name/IP> -p <LDAP port> -d <eDirectory_admin_dn> -w <eDirectory_admin_password>
where,
-C -a updates the destination schema.
-f indicates the schema file (sch).
-p indicates the port number of the LDAP server. The default port is 389. For secure communication, use port 636. Secure communication needs an SSL Certificate.
-L indicates a file in DER format containing a server key used for SSL authentication.
-s indicates the DNS name or IP address of the LDAP server.
For example,
ice -l schemaupdate.log -C -a -S SCH -f C:\Temp\nrf-extensions.sch -D LDAP -s idmorg.com -p 636 -d cn=admin,ou=idm,o=microfocus -w password -L cert.der
Update the User Application driver package to 4.8.1.xxxx version, where xxxxx indicates the time stamp when the driver package was created.
Update the Role and Resource Service driver to 4.8.1 version. For more information, see NetIQ Identity Manager Role and Resource Service Driver 4.8.1 Readme.
Restart the Identity Vault.
Perform the following steps to delete the existing permindex folder in the temporary directory:
Stop the Tomcat service.
Navigate to the existing permindex folder in the temporary directory.
For example, /opt/netiq/idm/apps/tomcat/temp/permindex
Delete the existing permindex folder.
Start the Tomcat service.