Resource to Entitlement mapping- codemap refresh issue

  • 7022314
  • 13-Nov-2017
  • 13-Nov-2017

Environment

Identity Manager 4.5
Identity Manager 4.6
Identity Manager Roles Based Provisioning Module

Situation

  1. A new driver is created.
  2. A new resource is created in either a new driver or an existing driver..
  3. After running code map refresh, the new resource cannot be found in IDMProv.

Resolution

Modify the entitlement-configuration for the driver, adding any missing parameters:

<entitlement data-collection="false" dn="CN=ExchangeMailbox,CN=AD Driver for Groups,CN=DriverSet,O=system" parameter-format="idm4" resource-mapping="true" role-mapping="true">

Cause

Using an Active Director driver in this example, by looking at the entitlement-configuration found for the exported driver, the missing parameter values are evident:

<entitlement data-collection="false" dn="CN=ExchangeMailbox,CN=AD Driver for Groups,CN=DriverSet,O=system" parameter-format="" resource-mapping="" role-mapping="">

<entitlement data-collection="false" dn="CN=Group,CN=AD Driver for Groups,CN=DriverSet,O=system" parameter-format="" resource-mapping="" role-mapping="">

<entitlement data-collection="false" dn="CN=UserAccount,CN=AD Driver for Groups,CN=DriverSet,O=system" parameter-format="" resource-mapping="" role-mapping="">


These missing values will cause the error in the catalina.out. For example, using this same Active Directory driver, the catalina.out yields the following:


2017-11-03 15:55:21,373 [http-bio-8443-exec-340] ERROR com.novell.idm.nrf.persist.DirXMLDriverDAO- [RBPM] Error occurred parsing the entitlement configuration XML: cn=EntitlementConfiguration,cn=AD Driver for Groups,cn=DriverSet,o=system

java.lang.StringIndexOutOfBoundsException: String index out of range: 0

Additional Information

While this may not resolve every scenario, this workaround can address a percentage of instances.