For a test environment, I want to setup HCL Connections 6.5 with OpenLDAP. This should be a more lightweight alternative that could be better automated than a full Domino server, which is used in production. I created test users with the following attributes:
{ sn: Max, cn: Muster, uid: max, displayName: "Max Muster", userPassword: "ldap", mail: "[email protected]" }
All have the objectClasses person shadowAccount inetOrgPerson
. After executing collect_dns.sh
, the following DN is present in collect.dns
uid=max,ou=People,dc=cnx,dc=local
When syncing those users with ./populate_from_dn_file.sh
I got a failed record. The log file logs/ibmdi.log
shows
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Eagerly caching bean 'PostgreSQL' to allow for resolving potential circular references
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'PostgreSQL'
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Creating shared instance of singleton bean 'Sybase'
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Creating instance of bean 'Sybase'
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Eagerly caching bean 'Sybase' to allow for resolving potential circular references
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'Sybase'
2020-05-21 09:41:07,704 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] - SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
2020-05-21 09:41:07,704 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - Looking up default SQLErrorCodes for DataSource [org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy@64a644f9]
2020-05-21 09:41:07,705 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Fetching JDBC Connection from DataSource
2020-05-21 09:41:07,705 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Registering transaction synchronization for JDBC Connection
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - Database product name cached for DataSource [org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy@64a644f9]: name is 'DB2/LINUXX8664'
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - SQL error codes for 'DB2/LINUXX8664' found
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator] - Translating SQLException with SQL state '23502', error code '-407', message [
--- The error occurred while applying a parameter map.
--- Check the Profile.createProfile-InlineParameterMap.
--- Check the statement (update failed).
--- Cause: com.ibm.db2.jcc.c.SqlException: DB2 SQL error: SQLCODE: -407, SQLSTATE: 23502, SQLERRMC: TBSPACEID=5, TABLEID=5, COLNO=7]; SQL was [] for task [SqlMapClient operation]
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Returning JDBC Connection to DataSource
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Initiating transaction rollback
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Rolling back JDBC transaction on Connection [org.apache.commons.dbcp.PoolableConnection@a2d822e9]
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Releasing JDBC Connection [org.apache.commons.dbcp.PoolableConnection@a2d822e9] after transaction
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Returning JDBC Connection to DataSource
2020-05-21 09:41:07,707 ERROR [com.ibm.lconn.profiles.api.tdi.connectors.ProfileConnector] - CLFRN1254E: An error occurred while performing findEntry: max.
2020-05-21 09:41:07,708 ERROR [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - !com.ibm.lconn.profiles.api.tdi.service.TDIException: CLFRN1254E: An error occurred while performing findEntry: max.!
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS274I Skipping entry from [addorUpdateDB], CTGDIS393I Throwing this exception to tell the AssemblyLine to skip the current Entry. If used in an EventHandler, this exception tells the EventHandler to skip the remaining actions..
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS075I Trying to exit TaskCallBlock.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS076I Succeeded exiting TaskCallBlock.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS057I Hook after_functioncall not enabled.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - CTGDIS352I Use null Behavior for outputResult.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS504I *Result of attribute mapping*
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS505I The 'conn' object
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS003I *** Start dumping Entry
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - Operation: generic
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - Entry attributes:
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - displayName (replace): 'Max Muster'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $lookup_status (replace): 'success'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - userPassword (replace): (\6c\64\61\70)
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $lookup_operation (replace): 'lookup_user'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - cn (replace): 'Muster'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $_already_lookup_secretary (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - objectClass (replace): 'person' 'shadowAccount' 'inetOrgPerson'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - entryUUID (replace): 'e74f6eec-2f22-103a-960a-770a291c4e47'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $secretary_uid (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - uid (replace): 'max'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $manager_uid (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $_already_lookup_manager (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - syncExisting (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $dn (replace): 'uid=max,ou=People,dc=cnx,dc=local'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - mail (replace): '[email protected]'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - sn (replace): 'Max'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $operation (replace): 'add'
How can I fix this? According to the error message, I really have no idea what the problem is.
What I already tried
This blog post has the same error and indicates that we need to set a field mode
, which caused the error being set to null. To test if this works, I set in this to a custom function by inserting mode={func_mode}
in map_dbrepos_from_source.properties
. Additionally, I added those function in profiles_functions.js
:
function func_mode(fieldname) {
return 'internal';
}
This should handle all users as internal and avoid trouble because of null fields. With the debug logs, I could verify that this value was applied:
2020-05-21 09:41:07,587 DEBUG [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - CLFRN0011I: Mapping result: mode = internal.
The other thing I tried is diabling validation for fields I don't have in my LDAP like guid
or isManager
by commenting their validation functions out in validate_dbrepos_fields.properties
:
#distinguishedName=(x != null) && (x.length() > 0) && (x.length() <= 256)
#guid=(x != null) && (x.length() > 0) && (x.length() <= 256)
#isManager=(x == null) || (x == "Y") || (x == "N")
#surname=(x != null) && (x.length() > 0) && (x.length() <= 128)
Additionally, the mapping to those fields were set to null
to avoid errors by fetching them from an LDAP entry where they doesn't exist
grep "=null" map_dbrepos_from_source.properties
alternateLastname=null
blogUrl=null
bldgId=null
calendarUrl=null
countryCode=null
courtesyTitle=null
deptNumber=null
description=null
employeeNumber=null
employeeTypeCode=null
experience=null
faxNumber=null
freeBusyUrl=null
floor=null
groupwareEmail=null
ipTelephoneNumber=null
jobResp=null
loginId=null
logins=null
managerUid=null
mobileNumber=null
nativeFirstName=null
nativeLastName=null
orgId=null
pagerNumber=null
pagerId=null
pagerServiceProvider=null
pagerType=null
officeName=null
preferredFirstName=null
preferredLanguage=null
preferredLastName=null
profileType=null
secretaryUid=null
shift=null
telephoneNumber=null
tenantKey=null
timezone=null
title=null
workLocationCode=null
isManager=nul
Verify that the DB exists
In the past, I had the same problem and found out that the databases were not created properly. So I checked this:
su - db2inst1
/opt/IBM/db2/V11.1/bin/db2 list db directory | grep "Database name"
Database name = OPNACT
Database name = METRICS
Database name = SNCOMM
Database name = PNS
Database name = WIKIS
Database name = FORUM
Database name = HOMEPAGE
Database name = DOGEAR
Database name = PEOPLEDB
Database name = MOBILE
Database name = FILES
Database name = XCC
Database name = BLOGS
All databases are present. Especially PEOPLEDB
, where TDI places the fetched user profiles from LDAP. Also the tables seems there:
db2 => list tables for schema EMPINST@
Table/View Schema Type Creation time
------------------------------- --------------- ----- --------------------------
CHG_EMP_DRAFT EMPINST T 2020-05-20-22.48.28.416187
COUNTRY EMPINST T 2020-05-20-22.48.26.864072
DEPARTMENT EMPINST T 2020-05-20-22.48.26.635113
EMPLOYEE EMPINST T 2020-05-20-22.48.25.249286
EMP_DRAFT EMPINST T 2020-05-20-22.48.28.079615
EMP_ROLE_MAP EMPINST T 2020-05-20-22.48.29.296064
EMP_TYPE EMPINST T 2020-05-20-22.48.26.973100
EMP_UPDATE_TIMESTAMP EMPINST T 2020-05-20-22.48.29.539973
EVENTLOG EMPINST T 2020-05-20-22.48.28.764942
GIVEN_NAME EMPINST T 2020-05-20-22.48.25.723208
ORGANIZATION EMPINST T 2020-05-20-22.48.26.745316
PEOPLE_TAG EMPINST T 2020-05-20-22.48.26.477954
PHOTO EMPINST T 2020-05-20-22.48.27.097088
PHOTOBKUP EMPINST T 2020-05-20-22.48.27.311065
PHOTO_GUID EMPINST T 2020-05-20-22.48.27.519014
PROFILES_SCHEDULER_LMGR EMPINST T 2020-05-20-22.48.30.229810
PROFILES_SCHEDULER_LMPR EMPINST T 2020-05-20-22.48.30.340702
PROFILES_SCHEDULER_TASK EMPINST T 2020-05-20-22.48.29.873149
PROFILES_SCHEDULER_TREG EMPINST T 2020-05-20-22.48.30.108769
PROFILE_EXTENSIONS EMPINST T 2020-05-20-22.48.26.025818
PROFILE_EXT_DRAFT EMPINST T 2020-05-20-22.48.26.258480
PROFILE_LAST_LOGIN EMPINST T 2020-05-20-22.48.29.430376
PROFILE_LOGIN EMPINST T 2020-05-20-22.48.29.051552
PROFILE_PREFS EMPINST T 2020-05-20-22.48.29.183711
PROF_CONNECTIONS EMPINST T 2020-05-20-22.48.28.490983
PROF_CONSTANTS EMPINST T 2020-05-20-22.48.28.644499
PRONUNCIATION EMPINST T 2020-05-20-22.48.27.726899
SNPROF_SCHEMA EMPINST T 2020-05-20-22.48.25.020502
SURNAME EMPINST T 2020-05-20-22.48.25.875498
TENANT EMPINST T 2020-05-20-22.48.25.084242
USER_PLATFORM_EVENTS EMPINST T 2020-05-20-22.48.29.659806
WORKLOC EMPINST T 2020-05-20-22.48.27.953047
This matches the number of tables from the SQL file
$ grep -i "create table" /opt/cnx-install/cnx/wizard/connections.sql/profiles/db2/createDb.sql | wc -l
32
You asked the question in May so I assume this answer comes much too late. For future reference: "Skipping entry from [addorUpdateDB]" is a scripted message which means that the account did not pass the minimal requirements for a Profile entry. If I remember correctly, there are 4 essential fields without which a profile entry can't be created:
Seeing that you left out a guid, the error is logical. You should have mapped your guid to your entryUUID.