Discussion:
Error in IBM ISIM for a AD connector: CTGIMU107W The connection to the specified service cannot be established. Verify the service information, and try again.
(too old to reply)
n***@gmail.com
2018-06-27 14:11:03 UTC
Permalink
We have created our own Web service using eclipse which is running on tomcat.
-The connector we developed in ADT having the following operations
1)ping/test
2)Add user
3)Delete user
4)Modify user

-We have imported this connector into IBM ISIM.

-While creating the AD service-type we gave TDI location with RMI Dispatcher as below:
rmi://hostname:1099/ITDIDispatcher.

-When we create a service for this and click Test Connection we are getting the below error but it is hitting the web service URL provided in Connector.

1) ISIM Error message


CTGIMU107W
The connection to the specified service cannot be established. Verify the service information, and try again.

CTGIMO017E
The following directory server schema violation occurred. Error: [LDAP: error code 65 - Object Class Violation]


2) In CallReply Successful Hook of "Test connection operation", we are using the below code still we getting error.


var c=work.getString("http.responseCode");
if ( c=="200")
{
work.setProperty(Packages.com.ibm.di.dispatcher.Defs.STATUSCODE, new Packages.java.lang.Integer(Packages.com.ibm.itim.remoteservices.provider.Status.SUCCESSFUL));
}

else
{
work.setProperty(Packages.com.ibm.di.dispatcher.Defs.STATUSCODE, new Packages.java.lang.Integer(Packages.com.ibm.itim.remoteservices.provider.Status.UNSUCCESSFUL));
}


3) Eclipse output where our rest service is running.

RESTful Service 'for AD connection' is running fine ==> ping

Please suggest where i am going wrong.
yn2000
2018-06-27 15:36:22 UTC
Permalink
The error message that is outlier is the [LDAP: error code 65 - Object Class Violation], because it is rarely happen on a Test Connection operation, considering how minimal data/attribute involved in this operation. So, merely based on the provided information, this is more likely ISIM issue, rather than SDI issue; And based on the error message, the issue is more like happen in the schema.dsml definition. Also, for this type of error, I used to look at the ibmslapd.log to find more clue, provided that you are using TDS/SDS back-end.
Rgds. YN.
n***@gmail.com
2018-06-27 18:29:14 UTC
Permalink
Post by yn2000
The error message that is outlier is the [LDAP: error code 65 - Object Class Violation], because it is rarely happen on a Test Connection operation, considering how minimal data/attribute involved in this operation. So, merely based on the provided information, this is more likely ISIM issue, rather than SDI issue; And based on the error message, the issue is more like happen in the schema.dsml definition. Also, for this type of error, I used to look at the ibmslapd.log to find more clue, provided that you are using TDS/SDS back-end.
Rgds. YN.
Thank you YN for your suggestion.

Below are the log details in ibmslapd.log. can you please look into below log details and suggest. I am not able to resolve it.

----------------------------------------------------------------------------
Jun 27 20:44:48 2018 GLPCOM009E The attribute erAdapterTdiVersion is not allowed for entry erglobalid=4742021955399823221,ou=services,erglobalid=00000000000000000000,ou=org,dc=com.
Jun 27 20:44:48 2018 GLPCOM009E The attribute erAdapterDispatcherVersion is not allowed for entry erglobalid=4742021955399823221,ou=services,erglobalid=00000000000000000000,ou=org,dc=com.
Jun 27 20:44:48 2018 GLPCOM009E The attribute erAdapterLastStatusTime is not allowed for entry erglobalid=4742021955399823221,ou=services,erglobalid=00000000000000000000,ou=org,dc=com.
Jun 27 20:44:48 2018 GLPRDB054E Entry erglobalid=4742021955399823221,ou=services,erglobalid=00000000000000000000,ou=org,dc=com violates the schema definition.
Jun 27 20:48:27 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 336 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 20:48:28 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 344 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:06:42 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:29:53 2018 GLPSRV202I During the last hour 0 updates were received from suppliers and 174 updates were received from other clients.
Jun 27 21:29:53 2018 GLPSRV212I The LDAP trace utility 'ldtrc' is disabled.
Jun 27 21:29:53 2018 GLPSRV214I The LDAP Server is not recording binary trace.
Jun 27 21:29:53 2018 GLPSRV216I The LDAP Server is not recording ascii trace.
Jun 27 21:47:49 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 351 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 21:47:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 22:15:02 2018 GLPRDB091W Attribute erproperties is not indexed but is used in searches 10 times.
Jun 27 22:21:51 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:21:51 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:21:51 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:29:29 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:29:29 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:29:29 2018 GLPRDB001E Error code -1 from function:" SQLExecDirect " DROP INDEX DB2ADMIN.RERADAPTERPLATFORM .
Jun 27 22:30:23 2018 GLPSRV202I During the last hour 0 updates were received from suppliers and 10 updates were received from other clients.
Jun 27 22:30:23 2018 GLPSRV212I The LDAP trace utility 'ldtrc' is disabled.
Jun 27 22:30:23 2018 GLPSRV214I The LDAP Server is not recording binary trace.
Jun 27 22:30:23 2018 GLPSRV216I The LDAP Server is not recording ascii trace.
Jun 27 22:43:41 2018 GLPRDB091W Attribute eruid is not indexed but is used in searches 10 times.
Jun 27 22:43:49 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 358 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 22:43:49 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 22:53:27 2018 GLPRDB091W Attribute eroperationnames is not indexed but is used in searches 10 times.
Jun 27 22:57:19 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 372 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 22:57:19 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 23:22:06 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 394 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 23:22:06 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 23:25:37 2018 GLPSRV041I Server starting.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libevent.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libldaprepl.dll.
Jun 27 23:25:38 2018 GLPSRV155I The DIGEST-MD5 SASL Bind mechanism is enabled in the configuration file.
Jun 27 23:25:38 2018 GLPCOM021I The preoperation plugin is successfully loaded from libDigest.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libevent.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.dll.
Jun 27 23:25:38 2018 GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:38 2018 GLPCOM025I The audit plugin is successfully loaded from C:/IBM/LDAP/V6.3/lib64/libldapaudit.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libevent.dll.
Jun 27 23:25:38 2018 GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:38 2018 GLPCOM022I The database plugin is successfully loaded from C:/IBM/LDAP/V6.3/lib64/libback-config.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libevent.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.dll.
Jun 27 23:25:38 2018 GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:38 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.dll.
Jun 27 23:25:39 2018 GLPCOM022I The database plugin is successfully loaded from C:/IBM/LDAP/V6.3/lib64/libback-rdbm.dll.
Jun 27 23:25:39 2018 GLPCOM010I Replication plugin is successfully loaded from C:/IBM/LDAP/V6.3/lib64/libldaprepl.dll.
Jun 27 23:25:39 2018 GLPSRV189I Virtual list view support is enabled.
Jun 27 23:25:39 2018 GLPCOM021I The preoperation plugin is successfully loaded from libpta.dll.
Jun 27 23:25:39 2018 GLPSRV194I The Record Deleted Entries feature is disabled. Deleted entries are immediately removed from the database.
Jun 27 23:25:39 2018 GLPSRV207I Group conflict resolution during replication is disabled.
Jun 27 23:25:39 2018 GLPSRV200I Initializing primary database and its connections.
Jun 27 23:25:46 2018 GLPRDB126I The directory server will not use DB2 selectivity.
Jun 27 23:25:46 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libloga.dll.
Jun 27 23:25:46 2018 GLPCOM024I The extended Operation plugin is successfully loaded from libidsfget.dll.
Jun 27 23:25:46 2018 GLPSRV180I Pass-through authentication is disabled.
Jun 27 23:25:46 2018 GLPCOM003I Non-SSL port initialized to 389.
Jun 27 23:25:48 2018 GLPRPL137I Restricted Access to the replication topology is set to false.
Jun 27 23:25:49 2018 GLPSRV009I 6.3.0.0 server started.
Jun 27 23:25:49 2018 GLPRPL136I Replication conflict resolution mode is set to true.
Jun 27 23:25:49 2018 GLPSRV048I Started 15 worker threads to handle client requests.
Jun 27 23:25:49 2018 GLPSRV049I Started 10 handler threads to service established client connections.
Jun 27 23:25:51 2018 GLPSRV212I The LDAP trace utility 'ldtrc' is disabled.
Jun 27 23:25:51 2018 GLPSRV214I The LDAP Server is not recording binary trace.
Jun 27 23:25:51 2018 GLPSRV216I The LDAP Server is not recording ascii trace.
Jun 27 23:27:43 2018 GLPSRV203W The server has temporarily suspended reading client requests from the network. There are 0 of 15 worker threads attempting to write results.
Jun 27 23:27:43 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 23:39:35 2018 GLPSRV204W The server has temporarily suspended reading client requests from the network 33 times. There are 0 of 15 worker threads attempting to write results.
Jun 27 23:39:35 2018 GLPSRV205I The server has resumed reading client requests from the network.
Jun 27 23:41:10 2018 GLPRDB091W Attribute erproperties is not indexed but is used in searches 10 times.
yn2000
2018-06-27 19:48:47 UTC
Permalink
I see this type of error before.
The issue is that you are using ADT designed for ITIM v5.1 (I believe this is the only available version) and you are deploying it against the latest RMI dispatcher designed for ISIM v6 FP something. So, in your system, there are many missing attributes that are returned by the RMI dispatcher, but the adapter is not ready to accept it.

There are many ways to solve, but at the end, please make sure, these attributes are to be part of the service profile of your adapter:

erAdapterAccount
erAdapterAdkVersion
erAdapterConnectorVersion
erAdapterDispatcherVersion
erAdapterInstanceName
erAdapterLastStatusTime
erAdapterMemory
erAdapterPlatform
erAdapterProfileVersion
erAdapterResourceStatus
erAdapterResourceStatusMsg
erAdapterResourceVersion
erAdapterTdiVersion
erAdapterUpTime
erAdapterVersion
erAdapterWsdlVersion
erAdapterWsVersion

Rgds. YN.
Franzw
2018-06-28 06:26:56 UTC
Permalink
Post by yn2000
I see this type of error before.
The issue is that you are using ADT designed for ITIM v5.1 (I believe this is the only available version) and you are deploying it against the latest RMI dispatcher designed for ISIM v6 FP something. So, in your system, there are many missing attributes that are returned by the RMI dispatcher, but the adapter is not ready to accept it.
erAdapterAccount
erAdapterAdkVersion
erAdapterConnectorVersion
erAdapterDispatcherVersion
erAdapterInstanceName
erAdapterLastStatusTime
erAdapterMemory
erAdapterPlatform
erAdapterProfileVersion
erAdapterResourceStatus
erAdapterResourceStatusMsg
erAdapterResourceVersion
erAdapterTdiVersion
erAdapterUpTime
erAdapterVersion
erAdapterWsdlVersion
erAdapterWsVersion
Rgds. YN.
Beside that you should consider patching your TDS server - it is a very bad idea to leave it at original build level 6.3.0.0. If you have implemented a reasonable zoning so that the ldap is not reachable from any other server you may not be vulnerable - but that I doubt.

And then you should index you attributes (see the tuning guide in general) - message GLPRDB091W is something you should always act on in the ibmslapd.log.

Also - following up on YN's advice - remember that ADT is a one way thing - once you leave the ADT and start doing things in TDI directly do not expect the ADT to be able to work any more - re-importing your profile will almost for sure result in strange and subtle errors...

My recommendation is to use the ADT to provide the skeleton - from there I would do all my work in TDI and never look back :-)

HTH
Regards
Franz Wolfhagen

Loading...