4 Testing and Troubleshooting

After you deploy the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:

Running Test Cases
Troubleshooting

4.1 Running Test Cases

You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.

To use the testing utility:

Copy the contents of the test directory on the installation media, to the OIM_HOME/xellerate/eDir/test/troubleshoot directory.

Specify the required values in the global.properties file.

This file is in the OIM_HOME/xellerate/eDir/test/troubleshoot directory. The following table describes the sections of this file in which you must provide information for running the tests.

Section	Information
Novell eDirectory Server Parameters	Parameters required to connect to Novell eDirectory Refer to the "Configuring the IT Resource" section for information about the values that you must provide.
Create User Parameters	Values required to create a user on the target system
Modify User Parameters	Values required to modify a user
Delete User Parameters	DN of the user to be deleted

Add the following to the CLASSPATH environment variable:

OIM_HOME/xellerate/lib/xlLogger.jar
OIM_HOME/xellerate/lib/xlUtils.jar
OIM_HOME/xellerate/JavaTasks/eDirProv.jar
OIM_HOME/xellerate/ScheduleTask/eDirRecon.jar
OIM_HOME/xellerate/ThirdParty/ldapbp.jar
OIM_HOME/xellerate/ext/log4j-1.2.9.jar

By default, log messages that are generated when you run the testing utility are displayed on the console. If you also want these messages to be recorded in a log file, then:
1. Open the following file in a text editor:
  
  OIM_HOME/xellerate/eDir/test/troubleshoot/log.properties
2. Search for the following lines, and then uncomment them by removing the number sign (#) at the start of each line:
```
#log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender
#log4j.appender.logfile.DatePattern='.'yyyy-MM-dd
#log4j.appender.logfile.File=D:/elogfile/edirectory.log
#log4j.appender.logfile.MaxBackupIndex=20
#log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
#log4j.appender.logfile.layout.ConversionPattern=%p %t %c - %m%n
```
3. If required, specify a new date pattern in the following line:
```
log4j.appender.logfile.DatePattern='.'yyyy-MM-dd
```
4. In the following line, specify the directory in which you want the log file to be generated:
```
log4j.appender.logfile.File=D:/elogfile/edirectory.log
```
Create an ASCII-format copy of the global.properties file as follows:

Note:
You must perform this procedure every time you make a change in the contents of the global.properties file.
1. In a command window, change to the following directory:
```
OIM_HOME/xellerate/eDir/test/troubleshoot
```
2. Enter the following command:
```
native2ascii global.properties troubleshoot.properties
```
  The troubleshoot.properties file is created when you run the native2ascii command. The contents of this file are an ASCII-format copy of the contents of the global.properties file.

Run the following tests:

Enter the following command to create a Novell eDirectory user:

java  -DpropertyFile=OIM_HOME/xellerate/eDir/test/troubleshoot/troubleshoot.properties -Dlog4j.configuration=file:/OIM_HOME/xellerate/eDir/test/troubleshoot/log.properties TroubleShootingUtilityLdap createUser

Enter the following command to modify a Novell eDirectory user:

java  -DpropertyFile=OIM_HOME/xellerate/eDir/test/troubleshoot/troubleshoot.properties -Dlog4j.configuration=file:/OIM_HOME/xellerate/eDir/test/troubleshoot/log.properties TroubleShootingUtilityLdap modifyUser

Enter the following command to delete a Novell eDirectory user:

java  -DpropertyFile=OIM_HOME/xellerate/eDir/test/troubleshoot/troubleshoot.properties -Dlog4j.configuration=file:/OIM_HOME/xellerate/eDir/test/troubleshoot/log.properties TroubleShootingUtilityLdap deleteUser

4.1.1 Testing Partial Reconciliation

To test partial reconciliation, you can specify the following types of query conditions as values for the CustomizedReconQuery IT resource parameter:

Value assigned to the CustomizedReconQuery parameter:

group=group1

Outcome: Records of users belonging to group1 are reconciled.
Value assigned to the CustomizedReconQuery parameter:

sn=Doe&group=group1

Outcome: Records of users with last name Doe and belonging to group1 are reconciled.
Query consisting of roles and basic attributes
- Value assigned to the CustomizedReconQuery parameter: sn=Doe&role=role1
  
  Outcome: Users with last name Doe and who belong to role1 are reconciled.
- Value assigned to the CustomizedReconQuery parameter: sn=Doe&role=role1,role2
  
  Outcome: Users with last name Doe and who belong to both the roles role1 and role2 are reconciled.
Value assigned to the CustomizedReconQuery parameter:

sn=Doe&group=group1&role=role1

Outcome: Records of users with last name Doe and who belong to group1 as well as role1 are reconciled.

4.1.2 Testing Batched Reconciliation

You can test reconciliation based on batching and data paging of user records by specifying values for the following user reconciliation scheduled task attributes:

If you set the value of StartRecord to 1, BatchSize to 0, and NumberOfBatches to All Available, then all the users are reconciled.
If you set the value of StartRecord to 1, BatchSize to 5, and NumberOfBatches to 50, then the user records starting from record 1 are reconciled in 50 batches, with 5 records in each batch.
If you set the value of StartRecord to 200, BatchSize to 5, and NumberOfBatches to 50, then the users starting from record 200 are reconciled in 50 batches, with 5 records in each batch.

The results of batching are displayed in the logger file, which is located in the following path:

JBOSS_HOME/server/default/log/server.log

In this file, you can view the batch numbers, the user ids of the users that are reconciled, and whether the reconciliation is successful or not.

4.2 Troubleshooting

This section provides instructions for identifying and resolving some commonly encountered errors of the following types:

Connection Errors
Create User Errors
Modify User Errors
Delete User Errors

4.2.1 Connection Errors

The following table provides solutions to some commonly encountered connection errors.

Problem Description Solution

Problem Description	Solution
Oracle Identity Manager cannot establish a connection to Novell eDirectory. Returned Error Message: Error encountered while connecting to target server Returned Error Code: `INVALID_CONNECTION_ERROR`	Ensure that Novell eDirectory is running. Ensure that Oracle Identity Manager is running. Ensure that all the adapters have been compiled. Use the IT Resources form to examine the Oracle Identity Manager record. Ensure that the IP address, admin ID, and admin password are correct.
Target not available. Returned Error Message: Target server is not available Returned Error Code: `TARGET_UNAVAILABLE_ERROR`	Ensure that the specified Novell eDirectory connection values are correct.
Returned Error Message: Invalid or incorrect password Returned Error Code: `AUTHENTICATION_ERROR`	Ensure that the specified Novell eDirectory connection values are correct.

Oracle Identity Manager cannot establish a connection to Novell eDirectory.

Returned Error Message:

Error encountered while connecting to target server

Returned Error Code:

INVALID_CONNECTION_ERROR

Ensure that Novell eDirectory is running.
Ensure that Oracle Identity Manager is running.
Ensure that all the adapters have been compiled.
Use the IT Resources form to examine the Oracle Identity Manager record. Ensure that the IP address, admin ID, and admin password are correct.

Target not available.

Returned Error Message:

Target server is not available

Returned Error Code:

TARGET_UNAVAILABLE_ERROR

Ensure that the specified Novell eDirectory connection values are correct.

Returned Error Message:

Invalid or incorrect password

Returned Error Code:

AUTHENTICATION_ERROR

Ensure that the specified Novell eDirectory connection values are correct.

4.2.2 Create User Errors

The following table provides solutions to some commonly encountered Create User errors.

Problem Description	Solution
Oracle Identity Manager cannot create a user. Returned Error Message: Required information missing Returned Error Code: `INSUFFICIENT_INFORMATION_PROVIDED`	Ensure that the specified IP address, admin ID, and administrator password are correct. Ensure that the following information has been provided: User ID User password User container User first name User last name
Oracle Identity Manager cannot create a user. Returned Error Message: User already exists Returned Error Code: `USER_ALREADY_EXISTS`	A user with the assigned ID already exists in Novell eDirectory.
Oracle Identity Manager cannot create a user. Returned Error Message: Naming exception encountered Returned Error Code: `INVALID_NAMING_ERROR`	Ensure that the specified Novell eDirectory connection values are correct. Check if the value for an attribute violates the schema definition.
Oracle Identity Manager cannot create a user. Returned Error Message: Could not create user Returned Error Code: `USER_CREATION_FAILED`	The user cannot be created because one or more attribute values violate the schema definition.
The Create User function failed because a value was being added to a nonexistent attribute. Returned Error Message: Attribute does not exist Returned Error Code: `ATTRIBUTE_DOESNOT_EXIST`	In the `AttrName.Prov.Map.EDIR` lookup definition, check if the decode values are valid attribute names in the target system.
The Create User function failed because an invalid value was specified. Returned Error Message: Invalid value specified for an attribute Returned Error Code: `INVALID_ATTR_VALUE_ERROR`	Check the values specified during user creation.

4.2.3 Modify User Errors

The following table provides solutions to some commonly encountered Modify User errors.

Problem Description	Solution
Oracle Identity Manager cannot modify the value of a user. Returned Error Message: Invalid attribute value or state Returned Error Code: `INVALID_ATTR_MODIFY_ERROR`	Check the attribute ID and value that were specified.
The Modify User function failed because a value was being added to a nonexistent attribute. Returned Error Message: Attribute does not exist Returned Error Code: `ATTRIBUTE_DOESNOT_EXIST`	From the corresponding process task, get the value specified for `AttrName` of the connector. Using the name obtained in the previous step, check in the `AttrName.Prov.Map.EDIR` lookup definition if the decode value is a valid attribute name in the target.
The Modify User function failed because an invalid value was specified. Returned Error Message: Invalid value specified for an attribute Returned Error Code: `INVALID_ATTR_VALUE_ERROR`	Check the value entered.
The Modify User function failed because a value was specified for an attribute that does not exist in the `AttrName.Prov.Map.EDIR` lookup definition. Returned Error Message: One or more attribute mappings are missing Returned Error Code: `ATTR_MAPPING_NOT_FOUND`	From the corresponding process task, get the value specified for `AttrName` of the connector. Using the name obtained in the previous step, check if an entry has been made in the `AttrName.Prov.Map.EDIR` lookup definition.
Error caused because a duplicate value was specified for an attribute. Returned Error Message: Duplicate value encountered Returned Error Code: `DUPLICATE_VALUE_ERROR`	The attribute specified already exists for another user in the system.
Oracle Identity Manager cannot move a user from one container to another. Returned Error Message: Could not move user to a different container Returned Error Code: `USER_MOVE_FAILED`	Generic error. Review the log for more details.
Oracle Identity Manager cannot add a user to a security group. Returned Error Message: Group does not exist Returned Error Code: `SEC_GROUP_DOESNOT_EXIST`	The specified user security group does not exist in Novell eDirectory.
Oracle Identity Manager cannot add a user to a security group. Returned Error Message: Duplicate value encountered Returned Error Code: `DUPLICATE_VALUE`	The user is already a member of the specified security group.
Oracle Identity Manager cannot add the trustee right to a user. Returned Error Message: Duplicate value encountered Returned Error Code: `DUPLICATE_VALUE`	Check if the trustee right has already been assigned to the user in Novell eDirectory.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Role does not exist Returned Error Code: `ROLE_DOESNOT_EXIST`	The specified role for the user in Oracle Identity Manager does not exist in Novell eDirectory. Create the role in Novell eDirectory.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Could not update user Returned Error Code: `USER_UPDATE_FAILED`	Generic error. Review the log for more details.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Duplicate value encountered Returned Error Code: `DUPLICATE_VALUE`	The user has already been assigned this role.
Oracle Identity Manager cannot remove an assigned role from a user. Returned Error Message: Could not remove assigned role Returned Error Code: `USER_DELETE_ASSIGNED_ROLE_FAILED`	Generic error. Review the log for more details.
Oracle Identity Manager cannot add a network restriction. Returned Error Message: Duplicate value encountered Returned Error Code: `DUPLICATE_VALUE`	The specified network restriction already exists for this user in Novell eDirectory.

4.2.4 Delete User Errors

The following table provides solutions to a commonly encountered Delete User error.

Problem Description Solution

Problem Description	Solution
Oracle Identity Manager cannot delete a user. Returned Error Message: User does not exist Returned Error Code: `USER_DOESNOT_EXIST`	User is already deleted in the target

Oracle Identity Manager cannot delete a user.

Returned Error Message:

User does not exist

Returned Error Code:

USER_DOESNOT_EXIST

User is already deleted in the target