4 Testing and Troubleshooting

After you deploy and configure the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:

• Running Test Cases

• Troubleshooting Connector Problems

4.1 Running Test Cases

You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.

To use the testing utility:

1. Copy the contents of the test directory on the installation media, to the OIM_HOME/xellerate/SJSDS/test/troubleshoot directory.

2. Specify values for the parameters in the TroubleShootIPlanet.properties file.

   This file is in the OIM_HOME/xellerate/SJSDS/test/troubleshoot directory. The following table describes the sections of this file in which you must provide information for running the tests.

   Section	Information
   Sun Java System Directory Server connection parameters	Connection parameters required to connect to the target system These parameters are the same as the parameters of the IT resource that you configure by performing the procedure described earlier in this guide.
   Create User information	Parameters required to create a user
   Modify User information	Parameters required to modify a user
   Delete User information	DN of the user to be deleted

   
   

3. Add the following to the CLASSPATH environment variable:

   OIM_HOME/xellerate/JavaTasks/SJSDSProv.jar
   OIM_HOME/xellerate/lib/xlLogger.jar
   OIM_HOME/xellerate/ext/log4j-1.2.8.jar
   OIM_HOME/xellerate/lib/xlUtils.jar
   

4. Create an ASCII-format copy of the TroubleShootIPlanet.properties file as follows:

   Note:

   You must perform this procedure every time you make a change in the contents of the TroubleShootIPlanet.properties file.

   1. In a command window, change to the following directory:

      OIM_HOME/xellerate/SJSDS/test/troubleshoot
      

   2. Enter the following command:

      native2ascii TroubleShootIPlanet.properties global.properties
      

      The global.properties is created when you run the native2ascii command. The contents of this file are an ASCII-format copy of the contents of the TroubleShootIPlanet.properties file.

5. Perform the following tests:

   • Create a user as follows:

     java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet createUser
     

   • Modify a user as follows:

     java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet modifyUser
     

   • Delete a user as follows:

     java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet deleteUser
     

4.2 Troubleshooting Connector Problems

The following sections list solutions to some commonly encountered errors of the following types:

• Connection Errors

• Create User Errors

• Modify User Errors

• Delete User Errors

• Reconciliation Errors

4.2.1 Connection Errors

The following table describes solutions to commonly encountered Create User errors.

Problem Description	Solution
Oracle Identity Manager cannot establish a connection to Sun Java System Directory. Returned Error Message: Connection error encountered Returned Error Code: INVALID_CONNECTION_ERROR	Ensure that Sun Java System Directory is running. Ensure that Oracle Identity Manager is running (that is, the database is running). Ensure that all the adapters have been compiled. Examine the Oracle Identity Manager record (from the IT Resources form). Verify that the specified IP address, admin ID, and admin password are correct.
Target not available Returned Error Message: Target server not available Returned Error Code TARGET_UNAVAILABLE_ERROR	Ensure that the specified Sun Java System Directory server connection values are correct.
Authentication error Returned Error Messages Invalid or incorrect password Returned Error Code AUTHENTICATION_ERROR	Ensure that the password is correct in the user account credentials that you specify.

4.2.2 Create User Errors

The following table describes solutions to commonly encountered Create User errors.

Problem Description	Solution
Oracle Identity Manager cannot create a user. Returned Error Message: Required field information not provided Returned Error Code: INSUFFICIENT_INFORMATION_PROVIDED	Ensure that the IP address, admin ID, and admin password are correct. Ensure that the following information is provided: User ID User password User container User first name User last name
Oracle Identity Manager cannot create a user. Returned Error Message: User already exists Returned Error Code: USER_ALREADY_EXIST	Check if a user with the specified ID already exists in Sun Java System Directory. Assign a new ID for this user, and try again.
Oracle Identity Manager cannot create a user. Returned Error Message: Naming exception encountered Returned Error Code: INVALID_NAMING_ERROR	Check if the specified Sun Java System Directory connection values are correct. Check if an attribute value violates the schema definition.
Oracle Identity Manager cannot create a user. Returned Error Message: Required information missing, could not create user Returned Error Code: USER_CREATION_FAILED	Check if an attribute value violates the schema definition.
The Create User operation failed because a value was being added to a nonexistent attribute. Returned Error Message: Attribute does not exist Returned Error Code: ATTRIBUTE_DOESNOT_EXIST	In the AttrName.Prov.Map.iPlanet lookup definition, check if the decode values are valid attribute names in the target system.
The Create User operation failed because an invalid value was being added. Returned Error Message: Invalid value specified for an attribute Returned Error Code: INVALID_ATTR_VALUE_ERROR	Check the values specified during user creation.

4.2.3 Modify User Errors

The following table describes the solution to commonly encountered Modify User errors.

Problem Description	Solution
Oracle Identity Manager cannot modify the attribute value of a user. Returned Error Message: Invalid attribute value or state Returned Error Code: INVALID_ATTR_MODIFY_ERROR	Check the specified user ID.
The Modify User operation failed because a value was being added to a nonexistent attribute. Returned Error Message: Attribute does not exist Returned Error Code: ATTRIBUTE_DOESNOT_EXIST	From the corresponding process task, get the value that is passed for AttrName of the connector. Using the name obtained in the previous step, check in the AttrName.Prov.Map.iPlanet lookup definition if the decode value is a valid attribute name in the target.
The Modify User operation failed because an invalid value was being added. Returned Error Message: Invalid value specified for an attribute Returned Error Code: INVALID_ATTRIBUTE_VALUE_ERROR	Check the value specified.
The Modify User operation failed because of an attempt to add a value to an attribute that does not exist in the AttrName.Recon.Map.iPlanet lookup definition. Returned Error Message: One or more attribute mappings are missing Returned Error Code: ATTR_MAPPING_NOT_FOUND	From the corresponding process task, get the value that is passed for AttrName of the connector. Using the name obtained in the previous step, check if an entry has been made in the AttrName.Recon.Map.iPlanet lookup definition.
The operation failed because a duplicate value was being added to an attribute. Returned Error Message: Duplicate value Returned Error Code: DUPLICATE_VALUE_ERROR	Check the value specified.
Oracle Identity Manager cannot move a user from one container to another. Returned Error Message: Could not move user to different container Returned Error Code: USER_MOVE_FAILED	Generic error. Review the log for more details.
Oracle Identity Manager cannot add a user to a security group. Returned Error Message: Group does not exist Returned Error Code: GROUP_DOES_NOT_EXIST	The specified user security group does not exist in Sun Java System Directory. Check the group name.
Oracle Identity Manager cannot add a user to a group. Returned Error Message: Duplicate value Returned Error Code: DUPLICATE_VALUE_ERROR	The user is already a member of the group.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Role does not exist Returned Error Code: ROLE_DOESNOT_EXIST	The specified role for the user in Oracle Identity Manager does not exist in Sun Java System Directory. Create the role in Sun Java System Directory.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Could not update user Returned Error Code: USER_UPDATE_FAILED	Generic error. Review the log for more details.
Oracle Identity Manager cannot add a role to a user. Returned Error Message: Duplicate value Returned Error Code: DUPLICATE_VALUE_ERROR	The user has already been assigned this role.
Oracle Identity Manager cannot remove a role assigned to a user. Returned Error Message: Could not remove role from user Returned Error Code: USER_REMOVE_ROLE_FAILED	Generic error. Review the log for more details.

4.2.4 Delete User Errors

The following table describes the solution to a commonly encountered Delete User error.

Problem Description	Solution
Oracle Identity Manager cannot delete a user. Returned Error Message: User does not exist Returned Error Code: USER_DOESNOT_EXIST	The specified user does not exist in Sun Java System Directory.

4.2.5 Reconciliation Errors

The following table describes the solution to a commonly encountered reconciliation error.

Problem Description	Solution
Oracle Identity Manager cannot reconcile users from Sun Java System Directory. Returned Error Message: javax.naming.NamingException: tcUtilLDAPOperations -> : NamingException : Unable to search LDAP Returned Error Code: LDAP: error code 11 - Administrative Limit Exceeded	Change the Sun Java System Directory configuration as follows: Open the Sun ONE Directory Server admin console. Select Configuration, Performance, and Client Control. Set the size limit to unlimited. Set the look-through limit to unlimited. Save the changes, and restart Sun Java System Directory.