Tuesday, May 25, 2010

Novell IDM Syntax Violation Errors

I was recently working on a driver.  I had finished the driver and everything was working great.  I then started getting the following errors on my driver:

Code(-9010) An exception occurred: novell.jclient.JCException: createEntry -613 ERR_SYNTAX_VIOLATION

After yanking out some of the hair on my scalp, I took two traces, one of a user that was created successfully, and one of a user that kicked back this error.  I looked at the XML document after all the driver logic was finished just before it tried to create the account.

What I found was there were very few differences (I hope not), but what ended up standing out is that in one of the traces, the user had a blank value for their Title attribute, and looked similar to this:

<add-attr attr-name="Title">
   <value type="string"/>
</add-attr>

Why is this significant?  Because if you look at the schema for eDirectory, the attribute Title is sized, with a minimum length of 1 character, meaning a blank attribute is not valid.

The resolution for this was simple.  I found all attributes that had sizing restrictions on them, then simply did a check and stripped them out if they had a blank value.  Here is what the Title attribute sample looked like:

<rule>
   <description>Strip Title if blank</description>
   <comment xml:space="preserve">If title is a blank value, strip it so it doesn't cause a syntax violation.</comment>
   <conditions>
      <and>
          <if-class-name mode="nocase" op="equal">User</if-class-name>
          <if-op-attr mode="nocase" name="Title" op="equal"/>
       </and>
   </conditions>
   <actions>
       <do-strip-op-attr name="Title"/>
   </actions>
</rule>

Once this was done all of the errors disappeared!

2 comments: