Can't deploy Connector configuration using Connector Xpress 2.0
search cancel

Can't deploy Connector configuration using Connector Xpress 2.0

book

Article ID: 259292

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

When we try to deploy a custom connector using Connector Xpress 2.0, we are getting the following error:

In WEB Interface:
Failed to deploy test20585 metadata configuration.

In Tomcat:

2023-02-02 12:33:16.053 ERROR 19208 --- [oi-20421-exec-3] b.a.j.b.p.b.ldap.LDAPConnection          : Failed to create eTNamespaceName=test20585,dc=im,dc=eta. Error=[LDAP: error code 17 - :ETA_E_0003<ANS>, Endpoint type 'test20585' creation failed: DB Add failed: eTRESTConfig (ldaps://testim144:20391) ]
2023-02-02 12:33:16.055 ERROR 19208 --- [oi-20421-exec-3] .j.b.p.a.ProvisioningServerConfigService : Failed to deploy connector test20585 on server testim144. error=[LDAP: error code 17 - :ETA_E_0003<ANS>, Endpoint type 'test20585' creation failed: DB Add failed: eTRESTConfig (ldaps://testim144:20391) ]

Environment

Release : 14.4

Component : CA Identity Manager

Cause

We found the following error from the logs,
20230202:123316:TID=002df0:Add       :D602:E597:F: FAILURE: DB Add (eTNamespaceName=test20585)
20230202:123316:TID=002df0:Add       :D602:E597:F:     rc:  0x0011 (Undefined attribute type)
20230202:123316:TID=002df0:Add       :D602:E597:F:     msg: DB Add failed: eTRESTConfig (ldaps://testim144:20391)

The customer confirmed the connector server has below exact definition for eTRESTConfig.

...\Connector Server\jcs\conf\eta_dyn_openldap.schema

attributetype ( 1.3.6.1.4.1.791.2.3.5.3.5000.1.822 NAME 'eTRESTConfig'
 EQUALITY caseIgnoreMatch
 SUBSTR caseIgnoreSubstringsMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 

It seems eTRESTConfig is missing in Provisioning Directory and CA Directory schema.

Resolution

Please follow these steps to add the missing eTRESTConfig to Provisioning Directory and CA Directory schema:

1. Backup ..\Directory\dxserver\config\schema\etrust_admin.dxc

2. Backup ..\Provisioning Directory\multitenancy\schema\etrust_admin.dxc

3. Add the following entry as the last attribute definition (in both files)

schema set attribute etrust-admin-COS-attr:822 = {
    name = eTRESTConfig
    ldap-names = eTRESTConfig
    equality = caseIgnoreMatch
    syntax = directoryString
    single-valued
};

4. Add the newly defined attribute to the allowed attribute to

schema set object-class etrust-admin-COS-oc:2 = {
    name = eTNamespace
    subclass-of Top
    must-contain
        eTNamespaceName,
        objectclass
    may-contain
        eTCreateDate,
        eTCreateTime,
        eTCreateNode,
        eTCreateUserName,
        eTCreateUserid,
        eTUpdateDate,
        eTUpdateTime,
        eTUpdateNode,
        eTUpdateUserName,
        eTUpdateUserid,
        eTDescription,
        eTComments,
        eTExploreUpdateEtrust,
        eTExploreCorrelateUsers,
        eTExploreCreateUsers,
        eTExploreReportAdditions,
        eTExploreReportDeletions,
        eTExploreUpdateUsers,
        eTExploreIncremental,
        eTIncrementalSearch,
        eTIncrementalStartTime,
        eTCheckPermission,
        eTCheckDelete,
        eTUseOperationID,
        eTID,
        eTDBOnly,
        eTAgentOnly,
        eTAllowPartialResult,
        eTModAttr,
        eTModDescendents,
        eTDeleteEntry,
        eTNamespaceType,
        eTNamespaceSubType,
        eTAgentPluginDLL,
        eTAgentNamespaceClass,
        eTCustomUserUpdate,
        eTUserUpdateMap,
        eTDefaultUserUpdateMap,
        eTPolicyCtnrClass,
        eTLDAPMk3Profile,
        eTLDAPMk3ProfileObjectclass,
        eTLDAPMk3ProfileNamingAttribute,
        eTLDAPMk3ProfileSheetLayout,
        eTLDAPMk3ProfilePageLayout,
        eTLDAPMk3ProfileAttribute,
        eTValidateCredentials,
        eTDirRelativeFormat,
        eTNamespaceFamily,
        eTMetaData,
        eTAdminMetaData,
        eTBLSMetaData,
        eTConnMetaData,
        eTCoreMetaData,
        eTGUIMetaData,
        eTOpBindingsMetaData,
        eTRESTConfig
};

(ensure to add a comma after eTOpBindingsMetaData)

5. Restart Provisioning Server and All Provisioning CA Directory instances

6. Attempt to redeploy.