I can't use customize rule to fix this issue even if I place another rule to post mapping rules like the following:
Finally I give up and use Account Configuration to set target attributes with fixed dn.
Original Message:
Sent: Mon August 30, 2021 09:24 AM
From: Riccardo Pizzuto
Subject: IGI rules bug?
Could you please share what function bypassed the issue? Many thanks
------------------------------
Riccardo Pizzuto
Original Message:
Sent: Sun August 29, 2021 10:27 PM
From: Andy Wu
Subject: IGI rules bug?
Yes, it's still there even I upgrade to the last patch of IGI.
I can't issue a ticket to support due to this was a POC project to my client. I just using another function to bypass this issue
------------------------------
Andy Wu
Original Message:
Sent: Wed August 25, 2021 05:22 AM
From: Riccardo Pizzuto
Subject: IGI rules bug?
Hi, did you managed to get this work? I'm facing the same issue.
Thank you
------------------------------
Riccardo Pizzuto
Original Message:
Sent: Wed May 05, 2021 02:51 AM
From: Andy Wu
Subject: IGI rules bug?
Hi David,
Yes, the issue still there, event I change from
_AccountAction.updateAccount(sql, accountBean);
to
UserAction.updateAccount(sql, accountBean);
all get the same result.
I'm trying to customize different destination dn for employee in different department for Active Directory.
So, I try add a rule to set account dn and bind to OUT queue and then add another rule(pre-mapping)
to extract the dn value and append to erADContainer attribute.
And
Thanks for response.
------------------------------
Andy Wu
Original Message:
Sent: Wed May 05, 2021 12:53 AM
From: David Kuehr-McLaren
Subject: IGI rules bug?
Andy,
Sorry. Just noticed this post. Are you still having trouble with rule?
------------------------------
[David] [Kuehr-McLaren] [
Security Expert Labs]
[Senior Security Architect - STSM]
[IBM]
[dkuehrmc@us.ibm.com]
Original Message:
Sent: Fri April 16, 2021 04:14 AM
From: Andy Wu
Subject: IGI rules bug?
I found the cause of the error was using
_AccountAction.updateAccount() method
and even I change to use
UserAction.updateAccount() method, still the same result.
Are these two method can't be use in OUT queue?
------------------------------
Andy Wu
Original Message:
Sent: Thu April 15, 2021 11:16 PM
From: Andy Wu
Subject: IGI rules bug?
Trying to add an Account Creation rule in out queue, the rule like the following:
when
event : EventOutBean( )
userBean : UserBean( )
orgUnitBean : OrgUnitBean( )
accountBean : AccountBean( )
then
// [ V1.0 - 2021-04-15 ]
final String AD = "Active Directory";
final String EDIR = "eDirectory";
String target = event.getTarget();
if (target.equalsIgnoreCase(AD) || target.equalsIgnoreCase(EDIR)) {
BeanList parentOrgBeanList = _OrgUnitAction.findParent(sql, false, orgUnitBean);
if (!parentOrgBeanList.isEmpty()) {
StringBuffer container = null;
if (target.equalsIgnoreCase(AD)) {
container = new StringBuffer();
// Find account container for Active Directory
for (int i = 0; i < parentOrgBeanList.size() - 1; i++) {
container.append("ou=");
container.append(((OrgUnitBean) parentOrgBeanList.get(i)).getName());
container.append(",");
}
container.append("dc=demolab,dc=com");
logger.debug("User container in AD: " + container.toString());
accountBean.setDn("cn=" + accountBean.getDisplayName() + "," + container.toString());
_AccountAction.updateAccount(sql, accountBean);
}
if (target.equalsIgnoreCase(EDIR)) {
container = new StringBuffer();
// Find account container for eDirectory
for (int i = 0; i < parentOrgBeanList.size() - 1; i++) {
container.append("ou=");
container.append(((OrgUnitBean) parentOrgBeanList.get(i)).getCode());
container.append(",");
}
container.append("o=Lab");
container.insert(0, "ou=Users,");
logger.debug("User container in eDirectory: " + container.toString());
accountBean.setDn("cn=" + accountBean.getName() + "," + container.toString());
_AccountAction.updateAccount(sql, accountBean);
}
}
}
And get the following error:
Apr 16, 2021, 10:54:50 AM INFO AGC:65 - Inserito oggetto com.engiweb.profilemanager.common.bean.event.EventOutBean: [ID=376, OPERATION=8, TRACE=8, STATE=1, WRITE=true, DATEPROCESS=2021-04-16 10:54:32.115, DATEEVENT=2021-04-16 10:17:50.753, PERSON=245, USER=c: 321, TARGET=Active Directory, CODICEOPERAZIONE=PM_731043771391490408_admin, VALORE1=bryan, VALORE2=g0NFjXWJ795pKzg4frTyKQ==, VALORE3=000000, VALORE4=null, APPLICATION=Active Directory]
Apr 16, 2021, 10:54:50 AM INFO AGC:65 - Inserito oggetto com.engiweb.profilemanager.common.bean.UserBean: [ID=245, DN=null, ATTR1=null, ATTR2=null, ATTR3=null, ATTR4=null, ATTR5=null, VALUE=null, CODE=bryan, SURNAME=葉, NAME=協萱, EMAIL=null, CODFISC=0076, SEX=0, DATEOFBIRTH=null, PLACEOFBIRTH=null, ADDRESS=null, LOCALITY=null, REGISTER=null, DESCRIPTION=null, STATE=0, LASTMODUSER=null, LASTMODTIME=2021-04-06 14:11:50.775, PWDMANAGEMENT_DISABLED=0, PWDMANAGEMENT_EXPIRE=null, PWDMANAGEMENT_ID=343, ORGANIZATIONALUNIT_ID=108, ORGANIZATIONALUNIT_CODE=B1300, ORGANIZATIONALUNIT_NAME=技術維運處, HIERARCHY_ID=1, HIERARCHY_CODE=null, HIERARCHY_NAME=null, PERSONTYPE_ID=100, PERSONTYPE_NAME=Employee, PERSONTYPE_DESCRIPTION=Identity registered in ISIM, MASTER_CODE=null, MASTER_ID=null, UMETYPE=NONE]
Apr 16, 2021, 10:54:50 AM INFO AGC:65 - Inserito oggetto com.engiweb.profilemanager.common.bean.ExternalInfo: [[name=ISN value=null objectValue=null required=null], [name=CREATED_ON value=06/04/2021 14:11 objectValue=Tue Apr 06 14:11:50 CST 2021 required=null], [name=USERSTATUS value=1 objectValue=1 required=null], [name=ATTR10 value=null objectValue=null required=0], [name=LAST_MOD_TIME value=06/04/2021 14:11 objectValue=Tue Apr 06 14:11:50 CST 2021 required=null], [name=OU value=B1300 objectValue=B1300 required=null], [name=LAST_MOD_USER value=null objectValue=null required=null], [name=Is Dep. Manager value=3 objectValue=3 required=null], [name=Education value=Technicians objectValue=Technicians required=null], [name=Cod Subarea value=null objectValue=null required=null], [name=NATION value=null objectValue=null required=null], [name=Cod Area value=網路管理師 objectValue=網路管理師 required=null], [name=City value=null objectValue=null required=null], [name=Manager value=0060 objectValue=0060 required=null], [name=Cod User value=null objectValue=null required=null], [name=ACCOUNT_EXPIRY_DATE value=null objectValue=null required=null]]
Apr 16, 2021, 10:54:50 AM INFO AGC:65 - Inserito oggetto com.engiweb.profilemanager.common.bean.OrgUnitBean: [ = COPYRIGHT = null, = serialVersionUID = -, = id = 108, = name = 技術維運處, = code = B1300, = description = , = parent = null, = value = null, = state = null, = attr1 = 109, = attr2 = null, = attr3 = null, = attr4 = null, = attr5 = null, = lastModUser = null, = lastModTime = Thu Mar 25 23:18:05 CST 2021, = enableSOD = 0, = organizationalunittype_description = null, = organizationalunittype_name = null, = organizationalunittype_id = null, = organizationalunittype_code = null, = reviewState = null, = person_name = null, = person_surname = null, = person_code = null, = person_email = null, = person_id = null, = adminList = null, = adminByDelegationList = null, = ownerCode = null, = hierarchy_id = 1, = hierarchy_name = null, ]
Apr 16, 2021, 10:54:50 AM INFO AGC:65 - Inserito oggetto com.engiweb.profilemanager.common.bean.AccountBean: [ = COPYRIGHT = null, = serialVersionUID = -, = id = 369, = code = bryan, password = ****, oldPassword = ****, = algorithm = null, = isDefault = 1, = disabled = 0, = forceChangePwd = 0, = pwdLife = 0, = numberLoginError = 0, = isReverseIgnore = 1, = lastModUser = null, = lastlogin = null, = lastModTime = Fri Apr 16 10:17:30 CST 2021, = lastChangePwd = Fri Apr 16 10:17:30 CST 2021, = lastWrongLogin = null, = lastNPwd = {SHA-256}fXFJhqB2D8zXdXx6Eze10PwHUh33KnJ0mSVFl5Ox0QI=, = name = , = surname = , = email = , = dn = , = displayName = , = identityUID = null, = questionResetPwd = null, = response = null, = value = null, = attr1 = null, = attr2 = 000000, = attr3 = null, = attr4 = PM_731043771391490408_admin, = attr5 = null, = state = 0, = expire = null, = block = com.engiweb.profilemanager.common.bean.Block@5d1cfe88, = pwdcfg_id = 101, = pwdcfg_name = Active Directory, = pwdcfg_description = null, = pwdcfg_sync = 2, = pwdcfg_attr1 = ADprofile, = pwdpolicy_id = 103, = pwdpolicy_name = Company All, = person_id = 245, = person_code = bryan, = person_dn = null, = person_surname = 葉, = person_name = 協萱, = person_sex = 0, = person_email = null, = person_codfisc = 0076, = person_master = null, = persontype_id = 100, = persontype_name = Employee, = lastCertTime = null, = challengeCounter = null, = challengeFailedAttempts = null, = challengeToken = null, = challengeTokenCreation = null, = changeLogId = 253, = accountType_id = null, = accountType_name = null, = accountType_description = null, = accountType_state = null, = active = 1, = sourceName = null, = sourceType = null, = sourceID = null, = additionalInfo = null, = personForFulfillment = null, = attributesToRemove = {}, = attributesToAdd = {}, = pwdPolicyBean = null, = isNeedPwdSync = null, = messages = {}, ]
Apr 16, 2021, 10:54:50 AM ERROR AGC:50 - AccountDAO.getUser(): The Identity Brokerage Target ID is either null or empty for this Account Configuration: Active Directory
Apr 16, 2021, 10:54:50 AM ERROR AGC:50 - Exception executing consequence for rule "Set Dn" in defaultpkg: java.lang.NullPointerException
Apr 16, 2021, 10:54:50 AM ERROR AGC:81 - Error :MR_OUT_376_245 - null
java.lang.NullPointerException
at com.engiweb.profilemanager.backend.dao.AccountDAO.findAttrValue(AccountDAO.java:3822)
at com.engiweb.profilemanager.backend.dao.AccountDAO.findAttrValue(AccountDAO.java:172)
at com.engiweb.profilemanager.backend.dao.AccountDAO.createChangeLog(AccountDAO.java:3460)
at com.engiweb.profilemanager.backend.dao.AccountDAO.updateAccount(AccountDAO.java:1084)
at com.engiweb.profilemanager.common.ruleengine.action.reorganize._AccountAction.updateAccount(_AccountAction.java:111)
at defaultpkg.Rule_Set_Dn182270844.defaultConsequence(Rule_Set_Dn182270844.java:32)
at defaultpkg.Rule_Set_Dn182270844DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
at defaultpkg.Rule_Set_Dn182270844DefaultConsequenceInvoker.evaluate(Unknown Source)
at org.drools.core.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1089)
at org.drools.core.phreak.RuleExecutor.fire(RuleExecutor.java:121)
at org.drools.core.phreak.RuleExecutor.evaluateNetworkAndFire(RuleExecutor.java:74)
at org.drools.core.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1007)
at org.drools.core.common.DefaultAgenda.fireLoop(DefaultAgenda.java:1350)
at org.drools.core.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1288)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.internalFireAllRules(StatefulKnowledgeSessionImpl.java:1306)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireAllRules(StatefulKnowledgeSessionImpl.java:1297)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireAllRules(StatefulKnowledgeSessionImpl.java:1278)
at com.engiweb.ruleengine.backend.event.AbstractSynchEvent.executeStatefullDrools(AbstractSynchEvent.java:215)
at com.engiweb.ruleengine.backend.event.AbstractSynchEvent.executeDrools(AbstractSynchEvent.java:110)
at com.engiweb.profilemanager.backend.ruleengine.SynchEventOut.createAccount(SynchEventOut.java:1094)
at com.engiweb.profilemanager.backend.ruleengine.SynchEventOut.executeOperation(SynchEventOut.java:638)
at com.engiweb.profilemanager.backend.ruleengine.SynchEventOut.doWork(SynchEventOut.java:370)
at com.engiweb.profilemanager.backend.ruleengine.SynchEventOut.newRun(SynchEventOut.java:230)
at com.engiweb.profilemanager.backend.ruleengine.eventout.EventOutWorker.doWork(EventOutWorker.java:68)
at com.engiweb.profilemanager.backend.performance.Worker.run(Worker.java:54)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:822)
at com.ibm.ws.concurrent.internal.ManagedThreadImpl.run(ManagedThreadImpl.java:94)
any ideas are very appreciate.
------------------------------
Andy Wu
------------------------------