Overview#

We have found that this is an almost critical policy set that should be implemented on all IDM systems which might not have any other means to detect these conditions.

This policy detects three status conditions:

  • Warnings - Anytime Status level = 'warning'
  • Errors - Any time Status is level = 'error'
  • Retry - Any time Status is level = 'retry', which implies the connector can no longer communicate with the connected system.

For Warnings and Errors, we set the sourceDN (DN form eDirectory) within the message so that if the error was on a user, for example, then you will now which entry was involved in the condition.

Written as a library policy and designed to be placed in the itp policy set.

We show here sending an email, but the concept could be used for other notification methods. We make use of some of the Built-in IDM Variables and show some DirXML Examples and XPATH Examples:

Works for "down-stream" systems as written where the subscriber channel is operational.

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\Program Files (x86)\Novell\Designer\plugins\com.novell.idm.policybuilder_4.0.0.201104051747\DTD\dirxmlscript4.0.1.dtd"><policy>
	<description>We try to trap any pertinent erros we can discover within the driver operation.
Typically placed in the input transform policySet.
Typically added to all drivers by including from a Library or Package.
We show as sending by an Email template which was done for consitancy for an automated messaging system.
The examples could be applied for other methods to obtain errors.</description>
	<rule>
		<description>status operations or break</description>
		<comment xml:space="preserve">We do not want to send "Success" Status Messages</comment>
		<comment name="author" xml:space="preserve">jim@willeke.com</comment>
		<comment name="version" xml:space="preserve">13</comment>
		<comment name="lastchanged" xml:space="preserve">2011-09-21</comment>
		<conditions>
			<or>
				<if-global-variable mode="nocase" name="idv.Notification.sendnotices" op="not-equal">TRUE</if-global-variable>
				<if-operation mode="case" op="not-equal">status</if-operation>
				<if-xpath op="true">self::status[@level = 'success']</if-xpath>
			</or>
		</conditions>
		<actions>
			<do-break/>
		</actions>
	</rule>
	<rule>
		<description>Set op-sourceDN</description>
		<comment xml:space="preserve">If this is not set, then set something so the messages do not look stupid.</comment>
		<comment name="author" xml:space="preserve">jim@willeke.com</comment>
		<comment name="version" xml:space="preserve">3</comment>
		<comment name="lastchanged" xml:space="preserve">2009-11-19</comment>
		<conditions/>
		<actions>
			<do-if>
				<arg-conditions>
					<or>
						<if-op-property name="op-sourceDN" op="not-available"/>
						<if-op-property mode="nocase" name="op-sourceDN" op="equal"/>
					</or>
				</arg-conditions>
				<arg-actions>
					<do-if>
						<arg-conditions>
							<and>
								<if-xpath op="true">self::status[@type = 'app-general']</if-xpath>
							</and>
						</arg-conditions>
						<arg-actions>
							<do-set-op-property name="op-sourceDN">
								<arg-string>
									<token-text xml:space="preserve"> app-general issue not user specific</token-text>
								</arg-string>
							</do-set-op-property>
						</arg-actions>
						<arg-actions>
							<do-set-op-property name="op-sourceDN">
								<arg-string>
									<token-src-dn/>
								</arg-string>
							</do-set-op-property>
							<do-if>
								<arg-conditions>
									<or>
										<if-op-property name="op-sourceDN" op="not-available"/>
										<if-op-property mode="nocase" name="op-sourceDN" op="equal"/>
									</or>
								</arg-conditions>
								<arg-actions>
									<do-set-op-property name="op-sourceDN">
										<arg-string>
											<token-text xml:space="preserve"> Unable to determine. Check Log files. </token-text>
										</arg-string>
									</do-set-op-property>
								</arg-actions>
								<arg-actions/>
							</do-if>
						</arg-actions>
					</do-if>
				</arg-actions>
				<arg-actions/>
			</do-if>
		</actions>
	</rule>
	<rule>
		<description>Trap Warning Messages</description>
		<comment xml:space="preserve">We trap only warning messages in this rule</comment>
		<comment name="author" xml:space="preserve">jim@willeke.com</comment>
		<comment name="version" xml:space="preserve">12</comment>
		<comment name="lastchanged" xml:space="preserve">2011-07-12</comment>
		<conditions>
			<and>
				<if-xpath op="true">self::status[@level = 'warning']</if-xpath>
			</and>
		</conditions>
		<actions>
			<do-send-email-from-template notification-dn="Security\Default Notification Collection" template-dn="Security\Default Notification Collection\idm-generic-notify">
				<arg-string name="to">
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="level">
					<token-text xml:space="preserve">WARNING</token-text>
				</arg-string>
				<arg-string name="tree">
					<token-global-variable name="dirxml.auto.treename"/>
				</arg-string>
				<arg-string name="mainbodytext">
					<token-text xml:space="preserve">The following Error was returned: </token-text>
					<token-xpath expression="self::status"/>
					<token-text xml:space="preserve"> for the user: </token-text>
					<token-op-property name="op-sourceDN"/>
				</arg-string>
				<arg-string name="contacttext">
					<token-text xml:space="preserve">For more information, please contact </token-text>
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="subjecttext">
					<token-xpath expression="self::status"/>
				</arg-string>
				<arg-string name="drivername">
					<token-global-variable name="dirxml.auto.driverdn"/>
				</arg-string>
			</do-send-email-from-template>
		</actions>
	</rule>
	<rule>
		<description>Trap Error Messages</description>
		<comment xml:space="preserve">We trap only Error Messages in this Rule</comment>
		<comment name="author" xml:space="preserve">jim@willeke.com</comment>
		<comment name="version" xml:space="preserve">11</comment>
		<comment name="lastchanged" xml:space="preserve">2011-07-12</comment>
		<conditions>
			<and>
				<if-xpath op="true">self::status[@level = 'error']</if-xpath>
			</and>
		</conditions>
		<actions>
			<do-send-email-from-template notification-dn="Security\Default Notification Collection" template-dn="Security\Default Notification Collection\idm-generic-notify">
				<arg-string name="to">
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="level">
					<token-text xml:space="preserve">ERROR</token-text>
				</arg-string>
				<arg-string name="tree">
					<token-global-variable name="dirxml.auto.treename"/>
				</arg-string>
				<arg-string name="mainbodytext">
					<token-text xml:space="preserve">The following Error was returned: </token-text>
					<token-xpath expression="self::status"/>
					<token-text xml:space="preserve"> for the user: </token-text>
					<token-op-property name="op-sourceDN"/>
				</arg-string>
				<arg-string name="contacttext">
					<token-text xml:space="preserve">For more information, please contact </token-text>
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="subjecttext">
					<token-xpath expression="self::status"/>
				</arg-string>
				<arg-string name="drivername">
					<token-global-variable name="dirxml.auto.driverdn"/>
				</arg-string>
			</do-send-email-from-template>
		</actions>
	</rule>
	<rule>
		<description>Trap Retry Messages</description>
		<comment xml:space="preserve">We trap only retry messages int his rule</comment>
		<comment name="author" xml:space="preserve">jim@willeke.com</comment>
		<comment name="version" xml:space="preserve">13</comment>
		<comment name="lastchanged" xml:space="preserve">2011-07-12</comment>
		<conditions>
			<and>
				<if-xpath op="true">self::status[@level = 'retry']</if-xpath>
			</and>
		</conditions>
		<actions>
			<do-send-email-from-template notification-dn="Security\Default Notification Collection" template-dn="Security\Default Notification Collection\idm-generic-notify">
				<arg-string name="to">
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="level">
					<token-text xml:space="preserve">RETRY</token-text>
				</arg-string>
				<arg-string name="tree">
					<token-global-variable name="dirxml.auto.treename"/>
				</arg-string>
				<arg-string name="mainbodytext">
					<token-text xml:space="preserve">The following Error was returned: </token-text>
					<token-xpath expression="self::status"/>
					<token-text xml:space="preserve"> for the user: </token-text>
					<token-op-property name="op-sourceDN"/>
				</arg-string>
				<arg-string name="contacttext">
					<token-text xml:space="preserve">For more information, please contact </token-text>
					<token-global-variable name="idv.notification.emailaddress.idmteam"/>
				</arg-string>
				<arg-string name="subjecttext">
					<token-xpath expression="self::status"/>
				</arg-string>
				<arg-string name="drivername">
					<token-global-variable name="dirxml.auto.driverdn"/>
				</arg-string>
			</do-send-email-from-template>
		</actions>
	</rule>
</policy>

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-9) was last changed on 19-Aug-2014 11:01 by jim