Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [03/20/12 07:46:22.442]:Active Directory :Reading named passwords list.
- [03/20/12 07:46:22.447]:Active Directory :Named passwords:
- [03/20/12 07:46:22.447]:Active Directory : Name: secretstore-enhanced-protection-password
- [03/20/12 07:46:22.447]:Active Directory :Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-EngineControlValues.
- [03/20/12 07:46:22.449]:Active Directory :Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST#DirXML-ConfigValues.
- [03/20/12 07:46:22.450]:Active Directory :Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ConfigValues.
- [03/20/12 07:46:22.456]:Active Directory :Global Configuration Values:
- [03/20/12 07:46:22.457]:Active Directory : Name: ConnectedSystemName Value: Active Directory
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.domain.dns.name Value: edir2adlab.local
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.subPlacementType Value: mirrored
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.user.container Value: OU=FDNY,dc=edir2adlab,dc=local
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.pubPlacementType Value: mirrored
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.entitlement.display Value: hide
- [03/20/12 07:46:22.457]:Active Directory : Name: drv.entitlement.UserAccount Value: false
- [03/20/12 07:46:22.458]:Active Directory : Name: drv.entitlement.remove Value: disable
- [03/20/12 07:46:22.458]:Active Directory : Name: drv.entitlement.Group Value: false
- [03/20/12 07:46:22.458]:Active Directory : Name: drv.exchMailboxMethod Value: disabled
- [03/20/12 07:46:22.458]:Active Directory : Name: drv.exchDefaultMDB Value:
- [03/20/12 07:46:22.458]:Active Directory : Name: pwd-mgt-display Value: hide
- [03/20/12 07:46:22.458]:Active Directory : Name: enable-password-subscribe Value: true
- [03/20/12 07:46:22.458]:Active Directory : Name: enable-password-publish Value: true
- [03/20/12 07:46:22.458]:Active Directory : Name: publish-password-to-nds Value: true
- [03/20/12 07:46:22.459]:Active Directory : Name: publish-password-to-dp Value: false
- [03/20/12 07:46:22.459]:Active Directory : Name: enforce-password-policy Value: true
- [03/20/12 07:46:22.459]:Active Directory : Name: reset-external-password-on-failure Value: true
- [03/20/12 07:46:22.459]:Active Directory : Name: notify-user-on-password-dist-failure Value: true
- [03/20/12 07:46:22.459]:Active Directory : Name: name-map-display Value: hide
- [03/20/12 07:46:22.459]:Active Directory : Name: FullNameMap Value: true
- [03/20/12 07:46:22.459]:Active Directory : Name: LogonNameMap Value: true
- [03/20/12 07:46:22.460]:Active Directory : Name: UpnMap Value: edir-name-auth
- [03/20/12 07:46:22.460]:Active Directory : Name: credprov.display Value: hide
- [03/20/12 07:46:22.460]:Active Directory : Name: credprov.enable Value: false
- [03/20/12 07:46:22.460]:Active Directory : Name: credprov.on.new-user Value: true
- [03/20/12 07:46:22.460]:Active Directory : Name: credprov.on.modify-Login_Disabled Value: true
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.on.password-change Value: true
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.application.credential.id Value: ad
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.application.userid.attr Value: sAMAccountName
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.secretstore.enable Value: true
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.secretstore.sharedsecrettype Value: C
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.secretstore.enhancedprotectionflag Value: 0
- [03/20/12 07:46:22.461]:Active Directory : Name: credprov.securelogin.enable Value: true
- [03/20/12 07:46:22.462]:Active Directory : Name: credprov.nslpassphrase.enable Value: true
- [03/20/12 07:46:22.462]:Active Directory : Name: credprov.nslpassphrase.question Value: What is your Workforce ID?
- [03/20/12 07:46:22.462]:Active Directory : Name: credprov.nslpassphrase.answervalueattr Value: workforceID
- [03/20/12 07:46:22.462]:Active Directory : Name: drv.acctTrk.display Value: hide
- [03/20/12 07:46:22.462]:Active Directory : Name: drv.acctTrk.enable Value: true
- [03/20/12 07:46:22.462]:Active Directory : Name: drv.acctTrk.realm Value: edir2adlab.local
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.objectClass Value: user
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.identifiers Value: sAMAccountName;userPrincipalName;LDAPDN;association
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.statusAttr Value: dirxml-uACAccountDisable
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.activeStatus Value: false
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.inactiveStatus Value: true
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.idvDefaultStatus Value: A
- [03/20/12 07:46:22.463]:Active Directory : Name: drv.acctTrk.appDefaultStatus Value: -
- [03/20/12 07:46:22.464]:Active Directory : Name: idv.credprov.nsl.repository Value: lib-CredProv-NSLRepository-V1
- [03/20/12 07:46:22.464]:Active Directory : Name: idv.credprov.nss.repository Value: lib-CredProv-NSSRepository-V1
- [03/20/12 07:46:22.464]:Active Directory : Name: idv.dit.data.users Value: fdny
- [03/20/12 07:46:22.464]:Active Directory : Name: dirxml.auto.treename Value: EDIR2ADLAB
- [03/20/12 07:46:22.464]:Active Directory : Name: dirxml.auto.driverdn Value: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- [03/20/12 07:46:22.464]:Active Directory : Name: dirxml.auto.driverguid Value: {65C7C4BB-8BDD-41c7-7EBB-BBC4C765DD8B}
- [03/20/12 07:46:22.465]:Active Directory :Using default reciprocal attribute map
- [03/20/12 07:46:22.465]:Active Directory :Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-PersistentData.
- [03/20/12 07:46:22.466]:Active Directory :Loaded persistent data
- [03/20/12 07:46:22.466]:Active Directory :
- <persistent-data>
- <op-counters last-reset-time="1332184584177">
- <subscriber>
- <counters index="0">
- <sync>127</sync>
- </counters>
- <counters index="1">
- <sync>26</sync>
- </counters>
- <counters index="2">
- <modify>1</modify>
- <query>64</query>
- <add>3</add>
- </counters>
- <counters index="3">
- <modify>1</modify>
- <query>64</query>
- <add>3</add>
- </counters>
- <counters index="4">
- <status>68</status>
- <instance>13</instance>
- <add-association>1</add-association>
- </counters>
- </subscriber>
- <publisher>
- <counters index="0">
- <status>991</status>
- <query>3</query>
- <add>1</add>
- <check-password><!-- content suppressed --></check-password>
- <init-params>2</init-params>
- </counters>
- <counters index="1">
- <status>991</status>
- <query>3</query>
- <add>1</add>
- <check-password><!-- content suppressed --></check-password>
- <init-params>2</init-params>
- </counters>
- <counters index="2">
- <status>991</status>
- <query>3</query>
- <add>1</add>
- <check-password><!-- content suppressed --></check-password>
- <init-params>2</init-params>
- </counters>
- <counters index="3">
- <status>991</status>
- <modify>16</modify>
- <query>4</query>
- <check-password><!-- content suppressed --></check-password>
- <init-params>2</init-params>
- </counters>
- <counters index="4">
- <status>1018</status>
- <instance>4</instance>
- </counters>
- </publisher>
- </op-counters>
- </persistent-data>
- [03/20/12 07:46:22.475]:Active Directory :Found subscriber fdny\AD-TEST\Active Directory\Subscriber.
- [03/20/12 07:46:22.481]:Active Directory :Found publisher fdny\AD-TEST\Active Directory\Publisher.
- [03/20/12 07:46:22.481]:Active Directory :Creating subscriber thread.
- [03/20/12 07:46:22.482]:Active Directory ST:Subscriber thread starting.
- [03/20/12 07:46:22.494]:Active Directory ST:Initializing driver shim.
- [03/20/12 07:46:22.494]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ApplicationSchema.
- [03/20/12 07:46:22.496]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ConfigManifest.
- [03/20/12 07:46:22.497]:Active Directory ST:Reading driver information from the \EDIR2ADLAB\fdny\AD-TEST\Active Directory object.
- [03/20/12 07:46:22.497]:Active Directory ST:Loading Java shim com.novell.nds.dirxml.remote.driver.DriverShimImpl.
- [03/20/12 07:46:22.505]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ShimConfigInfo.
- [03/20/12 07:46:22.508]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverStorage.
- [03/20/12 07:46:22.509]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>REMOTE(hostname=10.237.48.38 port=8090)10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-options>
- <auth-options display-name="Show authentication options">hide</auth-options>
- <auth-method display-name="Authentication Method">Negotiate</auth-method>
- <signing display-name="Digitally sign communications">no</signing>
- <sealing display-name="Digitally sign and seal communications">no</sealing>
- <use-ssl display-name="Use SSL for encryption">no</use-ssl>
- <impersonation display-name="Logon and impersonate">yes</impersonation>
- <xchg-options display-name="Show Exchange Management Options">hide</xchg-options>
- <xchg-prov display-name="Enable Exchange mailbox provisioning">disabled</xchg-prov>
- <exch-api-type display-name="Exchange Management interface type (use-cdoexm/use-post-cdoexm)">use-post-cdoexm</exch-api-type>
- <exch-move display-name="Allow Exchange mailbox move (yes/no)">yes</exch-move>
- <exch-delete display-name="Allow Exchange mailbox delete (yes/no)">yes</exch-delete>
- <access-options display-name="Show access options">hide</access-options>
- <pollingInterval display-name="Driver Polling Interval">1</pollingInterval>
- <pub-heartbeat-interval display-name="Publisher heartbeat interval">1</pub-heartbeat-interval>
- <pub-password-expire-time display-name="Password Sync Timeout (minutes)">5</pub-password-expire-time>
- <search-domain-scope display-name="Search domain scope">yes</search-domain-scope>
- <retry-ldap-auth-unknown display-name="Retry LDAP Auth unknown error">no</retry-ldap-auth-unknown>
- <enable-incremental-values display-name="Enable DirSync Incremental Values">no</enable-incremental-values>
- </driver-options>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:46:22.512]:Active Directory ST:DriverShim.init() returned:
- [03/20/12 07:46:22.513]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success">
- <provides-secure-channel>false</provides-secure-channel>
- </status>
- </output>
- </nds>
- [03/20/12 07:46:22.517]:Active Directory ST:Initializing ECMAScript extensions.
- [03/20/12 07:46:22.519]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverFilter.
- [03/20/12 07:46:22.521]:Active Directory ST:Loaded filter.
- [03/20/12 07:46:22.521]:Active Directory ST:
- <filter>
- <filter-class class-name="Group" publisher="sync" subscriber="sync">
- <filter-attr attr-name="CN" publisher="ignore" subscriber="ignore"/>
- <filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Full Name" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="L" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Member" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Owner" publisher="sync" subscriber="sync"/>
- </filter-class>
- <filter-class class-name="Organizational Unit" publisher="sync" subscriber="sync">
- <filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="OU" publisher="ignore" subscriber="ignore"/>
- </filter-class>
- <filter-class class-name="User" publisher="sync" subscriber="sync">
- <filter-attr attr-name="CN" publisher="notify" subscriber="ignore"/>
- <filter-attr attr-name="Description" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="DirXML-ADAliasName" publisher="sync" subscriber="ignore"/>
- <!--filter-attr attr-name="DirXML-ADContext" publisher="notify" subscriber="sync"/-->
- <filter-attr attr-name="Facsimile Telephone Number" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Full Name" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Given Name" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Initials" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Internet EMail Address" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="L" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Login Allowed Time Map" publisher="sync" subscriber="sync"/>
- <!-- login disabled is not synchronized if account is controlled by entitlements-->
- <filter-attr attr-name="Login Disabled" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
- <filter-attr attr-name="Login Expiration Time" merge-authority="default" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>
- <filter-attr attr-name="Physical Delivery Office Name" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Postal Code" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Postal Office Box" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="S" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="SA" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Surname" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Telephone Number" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="Title" publisher="sync" subscriber="sync"/>
- <filter-attr attr-name="nspmDistributionPassword" merge-authority="none" publisher="ignore" publisher-optimize-modify="false" subscriber="notify"/>
- <!-- turn on entitlement notifications when entitlements are enabled.
- if the user enables entitlements after import this will need to be
- updated manually in the driver filter config via iManager or Designer. -->
- <filter-attr attr-name="DirXML-EntitlementRef" merge-authority="edir" publisher="ignore" publisher-optimize-modify="true" subscriber="notify"/>
- </filter-class>
- </filter>
- [03/20/12 07:46:22.526]:Active Directory ST:Initializing subscriber fdny\AD-TEST\Active Directory\Subscriber for \EDIR2ADLAB\fdny\AD-TEST\Active Directory.
- [03/20/12 07:46:22.526]:Active Directory ST:Loading Subscriber input transformation policies.
- [03/20/12 07:46:22.526]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Publish-itp-V1#XmlData.
- [03/20/12 07:46:22.528]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Publish-itp-V1#XmlData:
- [03/20/12 07:46:22.528]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.532]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-WriteAccounts-itp-V1#XmlData.
- [03/20/12 07:46:22.535]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.548]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/itp#XmlData.
- [03/20/12 07:46:22.549]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.551]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/itp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.551]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.553]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Password%28Pub%29-Sub+Email+Notifications#XmlData.
- [03/20/12 07:46:22.554]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.557]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-Audit-SendEntitlementsEvents-itp-V1#XmlData.
- [03/20/12 07:46:22.558]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.561]:Active Directory ST:Loading Subscriber output transformation policies.
- [03/20/12 07:46:22.562]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/otp#XmlData.
- [03/20/12 07:46:22.563]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.565]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Password%28Sub%29-Pub+Email+Notifications#XmlData.
- [03/20/12 07:46:22.565]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.567]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-ConvertPayload-otp-V1#XmlData.
- [03/20/12 07:46:22.568]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.571]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Subscribe-otp-V1#XmlData.
- [03/20/12 07:46:22.572]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Subscribe-otp-V1#XmlData:
- [03/20/12 07:46:22.573]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.575]:Active Directory ST:Loading Subscriber schema mapping policies.
- [03/20/12 07:46:22.575]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/smp#XmlData.
- [03/20/12 07:46:22.576]:Active Directory ST:Found schema map.
- [03/20/12 07:46:22.577]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/smp#XmlData.
- [03/20/12 07:46:22.577]:Active Directory ST:Found schema map.
- [03/20/12 07:46:22.578]:Active Directory ST:Loading policies.
- [03/20/12 07:46:22.578]:Active Directory ST:Loading Subscriber event transformation policies.
- [03/20/12 07:46:22.578]:Active Directory ST:Policy not found.
- [03/20/12 07:46:22.579]:Active Directory ST:Loading Subscriber object matching policies.
- [03/20/12 07:46:22.579]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-mp-Scoping#XmlData.
- [03/20/12 07:46:22.580]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-mp-Scoping#XmlData:
- [03/20/12 07:46:22.580]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.587]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-mp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.587]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.588]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-mp#XmlData.
- [03/20/12 07:46:22.589]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.591]:Active Directory ST:Loading Subscriber object creation policies.
- [03/20/12 07:46:22.592]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-cp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.593]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.593]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-cp-Users#XmlData.
- [03/20/12 07:46:22.594]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.596]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-cp-ExchMailboxPolicy#XmlData.
- [03/20/12 07:46:22.596]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.597]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-RequiredAttributes-sub-cp-V1#XmlData.
- [03/20/12 07:46:22.597]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-RequiredAttributes-sub-cp-V1#XmlData:
- [03/20/12 07:46:22.597]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.598]:Active Directory ST:Loading Subscriber object placement policies.
- [03/20/12 07:46:22.598]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-pp#XmlData.
- [03/20/12 07:46:22.599]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.599]:Active Directory ST:Loading Subscriber command transformation policies.
- [03/20/12 07:46:22.599]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-ctp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.600]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.602]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-ctp-Audit-TagEvent#XmlData.
- [03/20/12 07:46:22.603]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.604]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-ctp-UserNameMap#XmlData.
- [03/20/12 07:46:22.605]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.607]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-ctp-ExchMailboxPolicy#XmlData.
- [03/20/12 07:46:22.607]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.608]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/Password%28Sub%29-Transform+Distribution+Password#XmlData.
- [03/20/12 07:46:22.609]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.610]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/Password%28Sub%29-Default+Password+Policy#XmlData.
- [03/20/12 07:46:22.610]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.611]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/Password%28Sub%29-Check+Password+GCV#XmlData.
- [03/20/12 07:46:22.611]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.612]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/Password%28Sub%29-Add+Password+Payload#XmlData.
- [03/20/12 07:46:22.612]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.630]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Subscriber/sub-ctp-GroupMemberResolution#XmlData.
- [03/20/12 07:46:22.630]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.638]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-Trigger-sub-ctp-V1#XmlData.
- [03/20/12 07:46:22.639]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-Trigger-sub-ctp-V1#XmlData:
- [03/20/12 07:46:22.639]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.642]:Active Directory ST:Mapping sensitive attribute names to application space
- [03/20/12 07:46:22.703]:Active Directory ST:Initializing subscriber shim.
- [03/20/12 07:46:22.706]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ShimConfigInfo.
- [03/20/12 07:46:22.707]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverStorage.
- [03/20/12 07:46:22.708]:Active Directory ST:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.708]:Active Directory ST: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.708]:Active Directory ST: Mapping attr-name 'Full Name' to 'displayName'.
- [03/20/12 07:46:22.708]:Active Directory ST: Mapping attr-name 'Member' to 'member'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Owner' to 'managedBy'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Facsimile Telephone Number' to 'facsimileTelephoneNumber'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Full Name' to 'displayName'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Given Name' to 'givenName'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Initials' to 'initials'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Internet EMail Address' to 'mail'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'L' to 'physicalDeliveryOfficeName'.
- [03/20/12 07:46:22.709]:Active Directory ST: Mapping attr-name 'Login Allowed Time Map' to 'logonHours'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Login Disabled' to 'dirxml-uACAccountDisable'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Login Expiration Time' to 'accountExpires'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Physical Delivery Office Name' to 'l'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Postal Code' to 'postalCode'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Postal Office Box' to 'postOfficeBox'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'S' to 'st'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'SA' to 'streetAddress'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Surname' to 'sn'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Telephone Number' to 'telephoneNumber'.
- [03/20/12 07:46:22.710]:Active Directory ST: Mapping attr-name 'Title' to 'title'.
- [03/20/12 07:46:22.711]:Active Directory ST: Mapping class-name 'Group' to 'group'.
- [03/20/12 07:46:22.711]:Active Directory ST: Mapping class-name 'Organizational Unit' to 'organizationalUnit'.
- [03/20/12 07:46:22.711]:Active Directory ST: Mapping class-name 'User' to 'user'.
- [03/20/12 07:46:22.711]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>REMOTE(hostname=10.237.48.38 port=8090)10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-filter>
- <allow-class class-name="group">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="L"/>
- <allow-attr attr-name="member"/>
- <allow-attr attr-name="managedBy"/>
- </allow-class>
- <allow-class class-name="organizationalUnit">
- <allow-attr attr-name="description"/>
- </allow-class>
- <allow-class class-name="user">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="facsimileTelephoneNumber"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="givenName"/>
- <allow-attr attr-name="initials"/>
- <allow-attr attr-name="mail"/>
- <allow-attr attr-name="physicalDeliveryOfficeName"/>
- <allow-attr attr-name="logonHours"/>
- <allow-attr attr-name="dirxml-uACAccountDisable"/>
- <allow-attr attr-name="accountExpires"/>
- <allow-attr attr-name="l"/>
- <allow-attr attr-name="postalCode"/>
- <allow-attr attr-name="postOfficeBox"/>
- <allow-attr attr-name="st"/>
- <allow-attr attr-name="streetAddress"/>
- <allow-attr attr-name="sn"/>
- <allow-attr attr-name="telephoneNumber"/>
- <allow-attr attr-name="title"/>
- </allow-class>
- </driver-filter>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:46:22.713]:Active Directory ST:SubscriptionShim.init() returned:
- [03/20/12 07:46:22.713]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.713]:Active Directory ST:Applying input transformation policies.
- [03/20/12 07:46:22.713]:Active Directory ST:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:46:22.713]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.714]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.714]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.714]:Active Directory ST: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.714]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.714]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.714]:Active Directory ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.714]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.714]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.714]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.714]:Active Directory ST: (if-class-name available) = FALSE.
- [03/20/12 07:46:22.714]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.715]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:46:22.715]:Active Directory ST: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:46:22.715]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.715]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:46:22.715]:Active Directory ST: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:46:22.715]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.715]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.715]:Active Directory ST: (if-operation match "add|modify|delete|rename|move|status") = TRUE.
- [03/20/12 07:46:22.716]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.716]:Active Directory ST: Applying rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.716]:Active Directory ST: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
- [03/20/12 07:46:22.716]:Active Directory ST: arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
- [03/20/12 07:46:22.716]:Active Directory ST: token-global-variable("drv.acctTrk.identifiers")
- [03/20/12 07:46:22.716]:Active Directory ST: Token Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:46:22.716]:Active Directory ST: Arg Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:46:22.716]:Active Directory ST: Performing actions for local-variable(current-node) = "sAMAccountName".
- [03/20/12 07:46:22.717]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.717]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.717]:Active Directory ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.717]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.717]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.717]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.717]:Active Directory ST: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.717]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.717]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.717]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.718]:Active Directory ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:46:22.718]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.718]:Active Directory ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:46:22.718]:Active Directory ST: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.718]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.718]:Active Directory ST: Performing actions for local-variable(current-node) = "userPrincipalName".
- [03/20/12 07:46:22.718]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.718]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.718]:Active Directory ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.719]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.719]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.719]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.719]:Active Directory ST: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.719]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.719]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.719]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.719]:Active Directory ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:46:22.719]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.719]:Active Directory ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:46:22.720]:Active Directory ST: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.720]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.720]:Active Directory ST: Performing actions for local-variable(current-node) = "LDAPDN".
- [03/20/12 07:46:22.720]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.720]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.720]:Active Directory ST: (if-local-variable 'current-node' equal "LDAPDN") = TRUE.
- [03/20/12 07:46:22.720]:Active Directory ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.720]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.720]:Active Directory ST: (if-src-dn available) = FALSE.
- [03/20/12 07:46:22.721]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.721]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.721]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.721]:Active Directory ST: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.721]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.721]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.721]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.721]:Active Directory ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.721]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.721]:Active Directory ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.722]:Active Directory ST: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.722]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.722]:Active Directory ST: Performing actions for local-variable(current-node) = "association".
- [03/20/12 07:46:22.722]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.722]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.722]:Active Directory ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.722]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.722]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.722]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.722]:Active Directory ST: (if-local-variable 'current-node' equal "association") = TRUE.
- [03/20/12 07:46:22.723]:Active Directory ST: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.723]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.723]:Active Directory ST: (if-association available) = FALSE.
- [03/20/12 07:46:22.723]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.723]:Active Directory ST: Action: do-if().
- [03/20/12 07:46:22.723]:Active Directory ST: Evaluating conditions.
- [03/20/12 07:46:22.723]:Active Directory ST: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.723]:Active Directory ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.723]:Active Directory ST: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.724]:Active Directory ST: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.724]:Active Directory ST: Performing else actions.
- [03/20/12 07:46:22.724]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:46:22.724]:Active Directory ST: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:46:22.724]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.724]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.724]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.724]:Active Directory ST:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:46:22.725]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.725]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:46:22.725]:Active Directory ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.725]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.725]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:46:22.725]:Active Directory ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.725]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.725]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:46:22.725]:Active Directory ST: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.726]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.726]:Active Directory ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-xpath true "./@level='success'") = TRUE.
- [03/20/12 07:46:22.726]:Active Directory ST: (if-op-property 'AccountTracking-Operation' available) = FALSE.
- [03/20/12 07:46:22.726]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.727]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.727]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.727]:Active Directory ST:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:46:22.727]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.727]:Active Directory ST: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.727]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.727]:Active Directory ST: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.727]:Active Directory ST: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:46:22.727]:Active Directory ST: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.728]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.728]:Active Directory ST: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.728]:Active Directory ST: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:46:22.728]:Active Directory ST: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.728]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.728]:Active Directory ST: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.728]:Active Directory ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.728]:Active Directory ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.729]:Active Directory ST: Rule selected.
- [03/20/12 07:46:22.729]:Active Directory ST: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.729]:Active Directory ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.729]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.729]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.729]:Active Directory ST:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.729]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.729]:Active Directory ST: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:46:22.729]:Active Directory ST: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:46:22.730]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.730]:Active Directory ST: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:46:22.730]:Active Directory ST: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:46:22.730]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.730]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.730]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.730]:Active Directory ST:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:46:22.731]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.731]:Active Directory ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:46:22.731]:Active Directory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.731]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.731]:Active Directory ST: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
- [03/20/12 07:46:22.731]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.731]:Active Directory ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:46:22.731]:Active Directory ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.732]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.732]:Active Directory ST: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
- [03/20/12 07:46:22.732]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.732]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.732]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.732]:Active Directory ST:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:46:22.732]:Active Directory ST: Applying to status #1.
- [03/20/12 07:46:22.732]:Active Directory ST: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-op-property 'accountAction' equal "accountCreateByEntitlementGrant") = FALSE.
- [03/20/12 07:46:22.733]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.733]:Active Directory ST: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-xpath true "./operation-data/entitlement-impl/@state = '0'") = FALSE.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.733]:Active Directory ST: (if-op-property 'accountAction' equal "accountDeleteByEntitlementRevoke") = FALSE.
- [03/20/12 07:46:22.733]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.733]:Active Directory ST: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-op-property 'accountAction' equal "accountDisableByEntitlementRevoke") = FALSE.
- [03/20/12 07:46:22.734]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.734]:Active Directory ST: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-op-property 'accountAction' equal "accountEnableByEntitlementGrant") = FALSE.
- [03/20/12 07:46:22.734]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.734]:Active Directory ST: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.734]:Active Directory ST: (if-local-variable 'auditEventID' available) = FALSE.
- [03/20/12 07:46:22.735]:Active Directory ST: Rule rejected.
- [03/20/12 07:46:22.735]:Active Directory ST:Policy returned:
- [03/20/12 07:46:22.735]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.735]:Active Directory ST:Applying schema mapping policies to input.
- [03/20/12 07:46:22.735]:Active Directory ST:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.735]:Active Directory ST:Resolving association references.
- [03/20/12 07:46:22.735]:Active Directory ST:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.735]:Active Directory ST: Mapping class-name 'user' to 'User'.
- [03/20/12 07:46:22.735]:Active Directory ST: Mapping attr-name 'accountExpires' to 'Login Expiration Time'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'cn' to 'CN'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'description' to 'Description'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'dirxml-uACAccountDisable' to 'Login Disabled'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'displayName' to 'Full Name'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'facsimileTelephoneNumber' to 'Facsimile Telephone Number'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'givenName' to 'Given Name'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'initials' to 'Initials'.
- [03/20/12 07:46:22.736]:Active Directory ST: Mapping attr-name 'l' to 'Physical Delivery Office Name'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'lockoutTime' to 'Login Intruder Reset Time'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'logonHours' to 'Login Allowed Time Map'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'mail' to 'Internet EMail Address'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'memberOf' to 'Group Membership'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'ou' to 'OU'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'physicalDeliveryOfficeName' to 'L'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'postalCode' to 'Postal Code'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'postOfficeBox' to 'Postal Office Box'.
- [03/20/12 07:46:22.737]:Active Directory ST: Mapping attr-name 'sAMAccountName' to 'CN'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'seeAlso' to 'See Also'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'sn' to 'Surname'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'st' to 'S'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'streetAddress' to 'SA'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'telephoneNumber' to 'Telephone Number'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'title' to 'Title'.
- [03/20/12 07:46:22.738]:Active Directory ST: Mapping attr-name 'userPrincipalName' to 'DirXML-ADAliasName'.
- [03/20/12 07:46:22.739]:Active Directory ST:Application DN form: ldap.
- [03/20/12 07:46:22.739]:Active Directory ST:Creating publisher.
- [03/20/12 07:46:22.739]:Active Directory ST:Loading Publisher input transformation policies.
- [03/20/12 07:46:22.739]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Publish-itp-V1#XmlData.
- [03/20/12 07:46:22.740]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Publish-itp-V1#XmlData:
- [03/20/12 07:46:22.741]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.745]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-WriteAccounts-itp-V1#XmlData.
- [03/20/12 07:46:22.747]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.753]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/itp#XmlData.
- [03/20/12 07:46:22.754]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.755]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/itp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.755]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.769]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Password%28Pub%29-Sub+Email+Notifications#XmlData.
- [03/20/12 07:46:22.770]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.772]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-Audit-SendEntitlementsEvents-itp-V1#XmlData.
- [03/20/12 07:46:22.773]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.775]:Active Directory ST:Loading Publisher output transformation policies.
- [03/20/12 07:46:22.775]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/otp#XmlData.
- [03/20/12 07:46:22.776]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.777]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Password%28Sub%29-Pub+Email+Notifications#XmlData.
- [03/20/12 07:46:22.783]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.784]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-CredProv-ConvertPayload-otp-V1#XmlData.
- [03/20/12 07:46:22.785]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.791]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Subscribe-otp-V1#XmlData.
- [03/20/12 07:46:22.792]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-Subscribe-otp-V1#XmlData:
- [03/20/12 07:46:22.792]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.793]:Active Directory ST:Loading Publisher schema mapping policies.
- [03/20/12 07:46:22.794]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/smp#XmlData.
- [03/20/12 07:46:22.794]:Active Directory ST:Found schema map.
- [03/20/12 07:46:22.795]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/smp#XmlData.
- [03/20/12 07:46:22.795]:Active Directory ST:Found schema map.
- [03/20/12 07:46:22.796]:Active Directory ST:Loading Publisher event transformation policies.
- [03/20/12 07:46:22.796]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-etp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.796]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.797]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-etp-HandleMovesAndRenames#XmlData.
- [03/20/12 07:46:22.798]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-etp-HandleMovesAndRenames#XmlData:
- [03/20/12 07:46:22.798]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.799]:Active Directory ST:Loading Publisher object matching policies.
- [03/20/12 07:46:22.800]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-mp-Scoping#XmlData.
- [03/20/12 07:46:22.834]:Active Directory ST:Global Configuration Value replacements made in vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-mp-Scoping#XmlData:
- [03/20/12 07:46:22.834]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.835]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-mp-EntitlementsImpl#XmlData.
- [03/20/12 07:46:22.835]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.836]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-mp#XmlData.
- [03/20/12 07:46:22.836]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.837]:Active Directory ST:Loading Publisher object creation policies.
- [03/20/12 07:46:22.838]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-cp#XmlData.
- [03/20/12 07:46:22.838]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.839]:Active Directory ST:Loading Publisher object placement policies.
- [03/20/12 07:46:22.839]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-pp#XmlData.
- [03/20/12 07:46:22.839]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.840]:Active Directory ST:Loading Publisher command transformation policies.
- [03/20/12 07:46:22.840]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-ctp-UserNameMap#XmlData.
- [03/20/12 07:46:22.841]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.842]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-ctp#XmlData.
- [03/20/12 07:46:22.842]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.844]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/pub-cts#XmlData.
- [03/20/12 07:46:22.844]:Active Directory ST:Found XSLT policy.
- [03/20/12 07:46:22.845]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/Password%28Pub%29-Default+Password+Policy#XmlData.
- [03/20/12 07:46:22.846]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.846]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/Password%28Pub%29-Check+Password+GCV#XmlData.
- [03/20/12 07:46:22.846]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.847]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/Password%28Pub%29-Publish+Distribution+Password#XmlData.
- [03/20/12 07:46:22.848]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.849]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/Password%28Pub%29-Publish+NDS+Password#XmlData.
- [03/20/12 07:46:22.849]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.849]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory/Publisher/Password%28Pub%29-Add+Password+Payload#XmlData.
- [03/20/12 07:46:22.850]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.851]:Active Directory ST:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Library/lib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1#XmlData.
- [03/20/12 07:46:22.858]:Active Directory ST:Found DirXMLScript policy.
- [03/20/12 07:46:22.860]:Active Directory ST:Creating publisher thread.
- [03/20/12 07:46:22.860]:Active Directory ST:Publisher thread created.
- [03/20/12 07:46:22.862]:Active Directory PT:In publisher thread.
- [03/20/12 07:46:22.867]:Active Directory PT:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-ShimConfigInfo.
- [03/20/12 07:46:22.869]:Active Directory ST:Starting event loop.
- [03/20/12 07:46:22.870]:Active Directory ST:Received state change event.
- [03/20/12 07:46:22.870]:Active Directory ST:Transitioned from state '%+C%14CStopped%-C' to state '%+C%14CStarting%-C'.
- [03/20/12 07:46:22.871]:Active Directory PT:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverStorage.
- [03/20/12 07:46:22.872]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.872]:Active Directory PT: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.872]:Active Directory PT: Mapping attr-name 'Full Name' to 'displayName'.
- [03/20/12 07:46:22.872]:Active Directory PT: Mapping attr-name 'Member' to 'member'.
- [03/20/12 07:46:22.872]:Active Directory PT: Mapping attr-name 'Owner' to 'managedBy'.
- [03/20/12 07:46:22.872]:Active Directory PT: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.873]:Active Directory ST:Successfully processed state change event.
- [03/20/12 07:46:22.873]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:46:22.873]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'CN' to 'sAMAccountName'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'Description' to 'description'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'DirXML-ADAliasName' to 'userPrincipalName'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'Facsimile Telephone Number' to 'facsimileTelephoneNumber'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'Full Name' to 'displayName'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'Given Name' to 'givenName'.
- [03/20/12 07:46:22.874]:Active Directory PT: Mapping attr-name 'Initials' to 'initials'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Internet EMail Address' to 'mail'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'L' to 'physicalDeliveryOfficeName'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Login Allowed Time Map' to 'logonHours'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Login Disabled' to 'dirxml-uACAccountDisable'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Login Expiration Time' to 'accountExpires'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Physical Delivery Office Name' to 'l'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Postal Code' to 'postalCode'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'Postal Office Box' to 'postOfficeBox'.
- [03/20/12 07:46:22.875]:Active Directory PT: Mapping attr-name 'S' to 'st'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping attr-name 'SA' to 'streetAddress'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping attr-name 'Surname' to 'sn'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping attr-name 'Telephone Number' to 'telephoneNumber'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping attr-name 'Title' to 'title'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping class-name 'Group' to 'group'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping class-name 'Organizational Unit' to 'organizationalUnit'.
- [03/20/12 07:46:22.876]:Active Directory PT: Mapping class-name 'User' to 'user'.
- [03/20/12 07:46:22.876]:Active Directory PT:Initializing publisher shim.
- [03/20/12 07:46:22.876]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>REMOTE(hostname=10.237.48.38 port=8090)10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-filter>
- <allow-class class-name="group">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="L"/>
- <allow-attr attr-name="member"/>
- <allow-attr attr-name="managedBy"/>
- </allow-class>
- <allow-class class-name="organizationalUnit">
- <allow-attr attr-name="description"/>
- </allow-class>
- <allow-class class-name="user">
- <allow-attr attr-name="sAMAccountName"/>
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="userPrincipalName"/>
- <allow-attr attr-name="facsimileTelephoneNumber"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="givenName"/>
- <allow-attr attr-name="initials"/>
- <allow-attr attr-name="mail"/>
- <allow-attr attr-name="physicalDeliveryOfficeName"/>
- <allow-attr attr-name="logonHours"/>
- <allow-attr attr-name="dirxml-uACAccountDisable"/>
- <allow-attr attr-name="accountExpires"/>
- <allow-attr attr-name="l"/>
- <allow-attr attr-name="postalCode"/>
- <allow-attr attr-name="postOfficeBox"/>
- <allow-attr attr-name="st"/>
- <allow-attr attr-name="streetAddress"/>
- <allow-attr attr-name="sn"/>
- <allow-attr attr-name="telephoneNumber"/>
- <allow-attr attr-name="title"/>
- </allow-class>
- </driver-filter>
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:46:22.879]:Active Directory PT:PublicationShim.init() returned:
- [03/20/12 07:46:22.879]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.879]:Active Directory PT:Applying input transformation policies.
- [03/20/12 07:46:22.879]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:46:22.879]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.879]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.879]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.879]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.879]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.880]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.880]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.880]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.880]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.880]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.880]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:46:22.880]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.880]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:46:22.880]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:46:22.880]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.881]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:46:22.881]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:46:22.881]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.881]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.881]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = TRUE.
- [03/20/12 07:46:22.881]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.881]:Active Directory PT: Applying rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.881]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
- [03/20/12 07:46:22.881]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
- [03/20/12 07:46:22.882]:Active Directory PT: token-global-variable("drv.acctTrk.identifiers")
- [03/20/12 07:46:22.882]:Active Directory PT: Token Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:46:22.882]:Active Directory PT: Arg Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:46:22.882]:Active Directory PT: Performing actions for local-variable(current-node) = "sAMAccountName".
- [03/20/12 07:46:22.882]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.882]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.882]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.882]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.882]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.883]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.883]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.883]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.883]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.883]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.883]:Active Directory PT: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:46:22.883]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.883]:Active Directory PT: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:46:22.883]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.884]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.884]:Active Directory PT: Performing actions for local-variable(current-node) = "userPrincipalName".
- [03/20/12 07:46:22.884]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.884]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.884]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.884]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.884]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.884]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.884]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.902]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.902]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.902]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.902]:Active Directory PT: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:46:22.902]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.902]:Active Directory PT: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:46:22.903]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.903]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.903]:Active Directory PT: Performing actions for local-variable(current-node) = "LDAPDN".
- [03/20/12 07:46:22.903]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.903]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.903]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = TRUE.
- [03/20/12 07:46:22.903]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.903]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.903]:Active Directory PT: (if-src-dn available) = FALSE.
- [03/20/12 07:46:22.904]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.904]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.904]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.904]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:46:22.904]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.904]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.904]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.904]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.904]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.905]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:46:22.905]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.905]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.905]:Active Directory PT: Performing actions for local-variable(current-node) = "association".
- [03/20/12 07:46:22.905]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.905]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.905]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:46:22.905]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.905]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.905]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.906]:Active Directory PT: (if-local-variable 'current-node' equal "association") = TRUE.
- [03/20/12 07:46:22.906]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.906]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.906]:Active Directory PT: (if-association available) = FALSE.
- [03/20/12 07:46:22.906]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.906]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.906]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.906]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.906]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:46:22.907]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:46:22.907]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:46:22.907]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.907]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:46:22.907]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:46:22.907]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.907]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.907]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.908]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:46:22.908]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.908]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:46:22.908]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.908]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.908]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:46:22.908]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.908]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.909]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.909]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.909]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.909]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.910]:Active Directory PT: (if-xpath true "./@level='success'") = TRUE.
- [03/20/12 07:46:22.910]:Active Directory PT: (if-op-property 'AccountTracking-Operation' available) = FALSE.
- [03/20/12 07:46:22.910]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.910]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.910]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.910]:Active Directory PT:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:46:22.910]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.910]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.910]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.910]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.911]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:46:22.911]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.911]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.911]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.911]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:46:22.911]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.911]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.911]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.912]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.912]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.912]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.912]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.912]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.912]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.912]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.913]:Active Directory PT:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.913]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.913]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:46:22.913]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:46:22.913]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.913]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:46:22.913]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:46:22.913]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.913]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.913]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.914]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:46:22.914]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.914]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:46:22.914]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.914]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.914]:Active Directory PT: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
- [03/20/12 07:46:22.914]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.914]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:46:22.915]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.915]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.915]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
- [03/20/12 07:46:22.915]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.915]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.915]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.915]:Active Directory PT:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:46:22.915]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:22.915]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-op-property 'accountAction' equal "accountCreateByEntitlementGrant") = FALSE.
- [03/20/12 07:46:22.916]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.916]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-xpath true "./operation-data/entitlement-impl/@state = '0'") = FALSE.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.916]:Active Directory PT: (if-op-property 'accountAction' equal "accountDeleteByEntitlementRevoke") = FALSE.
- [03/20/12 07:46:22.917]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.917]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:46:22.917]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.917]:Active Directory PT: (if-op-property 'accountAction' equal "accountDisableByEntitlementRevoke") = FALSE.
- [03/20/12 07:46:22.917]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.917]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:46:22.917]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.917]:Active Directory PT: (if-op-property 'accountAction' equal "accountEnableByEntitlementGrant") = FALSE.
- [03/20/12 07:46:22.917]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.917]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:46:22.918]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.919]:Active Directory PT: (if-local-variable 'auditEventID' available) = FALSE.
- [03/20/12 07:46:22.919]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.919]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.919]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:46:22.919]:Active Directory PT:Applying schema mapping policies to input.
- [03/20/12 07:46:22.919]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.920]:Active Directory PT:Resolving association references.
- [03/20/12 07:46:22.923]:Active Directory PT:Receiving DOM document from application.
- [03/20/12 07:46:22.923]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.924]:Active Directory PT:Applying input transformation policies.
- [03/20/12 07:46:22.924]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:46:22.924]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.924]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.924]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.924]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.924]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.925]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.925]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.925]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.925]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.925]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.925]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:46:22.925]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.925]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:46:22.925]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:46:22.925]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.925]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:46:22.926]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:46:22.926]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.926]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.926]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = FALSE.
- [03/20/12 07:46:22.926]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.926]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:46:22.926]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:46:22.926]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.926]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.927]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.927]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:46:22.927]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.927]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:46:22.927]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.927]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.927]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:46:22.927]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.928]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.928]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:46:22.928]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:46:22.928]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.928]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.928]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:46:22.928]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:46:22.928]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.928]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.928]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.929]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.929]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.929]:Active Directory PT:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:46:22.929]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.929]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.929]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.929]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.929]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:46:22.929]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.930]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.930]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.930]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:46:22.930]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.930]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.930]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.930]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.930]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.931]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.931]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.931]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.931]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.931]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.931]:Active Directory PT:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.931]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.931]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:46:22.932]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:46:22.932]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.932]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:46:22.932]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:46:22.932]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.932]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.932]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.932]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:46:22.933]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.933]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:46:22.933]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.933]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.933]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.933]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:46:22.933]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.933]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.933]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.933]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.934]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.934]:Active Directory PT:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:46:22.934]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.934]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:46:22.934]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.934]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.934]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:46:22.934]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.935]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.935]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.935]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:46:22.935]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.935]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.935]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:46:22.935]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.935]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.935]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:46:22.935]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.935]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.936]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.936]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.936]:Active Directory PT:Applying schema mapping policies to input.
- [03/20/12 07:46:22.936]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.936]:Active Directory PT: No mapping for attr-name 'Public Key'.
- [03/20/12 07:46:22.936]:Active Directory PT:Resolving association references.
- [03/20/12 07:46:22.936]:Active Directory PT:Applying event transformation policies.
- [03/20/12 07:46:22.937]:Active Directory PT:Applying policy: %+C%14Cpub-etp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.937]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.937]:Active Directory PT: Evaluating selection criteria for rule 'Disallow user account delete when using entitlements'.
- [03/20/12 07:46:22.937]:Active Directory PT: (if-operation equal "delete") = FALSE.
- [03/20/12 07:46:22.937]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.937]:Active Directory PT: Evaluating selection criteria for rule 'Strip Login Disabled from operation (Disable Option)'.
- [03/20/12 07:46:22.937]:Active Directory PT: (if-global-variable 'drv.entitlement.UserAccount' equal "true") = FALSE.
- [03/20/12 07:46:22.937]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.937]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.937]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.938]:Active Directory PT:Applying policy: %+C%14Cpub-etp-HandleMovesAndRenames%-C.
- [03/20/12 07:46:22.938]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.938]:Active Directory PT: Evaluating selection criteria for rule 'break if not a move or rename'.
- [03/20/12 07:46:22.938]:Active Directory PT: (if-operation not-match "move|rename") = TRUE.
- [03/20/12 07:46:22.938]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.938]:Active Directory PT: Applying rule 'break if not a move or rename'.
- [03/20/12 07:46:22.938]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.938]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.938]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.940]:Active Directory PT:Skipping publisher filter on operation query.
- [03/20/12 07:46:22.940]:Active Directory PT:Publisher processing query for .
- [03/20/12 07:46:22.940]:Active Directory PT:Applying command transformation policies.
- [03/20/12 07:46:22.940]:Active Directory PT:Applying policy: %+C%14Cpub-ctp-UserNameMap%-C.
- [03/20/12 07:46:22.940]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.940]:Active Directory PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:46:22.940]:Active Directory PT: (if-class-name not-equal "User") = TRUE.
- [03/20/12 07:46:22.940]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.940]:Active Directory PT: Applying rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:46:22.941]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.941]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.941]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.941]:Active Directory PT:Applying policy: %+C%14Cpub-ctp%-C.
- [03/20/12 07:46:22.941]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.941]:Active Directory PT: Evaluating selection criteria for rule 'set cached context value on merge'.
- [03/20/12 07:46:22.941]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.941]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.941]:Active Directory PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
- [03/20/12 07:46:22.942]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:46:22.942]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.942]:Active Directory PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
- [03/20/12 07:46:22.942]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:46:22.942]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.942]:Active Directory PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
- [03/20/12 07:46:22.942]:Active Directory PT: (if-operation equal "remove-association") = FALSE.
- [03/20/12 07:46:22.942]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.942]:Active Directory PT: Evaluating selection criteria for rule 'Prevent unassociated users from being removed from groups'.
- [03/20/12 07:46:22.942]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.942]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.943]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.943]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.943]:Active Directory PT:Applying XSLT policy: %+C%14Cpub-cts%-C.
- [03/20/12 07:46:22.943]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.943]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.944]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Default Password Policy%-C.
- [03/20/12 07:46:22.944]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.944]:Active Directory PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
- [03/20/12 07:46:22.944]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.944]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.944]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.944]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.945]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Check Password GCV%-C.
- [03/20/12 07:46:22.945]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.945]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
- [03/20/12 07:46:22.945]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:46:22.945]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.945]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
- [03/20/12 07:46:22.945]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:46:22.945]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.945]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.945]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.946]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish Distribution Password%-C.
- [03/20/12 07:46:22.946]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.946]:Active Directory PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
- [03/20/12 07:46:22.946]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:46:22.946]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.946]:Active Directory PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
- [03/20/12 07:46:22.946]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:46:22.946]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.947]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.947]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.947]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish NDS Password%-C.
- [03/20/12 07:46:22.947]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.947]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
- [03/20/12 07:46:22.947]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:46:22.947]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.947]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
- [03/20/12 07:46:22.947]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:46:22.948]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.948]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.948]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.948]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Add Password Payload%-C.
- [03/20/12 07:46:22.948]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.948]:Active Directory PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
- [03/20/12 07:46:22.948]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.948]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.949]:Active Directory PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "addPayloadToPassword") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.949]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.949]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.949]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.950]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1%-C.
- [03/20/12 07:46:22.950]:Active Directory PT: Applying to query #1.
- [03/20/12 07:46:22.950]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard policy if disabled'.
- [03/20/12 07:46:22.950]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.950]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.950]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add operation add Dirxml-Accounts'.
- [03/20/12 07:46:22.950]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.950]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.950]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.951]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <query dest-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" scope="entry">
- <read-attr attr-name="Public Key"/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:22.951]:Active Directory PT:Filtering out notification-only attributes.
- [03/20/12 07:46:22.954]:Active Directory PT:Pumping XDS to eDirectory.
- [03/20/12 07:46:22.954]:Active Directory PT:Performing operation query for \EDIR2ADLAB\fdny\AD-TEST\Active Directory.
- [03/20/12 07:46:22.956]:Active Directory PT:Fixing up association references.
- [03/20/12 07:46:22.956]:Active Directory PT:Applying schema mapping policies to output.
- [03/20/12 07:46:22.956]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.956]:Active Directory PT: No mapping for class-name 'DirXML-Driver'.
- [03/20/12 07:46:22.956]:Active Directory PT:Applying output transformation policies.
- [03/20/12 07:46:22.956]:Active Directory PT:Applying policy: %+C%14Cotp%-C.
- [03/20/12 07:46:22.956]:Active Directory PT: Applying to instance #1.
- [03/20/12 07:46:22.957]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:22.957]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.957]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:22.957]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:46:22.957]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:22.957]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.957]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:22.957]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:46:22.957]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:46:22.958]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:46:22.958]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.958]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:22.958]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.958]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:22.958]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:46:22.958]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:46:22.958]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.958]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.959]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:46:22.959]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:46:22.959]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.959]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:22.959]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:46:22.959]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.959]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:22.959]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:46:22.959]:Active Directory PT: Applying to status #2.
- [03/20/12 07:46:22.960]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:22.960]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.960]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:22.960]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:46:22.960]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:22.960]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.960]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:22.960]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:46:22.960]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:46:22.961]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:46:22.961]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.961]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:22.961]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.961]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:22.961]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:46:22.961]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:46:22.961]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.961]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.962]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:46:22.962]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:46:22.962]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.962]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:22.962]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:46:22.962]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.962]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:22.962]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:46:22.962]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.962]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=fdny\CN=AD-TEST\CN=Active Directory" src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" src-entry-id="32944">
- <attr attr-name="Public Key">
- <value timestamp="1332184540#697" type="octet">AQAAAAQAAAAkAHAAAADmACQATAB2AAAAAABDAE4APQBBAEQALQBUAEUAUwBUAC4ATwA9AGYAZABuAHkAAABDAE4APQBBAGMAdABpAHYAZQAgAEQAaQByAGUAYwB0AG8AcgB5AC4AQwBOAD0AQQBEAC0AVABFAFMAVAAuAE8APQBmAGQAbgB5AAAAAQAAAAMAAQBsAEJWBAAxLjAAQkMBAANCQQEAMEJMAgCkAU5ONQC5bOuMRBmQK0mywzIj+acjb7egL2IxWOhKYCqHwHioBUi9s2AbhNtgCN4EPov4LdxnCXXuC0VOAwABAAFNQQgAx2McOp4O1TdkAFBVUlNBRg==</value>
- </attr>
- </instance>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:46:22.963]:Active Directory PT:Applying policy: %+C%14CPassword(Sub)-Pub Email Notifications%-C.
- [03/20/12 07:46:22.963]:Active Directory PT: Applying to instance #1.
- [03/20/12 07:46:22.964]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:46:22.964]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.964]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.964]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.964]:Active Directory PT: Applying to status #2.
- [03/20/12 07:46:22.964]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:46:22.964]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.964]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:22.964]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
- [03/20/12 07:46:22.965]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.965]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.965]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=fdny\CN=AD-TEST\CN=Active Directory" src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" src-entry-id="32944">
- <attr attr-name="Public Key">
- <value timestamp="1332184540#697" type="octet">AQAAAAQAAAAkAHAAAADmACQATAB2AAAAAABDAE4APQBBAEQALQBUAEUAUwBUAC4ATwA9AGYAZABuAHkAAABDAE4APQBBAGMAdABpAHYAZQAgAEQAaQByAGUAYwB0AG8AcgB5AC4AQwBOAD0AQQBEAC0AVABFAFMAVAAuAE8APQBmAGQAbgB5AAAAAQAAAAMAAQBsAEJWBAAxLjAAQkMBAANCQQEAMEJMAgCkAU5ONQC5bOuMRBmQK0mywzIj+acjb7egL2IxWOhKYCqHwHioBUi9s2AbhNtgCN4EPov4LdxnCXXuC0VOAwABAAFNQQgAx2McOp4O1TdkAFBVUlNBRg==</value>
- </attr>
- </instance>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:46:22.966]:Active Directory PT:Applying policy: %+C%14Clib-CredProv-ConvertPayload-otp-V1%-C.
- [03/20/12 07:46:22.966]:Active Directory PT: Applying to instance #1.
- [03/20/12 07:46:22.966]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:22.966]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.966]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:22.966]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.966]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.966]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:46:22.966]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:22.966]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.967]:Active Directory PT: Applying to status #2.
- [03/20/12 07:46:22.967]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:22.967]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.967]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:22.967]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.967]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.967]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:46:22.967]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:22.967]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.967]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.968]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=fdny\CN=AD-TEST\CN=Active Directory" src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" src-entry-id="32944">
- <attr attr-name="Public Key">
- <value timestamp="1332184540#697" type="octet">AQAAAAQAAAAkAHAAAADmACQATAB2AAAAAABDAE4APQBBAEQALQBUAEUAUwBUAC4ATwA9AGYAZABuAHkAAABDAE4APQBBAGMAdABpAHYAZQAgAEQAaQByAGUAYwB0AG8AcgB5AC4AQwBOAD0AQQBEAC0AVABFAFMAVAAuAE8APQBmAGQAbgB5AAAAAQAAAAMAAQBsAEJWBAAxLjAAQkMBAANCQQEAMEJMAgCkAU5ONQC5bOuMRBmQK0mywzIj+acjb7egL2IxWOhKYCqHwHioBUi9s2AbhNtgCN4EPov4LdxnCXXuC0VOAwABAAFNQQgAx2McOp4O1TdkAFBVUlNBRg==</value>
- </attr>
- </instance>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:46:22.968]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Subscribe-otp-V1%-C.
- [03/20/12 07:46:22.969]:Active Directory PT: Applying to instance #1.
- [03/20/12 07:46:22.969]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.969]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.969]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.969]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.969]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.969]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.969]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.969]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:46:22.969]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:46:22.970]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:46:22.970]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:46:22.970]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:46:22.970]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:46:22.970]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.970]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.970]:Active Directory PT: Expanded variable reference '$current-node$' to 'user'.
- [03/20/12 07:46:22.970]:Active Directory PT: (if-class-name equal "$current-node$") = FALSE.
- [03/20/12 07:46:22.970]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.971]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.971]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.971]:Active Directory PT: (if-local-variable 'pass' not-available) = TRUE.
- [03/20/12 07:46:22.971]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:22.971]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.971]:Active Directory PT: Applying to status #2.
- [03/20/12 07:46:22.971]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.971]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.971]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.971]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.971]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.972]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.972]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.972]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:46:22.972]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:46:22.972]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:46:22.972]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:46:22.972]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:46:22.972]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:46:22.972]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.973]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.973]:Active Directory PT: (if-class-name equal "$current-node$") = FALSE.
- [03/20/12 07:46:22.973]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.973]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.973]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.973]:Active Directory PT: (if-local-variable 'pass' not-available) = TRUE.
- [03/20/12 07:46:22.973]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:22.973]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.973]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.973]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=fdny\CN=AD-TEST\CN=Active Directory" src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" src-entry-id="32944">
- <attr attr-name="Public Key">
- <value timestamp="1332184540#697" type="octet">AQAAAAQAAAAkAHAAAADmACQATAB2AAAAAABDAE4APQBBAEQALQBUAEUAUwBUAC4ATwA9AGYAZABuAHkAAABDAE4APQBBAGMAdABpAHYAZQAgAEQAaQByAGUAYwB0AG8AcgB5AC4AQwBOAD0AQQBEAC0AVABFAFMAVAAuAE8APQBmAGQAbgB5AAAAAQAAAAMAAQBsAEJWBAAxLjAAQkMBAANCQQEAMEJMAgCkAU5ONQC5bOuMRBmQK0mywzIj+acjb7egL2IxWOhKYCqHwHioBUi9s2AbhNtgCN4EPov4LdxnCXXuC0VOAwABAAFNQQgAx2McOp4O1TdkAFBVUlNBRg==</value>
- </attr>
- </instance>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:46:22.974]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <instance class-name="DirXML-Driver" event-id="0" qualified-src-dn="O=fdny\CN=AD-TEST\CN=Active Directory" src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory" src-entry-id="32944">
- <attr attr-name="Public Key">
- <value timestamp="1332184540#697" type="octet">AQAAAAQAAAAkAHAAAADmACQATAB2AAAAAABDAE4APQBBAEQALQBUAEUAUwBUAC4ATwA9AGYAZABuAHkAAABDAE4APQBBAGMAdABpAHYAZQAgAEQAaQByAGUAYwB0AG8AcgB5AC4AQwBOAD0AQQBEAC0AVABFAFMAVAAuAE8APQBmAGQAbgB5AAAAAQAAAAMAAQBsAEJWBAAxLjAAQkMBAANCQQEAMEJMAgCkAU5ONQC5bOuMRBmQK0mywzIj+acjb7egL2IxWOhKYCqHwHioBUi9s2AbhNtgCN4EPov4LdxnCXXuC0VOAwABAAFNQQgAx2McOp4O1TdkAFBVUlNBRg==</value>
- </attr>
- </instance>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:46:22.975]:Active Directory PT:Receiving DOM document from application.
- [03/20/12 07:46:22.975]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.976]:Active Directory PT:Applying input transformation policies.
- [03/20/12 07:46:22.976]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:46:22.976]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.976]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.976]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.976]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:22.976]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.976]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.977]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.977]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.977]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:22.977]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:22.977]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:46:22.977]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:22.977]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:46:22.977]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:46:22.977]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.977]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:46:22.978]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:46:22.978]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.978]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:46:22.978]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = FALSE.
- [03/20/12 07:46:22.978]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.978]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:46:22.978]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:46:22.978]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.978]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.978]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.979]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:46:22.979]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.979]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:46:22.979]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:22.979]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.979]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:46:22.979]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.980]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.980]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:46:22.980]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:46:22.980]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.980]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.980]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:46:22.980]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:46:22.980]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:46:22.980]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.980]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.981]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.981]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.981]:Active Directory PT:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:46:22.981]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.981]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.981]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.981]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:46:22.981]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:46:22.982]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.982]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.982]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:46:22.982]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:46:22.982]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.982]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.982]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.982]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.982]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.983]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.983]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:46:22.983]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:46:22.983]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.983]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.983]:Active Directory PT:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.983]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.983]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:46:22.984]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:46:22.984]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.984]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:46:22.984]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:46:22.984]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.984]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.984]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.985]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:46:22.985]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.985]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:46:22.985]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.985]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.985]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.985]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:46:22.985]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:22.985]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.986]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.986]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.986]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.986]:Active Directory PT:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:46:22.986]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.986]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:46:22.986]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.986]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.986]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:46:22.987]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.987]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.987]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.987]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:46:22.987]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.987]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.987]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:46:22.987]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.987]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.987]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:46:22.988]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:46:22.988]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.988]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.988]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.988]:Active Directory PT:Applying schema mapping policies to input.
- [03/20/12 07:46:22.988]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:22.988]:Active Directory PT:Resolving association references.
- [03/20/12 07:46:22.989]:Active Directory PT:Applying event transformation policies.
- [03/20/12 07:46:22.989]:Active Directory PT:Applying policy: %+C%14Cpub-etp-EntitlementsImpl%-C.
- [03/20/12 07:46:22.989]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.989]:Active Directory PT: Evaluating selection criteria for rule 'Disallow user account delete when using entitlements'.
- [03/20/12 07:46:22.989]:Active Directory PT: (if-operation equal "delete") = FALSE.
- [03/20/12 07:46:22.989]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.989]:Active Directory PT: Evaluating selection criteria for rule 'Strip Login Disabled from operation (Disable Option)'.
- [03/20/12 07:46:22.989]:Active Directory PT: (if-global-variable 'drv.entitlement.UserAccount' equal "true") = FALSE.
- [03/20/12 07:46:22.989]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.989]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.990]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.990]:Active Directory PT:Applying policy: %+C%14Cpub-etp-HandleMovesAndRenames%-C.
- [03/20/12 07:46:22.990]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.990]:Active Directory PT: Evaluating selection criteria for rule 'break if not a move or rename'.
- [03/20/12 07:46:22.990]:Active Directory PT: (if-operation not-match "move|rename") = TRUE.
- [03/20/12 07:46:22.990]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.990]:Active Directory PT: Applying rule 'break if not a move or rename'.
- [03/20/12 07:46:22.990]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.990]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.991]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.991]:Active Directory PT:Applying publisher filter.
- [03/20/12 07:46:22.991]:Active Directory PT:Publisher processing check-password for .
- [03/20/12 07:46:22.991]:Active Directory PT:Applying command transformation policies.
- [03/20/12 07:46:22.991]:Active Directory PT:Applying policy: %+C%14Cpub-ctp-UserNameMap%-C.
- [03/20/12 07:46:22.991]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.991]:Active Directory PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:46:22.992]:Active Directory PT: (if-class-name not-equal "User") = TRUE.
- [03/20/12 07:46:22.992]:Active Directory PT: Rule selected.
- [03/20/12 07:46:22.992]:Active Directory PT: Applying rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:46:22.992]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:22.992]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.992]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.992]:Active Directory PT:Applying policy: %+C%14Cpub-ctp%-C.
- [03/20/12 07:46:22.992]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.992]:Active Directory PT: Evaluating selection criteria for rule 'set cached context value on merge'.
- [03/20/12 07:46:22.993]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.993]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.993]:Active Directory PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
- [03/20/12 07:46:22.993]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:46:22.993]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.993]:Active Directory PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
- [03/20/12 07:46:22.993]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:46:22.993]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.993]:Active Directory PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
- [03/20/12 07:46:22.993]:Active Directory PT: (if-operation equal "remove-association") = FALSE.
- [03/20/12 07:46:22.994]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.994]:Active Directory PT: Evaluating selection criteria for rule 'Prevent unassociated users from being removed from groups'.
- [03/20/12 07:46:22.994]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:22.994]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.994]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.994]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.994]:Active Directory PT:Applying XSLT policy: %+C%14Cpub-cts%-C.
- [03/20/12 07:46:22.995]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.995]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.995]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Default Password Policy%-C.
- [03/20/12 07:46:22.995]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.995]:Active Directory PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
- [03/20/12 07:46:22.995]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:22.995]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.996]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.996]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.996]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Check Password GCV%-C.
- [03/20/12 07:46:22.996]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.996]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
- [03/20/12 07:46:22.996]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:46:22.996]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.997]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
- [03/20/12 07:46:22.997]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:46:22.997]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.997]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.997]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.997]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish Distribution Password%-C.
- [03/20/12 07:46:22.997]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.997]:Active Directory PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
- [03/20/12 07:46:22.998]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:46:22.998]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.998]:Active Directory PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
- [03/20/12 07:46:22.998]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:46:22.998]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.998]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.998]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:22.998]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish NDS Password%-C.
- [03/20/12 07:46:22.999]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:22.999]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
- [03/20/12 07:46:22.999]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:46:22.999]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.999]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
- [03/20/12 07:46:22.999]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:46:22.999]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:22.999]:Active Directory PT:Policy returned:
- [03/20/12 07:46:22.999]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:23.000]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Add Password Payload%-C.
- [03/20/12 07:46:23.000]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:23.000]:Active Directory PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
- [03/20/12 07:46:23.000]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:23.000]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:23.000]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.001]:Active Directory PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
- [03/20/12 07:46:23.001]:Active Directory PT: (if-operation equal "addPayloadToPassword") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:46:23.001]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.001]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.001]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:23.002]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1%-C.
- [03/20/12 07:46:23.002]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:46:23.002]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard policy if disabled'.
- [03/20/12 07:46:23.002]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:23.002]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.002]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add operation add Dirxml-Accounts'.
- [03/20/12 07:46:23.002]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:23.002]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.002]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.003]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty."><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:46:23.003]:Active Directory PT:Filtering out notification-only attributes.
- [03/20/12 07:46:23.003]:Active Directory PT:Pumping XDS to eDirectory.
- [03/20/12 07:46:23.003]:Active Directory PT:Performing operation check-password for .
- [03/20/12 07:46:23.065]:Active Directory PT:Fixing up association references.
- [03/20/12 07:46:23.065]:Active Directory PT:Applying schema mapping policies to output.
- [03/20/12 07:46:23.065]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:46:23.065]:Active Directory PT:Applying output transformation policies.
- [03/20/12 07:46:23.066]:Active Directory PT:Applying policy: %+C%14Cotp%-C.
- [03/20/12 07:46:23.066]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:23.066]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:23.066]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.066]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:46:23.066]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:46:23.066]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:23.066]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.066]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:46:23.067]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:46:23.067]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:46:23.067]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:46:23.067]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.067]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:23.067]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.067]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:46:23.067]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:46:23.068]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:46:23.068]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:46:23.068]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.068]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:46:23.068]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:46:23.068]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.068]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:23.068]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:46:23.068]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.069]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:46:23.069]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:46:23.069]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.069]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty." level="error">Code(-9046) Invalid password specified for <check-password>.</status>
- </output>
- </nds>
- [03/20/12 07:46:23.069]:Active Directory PT:Applying policy: %+C%14CPassword(Sub)-Pub Email Notifications%-C.
- [03/20/12 07:46:23.069]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:23.070]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:46:23.070]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:46:23.070]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:46:23.070]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
- [03/20/12 07:46:23.070]:Active Directory PT: Rule rejected.
- [03/20/12 07:46:23.070]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.070]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty." level="error">Code(-9046) Invalid password specified for <check-password>.</status>
- </output>
- </nds>
- [03/20/12 07:46:23.071]:Active Directory PT:Applying policy: %+C%14Clib-CredProv-ConvertPayload-otp-V1%-C.
- [03/20/12 07:46:23.071]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:23.071]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:23.071]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.071]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:46:23.071]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:23.071]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:23.071]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:46:23.071]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:23.072]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:23.072]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.072]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty." level="error">Code(-9046) Invalid password specified for <check-password>.</status>
- </output>
- </nds>
- [03/20/12 07:46:23.072]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Subscribe-otp-V1%-C.
- [03/20/12 07:46:23.072]:Active Directory PT: Applying to status #1.
- [03/20/12 07:46:23.072]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:23.072]:Active Directory PT: Rule selected.
- [03/20/12 07:46:23.073]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:46:23.073]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:23.073]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:23.073]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:46:23.073]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:23.073]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:46:23.073]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:46:23.073]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:46:23.073]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:46:23.073]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:46:23.074]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:46:23.074]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:23.074]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:23.074]:Active Directory PT: (if-class-name equal "$current-node$") = FALSE.
- [03/20/12 07:46:23.074]:Active Directory PT: Performing else actions.
- [03/20/12 07:46:23.074]:Active Directory PT: Action: do-if().
- [03/20/12 07:46:23.074]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:46:23.074]:Active Directory PT: (if-local-variable 'pass' not-available) = TRUE.
- [03/20/12 07:46:23.074]:Active Directory PT: Performing if actions.
- [03/20/12 07:46:23.074]:Active Directory PT: Action: do-break().
- [03/20/12 07:46:23.074]:Active Directory PT:Policy returned:
- [03/20/12 07:46:23.075]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty." level="error">Code(-9046) Invalid password specified for <check-password>.</status>
- </output>
- </nds>
- [03/20/12 07:46:23.075]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="This check-password result is expected. It is the result of the shim verifying that the driver object password is non-empty." level="error">Code(-9046) Invalid password specified for <check-password>.</status>
- </output>
- </nds>
- [03/20/12 07:46:23.077]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:46:23.875]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:46:23.875]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:46:23.875]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:46:23.875]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:46:23.876]:Active Directory ST:Received state change event.
- [03/20/12 07:46:23.876]:Active Directory ST:Transitioned from state '%+C%14CStarting%-C' to state '%+C%14CRunning%-C'.
- [03/20/12 07:46:23.876]:Active Directory ST:Successfully processed state change event.
- [03/20/12 07:46:23.876]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:46:23.877]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:23.877]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:46:23.877]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:46:23.877]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:46:24.881]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:46:24.882]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:46:24.882]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:46:24.882]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:46:38.883]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:46:38.883]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:46:38.884]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:46:53.888]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:46:53.888]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:46:53.889]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:46:54.942]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:46:54.942]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:46:54.943]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:46:54.943]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:46:54.944]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:46:55.949]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:46:55.949]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:46:55.950]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:46:55.950]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:47:09.952]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:09.952]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:09.953]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:24.955]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:24.955]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:24.959]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:26.001]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:47:26.001]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:47:26.002]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:26.002]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:26.003]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:27.008]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:47:27.009]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:47:27.009]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:47:27.009]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:47:41.007]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:41.007]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:41.008]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:56.011]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:56.011]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:56.012]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:57.066]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:47:57.066]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:47:57.067]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:47:57.067]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:47:57.068]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:47:58.072]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:47:58.072]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:47:58.073]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:47:58.073]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:48:12.073]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:12.073]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:12.073]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:48:27.073]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:27.073]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:27.083]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:48:28.144]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:48:28.145]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:48:28.145]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:28.145]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:28.146]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:48:29.147]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:48:29.147]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:48:29.148]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:48:29.148]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:48:43.147]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:43.147]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:43.166]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:48:58.170]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:58.170]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:58.171]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:48:59.218]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:48:59.218]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:48:59.219]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:48:59.219]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:48:59.219]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:49:00.221]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:49:00.222]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:49:00.222]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:49:00.222]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:49:14.224]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:49:14.224]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:49:14.224]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:49:29.228]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:49:29.228]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:49:29.228]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:49:30.287]:Active Directory ST:Submitting identification query to subscriber shim:
- [03/20/12 07:49:30.287]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <query event-id="query-driver-ident" scope="entry">
- <search-class class-name="__driver_identification_class__"/>
- <read-attr/>
- </query>
- </input>
- </nds>
- [03/20/12 07:49:30.288]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:49:30.288]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:49:30.288]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:49:31.290]:Active Directory ST:SubscriptionShim.execute() returned:
- [03/20/12 07:49:31.291]:Active Directory ST:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="query-driver-ident" level="retry" type="remoteloader">No connection to remote loader</status>
- </output>
- </nds>
- [03/20/12 07:49:31.291]:Active Directory ST:Requesting 30 second retry delay.
- [03/20/12 07:49:31.291]:Active Directory ST:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Subscriber
- Status: Retry
- Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: No connection to remote loader
- [03/20/12 07:49:45.292]:Active Directory PT:Remote Interface Driver: Closing connection...
- [03/20/12 07:49:45.292]:Active Directory PT:Remote Interface Driver: Connection closed
- [03/20/12 07:49:45.292]:Active Directory PT:Remote Interface Driver: Opening connection...
- [03/20/12 07:49:45.294]:Active Directory PT:Remote Interface Driver: Connection established...
- [03/20/12 07:49:45.294]:Active Directory PT:Remote Interface Driver: Sending...
- [03/20/12 07:49:45.294]:Active Directory PT:
- <handshake version="1.0">
- <password><!-- content suppressed --></password>
- </handshake>
- [03/20/12 07:49:45.294]:Active Directory PT:Remote Interface Driver: Document sent.
- [03/20/12 07:49:45.295]:Active Directory :Remote Interface Driver: Waiting for receive...
- [03/20/12 07:49:45.301]:Active Directory :Remote Interface Driver: Received.
- [03/20/12 07:49:45.301]:Active Directory :
- <handshake version="1.0">
- <password><!-- content suppressed --></password>
- </handshake>
- [03/20/12 07:49:45.301]:Active Directory :Remote Interface Driver: Received document for subscriber channel
- [03/20/12 07:49:45.301]:Active Directory PT:Receiving DOM document from application.
- [03/20/12 07:49:45.301]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.302]:Active Directory PT:Applying input transformation policies.
- [03/20/12 07:49:45.302]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:49:45.302]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.302]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.303]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.303]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.303]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.303]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.303]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.303]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.303]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.303]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.304]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:49:45.304]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.304]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:49:45.304]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:49:45.304]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.304]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:49:45.305]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:49:45.305]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.305]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:49:45.305]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = FALSE.
- [03/20/12 07:49:45.305]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.305]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:49:45.306]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:49:45.306]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.306]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.306]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.306]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:49:45.306]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.307]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:49:45.307]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.307]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.307]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:49:45.307]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.307]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.308]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:49:45.308]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:49:45.308]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.308]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.308]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:49:45.308]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:49:45.309]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.309]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.309]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.309]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.309]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.309]:Active Directory PT:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:49:45.309]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.310]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.310]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.310]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.310]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:49:45.310]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.310]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.311]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.311]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:49:45.311]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.311]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.311]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.311]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.312]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.312]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.312]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.312]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.312]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.313]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.313]:Active Directory PT:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:49:45.313]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.313]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:49:45.313]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:49:45.313]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.314]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:49:45.314]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:49:45.314]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.314]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.314]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.314]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:49:45.315]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.315]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:49:45.315]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.315]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.315]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.315]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:49:45.316]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.316]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.316]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.316]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.316]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.316]:Active Directory PT:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:49:45.317]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.317]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:49:45.317]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.317]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.317]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:49:45.317]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.318]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.318]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.318]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:49:45.318]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.318]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.318]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:49:45.318]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.319]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.319]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:49:45.319]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.319]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.319]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.319]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.319]:Active Directory PT:Applying schema mapping policies to input.
- [03/20/12 07:49:45.320]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:49:45.320]:Active Directory PT:Resolving association references.
- [03/20/12 07:49:45.320]:Active Directory PT:Applying event transformation policies.
- [03/20/12 07:49:45.320]:Active Directory PT:Applying policy: %+C%14Cpub-etp-EntitlementsImpl%-C.
- [03/20/12 07:49:45.320]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.320]:Active Directory PT: Evaluating selection criteria for rule 'Disallow user account delete when using entitlements'.
- [03/20/12 07:49:45.321]:Active Directory PT: (if-operation equal "delete") = FALSE.
- [03/20/12 07:49:45.321]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.321]:Active Directory PT: Evaluating selection criteria for rule 'Strip Login Disabled from operation (Disable Option)'.
- [03/20/12 07:49:45.321]:Active Directory PT: (if-global-variable 'drv.entitlement.UserAccount' equal "true") = FALSE.
- [03/20/12 07:49:45.321]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.321]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.321]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.322]:Active Directory PT:Applying policy: %+C%14Cpub-etp-HandleMovesAndRenames%-C.
- [03/20/12 07:49:45.322]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.322]:Active Directory PT: Evaluating selection criteria for rule 'break if not a move or rename'.
- [03/20/12 07:49:45.322]:Active Directory PT: (if-operation not-match "move|rename") = TRUE.
- [03/20/12 07:49:45.322]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.322]:Active Directory PT: Applying rule 'break if not a move or rename'.
- [03/20/12 07:49:45.323]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.323]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.323]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.323]:Active Directory PT:Applying publisher filter.
- [03/20/12 07:49:45.323]:Active Directory PT:Publisher processing check-password for .
- [03/20/12 07:49:45.323]:Active Directory PT:Applying command transformation policies.
- [03/20/12 07:49:45.324]:Active Directory PT:Applying policy: %+C%14Cpub-ctp-UserNameMap%-C.
- [03/20/12 07:49:45.324]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.324]:Active Directory PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.324]:Active Directory PT: (if-class-name not-equal "User") = TRUE.
- [03/20/12 07:49:45.324]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.324]:Active Directory PT: Applying rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.324]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.325]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.325]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.325]:Active Directory PT:Applying policy: %+C%14Cpub-ctp%-C.
- [03/20/12 07:49:45.325]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.325]:Active Directory PT: Evaluating selection criteria for rule 'set cached context value on merge'.
- [03/20/12 07:49:45.325]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.325]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.326]:Active Directory PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
- [03/20/12 07:49:45.326]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.326]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.326]:Active Directory PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
- [03/20/12 07:49:45.326]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.326]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.326]:Active Directory PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
- [03/20/12 07:49:45.327]:Active Directory PT: (if-operation equal "remove-association") = FALSE.
- [03/20/12 07:49:45.327]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.327]:Active Directory PT: Evaluating selection criteria for rule 'Prevent unassociated users from being removed from groups'.
- [03/20/12 07:49:45.327]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.327]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.327]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.327]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.328]:Active Directory PT:Applying XSLT policy: %+C%14Cpub-cts%-C.
- [03/20/12 07:49:45.328]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.328]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.329]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Default Password Policy%-C.
- [03/20/12 07:49:45.329]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.329]:Active Directory PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
- [03/20/12 07:49:45.329]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.329]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.329]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.330]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.330]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Check Password GCV%-C.
- [03/20/12 07:49:45.330]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.330]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
- [03/20/12 07:49:45.330]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.331]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.331]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
- [03/20/12 07:49:45.331]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.331]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.331]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.331]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.331]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish Distribution Password%-C.
- [03/20/12 07:49:45.332]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.332]:Active Directory PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
- [03/20/12 07:49:45.332]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.332]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.332]:Active Directory PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
- [03/20/12 07:49:45.333]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.333]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.333]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.333]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.333]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish NDS Password%-C.
- [03/20/12 07:49:45.333]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.334]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
- [03/20/12 07:49:45.334]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.334]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.334]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
- [03/20/12 07:49:45.334]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.334]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.335]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.335]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.335]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Add Password Payload%-C.
- [03/20/12 07:49:45.335]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.335]:Active Directory PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
- [03/20/12 07:49:45.335]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.336]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.336]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.336]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.336]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.336]:Active Directory PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
- [03/20/12 07:49:45.336]:Active Directory PT: (if-operation equal "addPayloadToPassword") = FALSE.
- [03/20/12 07:49:45.336]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.337]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.337]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.337]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.337]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.337]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.337]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1%-C.
- [03/20/12 07:49:45.338]:Active Directory PT: Applying to check-password #1.
- [03/20/12 07:49:45.338]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard policy if disabled'.
- [03/20/12 07:49:45.338]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.338]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.338]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add operation add Dirxml-Accounts'.
- [03/20/12 07:49:45.338]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.338]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.339]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.339]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <input>
- <check-password><!-- content suppressed --></check-password>
- </input>
- </nds>
- [03/20/12 07:49:45.339]:Active Directory PT:Filtering out notification-only attributes.
- [03/20/12 07:49:45.339]:Active Directory PT:Pumping XDS to eDirectory.
- [03/20/12 07:49:45.339]:Active Directory PT:Performing operation check-password for .
- [03/20/12 07:49:45.340]:Active Directory PT:Fixing up association references.
- [03/20/12 07:49:45.340]:Active Directory PT:Applying schema mapping policies to output.
- [03/20/12 07:49:45.340]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:49:45.340]:Active Directory PT:Applying output transformation policies.
- [03/20/12 07:49:45.340]:Active Directory PT:Applying policy: %+C%14Cotp%-C.
- [03/20/12 07:49:45.341]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.341]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.341]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.341]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.341]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:49:45.341]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.342]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.342]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.342]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:49:45.342]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:49:45.342]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:49:45.342]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.343]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.343]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.343]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.343]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:49:45.343]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:49:45.343]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.344]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.344]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:49:45.344]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:49:45.344]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.344]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.344]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:49:45.345]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.345]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.345]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:49:45.345]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.345]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:49:45.346]:Active Directory PT:Applying policy: %+C%14CPassword(Sub)-Pub Email Notifications%-C.
- [03/20/12 07:49:45.346]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.346]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:49:45.346]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.346]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.346]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
- [03/20/12 07:49:45.347]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.347]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.347]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:49:45.347]:Active Directory PT:Applying policy: %+C%14Clib-CredProv-ConvertPayload-otp-V1%-C.
- [03/20/12 07:49:45.347]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.348]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.348]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.348]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.348]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.348]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.349]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:49:45.349]:Active Directory PT: Performing if actions.
- [03/20/12 07:49:45.349]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.349]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.349]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:49:45.349]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Subscribe-otp-V1%-C.
- [03/20/12 07:49:45.350]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.350]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.350]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.350]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.350]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.350]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.351]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.351]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.351]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:49:45.351]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:49:45.351]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:49:45.351]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:49:45.352]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:49:45.352]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:49:45.352]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.352]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.352]:Active Directory PT: (if-class-name equal "$current-node$") = FALSE.
- [03/20/12 07:49:45.352]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.352]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.353]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.353]:Active Directory PT: (if-local-variable 'pass' not-available) = TRUE.
- [03/20/12 07:49:45.353]:Active Directory PT: Performing if actions.
- [03/20/12 07:49:45.353]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.353]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.353]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:49:45.354]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="0" level="success"></status>
- </output>
- </nds>
- [03/20/12 07:49:45.354]:Active Directory PT:Remote Interface Driver: Sending...
- [03/20/12 07:49:45.354]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status level="success"/>
- </output>
- </nds>
- [03/20/12 07:49:45.355]:Active Directory PT:Remote Interface Driver: Document sent.
- [03/20/12 07:49:45.355]:Active Directory PT:Remote Interface Driver: Sending...
- [03/20/12 07:49:45.355]:Active Directory PT:
- <top>
- <driver-init>
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-options>
- <auth-options display-name="Show authentication options">hide</auth-options>
- <auth-method display-name="Authentication Method">Negotiate</auth-method>
- <signing display-name="Digitally sign communications">no</signing>
- <sealing display-name="Digitally sign and seal communications">no</sealing>
- <use-ssl display-name="Use SSL for encryption">no</use-ssl>
- <impersonation display-name="Logon and impersonate">yes</impersonation>
- <xchg-options display-name="Show Exchange Management Options">hide</xchg-options>
- <xchg-prov display-name="Enable Exchange mailbox provisioning">disabled</xchg-prov>
- <exch-api-type display-name="Exchange Management interface type (use-cdoexm/use-post-cdoexm)">use-post-cdoexm</exch-api-type>
- <exch-move display-name="Allow Exchange mailbox move (yes/no)">yes</exch-move>
- <exch-delete display-name="Allow Exchange mailbox delete (yes/no)">yes</exch-delete>
- <access-options display-name="Show access options">hide</access-options>
- <pollingInterval display-name="Driver Polling Interval">1</pollingInterval>
- <pub-heartbeat-interval display-name="Publisher heartbeat interval">1</pub-heartbeat-interval>
- <pub-password-expire-time display-name="Password Sync Timeout (minutes)">5</pub-password-expire-time>
- <search-domain-scope display-name="Search domain scope">yes</search-domain-scope>
- <retry-ldap-auth-unknown display-name="Retry LDAP Auth unknown error">no</retry-ldap-auth-unknown>
- <enable-incremental-values display-name="Enable DirSync Incremental Values">no</enable-incremental-values>
- </driver-options>
- </init-params>
- </input>
- </nds>
- </driver-init>
- <subscriber-init>
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-filter>
- <allow-class class-name="group">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="L"/>
- <allow-attr attr-name="member"/>
- <allow-attr attr-name="managedBy"/>
- </allow-class>
- <allow-class class-name="organizationalUnit">
- <allow-attr attr-name="description"/>
- </allow-class>
- <allow-class class-name="user">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="facsimileTelephoneNumber"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="givenName"/>
- <allow-attr attr-name="initials"/>
- <allow-attr attr-name="mail"/>
- <allow-attr attr-name="physicalDeliveryOfficeName"/>
- <allow-attr attr-name="logonHours"/>
- <allow-attr attr-name="dirxml-uACAccountDisable"/>
- <allow-attr attr-name="accountExpires"/>
- <allow-attr attr-name="l"/>
- <allow-attr attr-name="postalCode"/>
- <allow-attr attr-name="postOfficeBox"/>
- <allow-attr attr-name="st"/>
- <allow-attr attr-name="streetAddress"/>
- <allow-attr attr-name="sn"/>
- <allow-attr attr-name="telephoneNumber"/>
- <allow-attr attr-name="title"/>
- </allow-class>
- </driver-filter>
- </init-params>
- </input>
- </nds>
- </subscriber-init>
- <publisher-init>
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <input>
- <init-params src-dn="\EDIR2ADLAB\fdny\AD-TEST\Active Directory">
- <authentication-info>
- <server>10.237.48.38</server>
- <user>edir2adlab/Administrator</user>
- <password><!-- content suppressed --></password>
- </authentication-info>
- <driver-filter>
- <allow-class class-name="group">
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="L"/>
- <allow-attr attr-name="member"/>
- <allow-attr attr-name="managedBy"/>
- </allow-class>
- <allow-class class-name="organizationalUnit">
- <allow-attr attr-name="description"/>
- </allow-class>
- <allow-class class-name="user">
- <allow-attr attr-name="sAMAccountName"/>
- <allow-attr attr-name="description"/>
- <allow-attr attr-name="userPrincipalName"/>
- <allow-attr attr-name="facsimileTelephoneNumber"/>
- <allow-attr attr-name="displayName"/>
- <allow-attr attr-name="givenName"/>
- <allow-attr attr-name="initials"/>
- <allow-attr attr-name="mail"/>
- <allow-attr attr-name="physicalDeliveryOfficeName"/>
- <allow-attr attr-name="logonHours"/>
- <allow-attr attr-name="dirxml-uACAccountDisable"/>
- <allow-attr attr-name="accountExpires"/>
- <allow-attr attr-name="l"/>
- <allow-attr attr-name="postalCode"/>
- <allow-attr attr-name="postOfficeBox"/>
- <allow-attr attr-name="st"/>
- <allow-attr attr-name="streetAddress"/>
- <allow-attr attr-name="sn"/>
- <allow-attr attr-name="telephoneNumber"/>
- <allow-attr attr-name="title"/>
- </allow-class>
- </driver-filter>
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- </publisher-init>
- </top>
- [03/20/12 07:49:45.366]:Active Directory PT:Remote Interface Driver: Document sent.
- [03/20/12 07:49:45.366]:Active Directory :Remote Interface Driver: Waiting for receive...
- [03/20/12 07:49:45.454]:Active Directory :Remote Interface Driver: Received.
- [03/20/12 07:49:45.454]:Active Directory :
- <nds dtdversion="3.5" ndsversion="8.x">
- <output>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </output>
- </nds>
- [03/20/12 07:49:45.455]:Active Directory :Remote Interface Driver: Received document for subscriber channel
- [03/20/12 07:49:45.455]:Active Directory :Remote Interface Driver: Waiting for receive...
- [03/20/12 07:49:45.455]:Active Directory PT:Receiving DOM document from application.
- [03/20/12 07:49:45.455]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.456]:Active Directory PT:Applying input transformation policies.
- [03/20/12 07:49:45.456]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Publish-itp-V1%-C.
- [03/20/12 07:49:45.457]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.457]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.457]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.457]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.457]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.457]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.457]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.458]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.458]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.458]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.458]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:49:45.458]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.458]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:49:45.458]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:49:45.459]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.459]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:49:45.459]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:49:45.459]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.459]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:49:45.459]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = TRUE.
- [03/20/12 07:49:45.460]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.460]:Active Directory PT: Applying rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:49:45.460]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
- [03/20/12 07:49:45.460]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
- [03/20/12 07:49:45.460]:Active Directory PT: token-global-variable("drv.acctTrk.identifiers")
- [03/20/12 07:49:45.460]:Active Directory PT: Token Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:49:45.461]:Active Directory PT: Arg Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
- [03/20/12 07:49:45.461]:Active Directory PT: Performing actions for local-variable(current-node) = "sAMAccountName".
- [03/20/12 07:49:45.461]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.461]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.461]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:49:45.461]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.462]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.462]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.462]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:49:45.462]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.462]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.462]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.462]:Active Directory PT: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:49:45.463]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.463]:Active Directory PT: Expanded variable reference '$current-node$' to 'sAMAccountName'.
- [03/20/12 07:49:45.463]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:49:45.463]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.463]:Active Directory PT: Performing actions for local-variable(current-node) = "userPrincipalName".
- [03/20/12 07:49:45.464]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.464]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.464]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:49:45.464]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.464]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.464]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.464]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:49:45.465]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.465]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.465]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.465]:Active Directory PT: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:49:45.465]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.465]:Active Directory PT: Expanded variable reference '$current-node$' to 'userPrincipalName'.
- [03/20/12 07:49:45.466]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:49:45.466]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.466]:Active Directory PT: Performing actions for local-variable(current-node) = "LDAPDN".
- [03/20/12 07:49:45.466]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.466]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.466]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = TRUE.
- [03/20/12 07:49:45.466]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:49:45.467]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.467]:Active Directory PT: (if-src-dn available) = FALSE.
- [03/20/12 07:49:45.467]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.467]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.467]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.467]:Active Directory PT: (if-local-variable 'current-node' equal "association") = FALSE.
- [03/20/12 07:49:45.467]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.468]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.468]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.468]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:49:45.468]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.468]:Active Directory PT: Expanded variable reference '$current-node$' to 'LDAPDN'.
- [03/20/12 07:49:45.468]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:49:45.469]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.469]:Active Directory PT: Performing actions for local-variable(current-node) = "association".
- [03/20/12 07:49:45.469]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.469]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.469]:Active Directory PT: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
- [03/20/12 07:49:45.469]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.469]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.470]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.470]:Active Directory PT: (if-local-variable 'current-node' equal "association") = TRUE.
- [03/20/12 07:49:45.470]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:49:45.470]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.470]:Active Directory PT: (if-association available) = FALSE.
- [03/20/12 07:49:45.470]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.471]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.471]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.471]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:49:45.471]:Active Directory PT: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
- [03/20/12 07:49:45.471]:Active Directory PT: Expanded variable reference '$current-node$' to 'association'.
- [03/20/12 07:49:45.471]:Active Directory PT: (if-op-attr '$current-node$' available) = FALSE.
- [03/20/12 07:49:45.472]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.472]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:49:45.472]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:49:45.472]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.472]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.472]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.473]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.473]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.473]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.473]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.473]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.473]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.473]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.474]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.474]:Active Directory PT: (if-class-name available) = FALSE.
- [03/20/12 07:49:45.474]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.474]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
- [03/20/12 07:49:45.474]:Active Directory PT: (if-operation equal "add-association") = FALSE.
- [03/20/12 07:49:45.474]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.474]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
- [03/20/12 07:49:45.475]:Active Directory PT: (if-operation match "modify|delete|move|rename") = FALSE.
- [03/20/12 07:49:45.475]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.475]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
- [03/20/12 07:49:45.475]:Active Directory PT: (if-operation match "add|modify|delete|rename|move|status") = FALSE.
- [03/20/12 07:49:45.475]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.475]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
- [03/20/12 07:49:45.476]:Active Directory PT: (if-operation match "add|modify|delete|rename|move") = FALSE.
- [03/20/12 07:49:45.476]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.476]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.476]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.477]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccounts-itp-V1%-C.
- [03/20/12 07:49:45.477]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.477]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:49:45.477]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.477]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.478]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:49:45.478]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.478]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.478]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:49:45.478]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:49:45.478]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.479]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.479]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.479]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:49:45.479]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:49:45.479]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.479]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.480]:Active Directory PT: (if-xpath true "./@level='success'") = TRUE.
- [03/20/12 07:49:45.480]:Active Directory PT: (if-op-property 'AccountTracking-Operation' available) = FALSE.
- [03/20/12 07:49:45.480]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.480]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.480]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
- [03/20/12 07:49:45.480]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.480]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.481]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
- [03/20/12 07:49:45.481]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.481]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.481]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on delete operation'.
- [03/20/12 07:49:45.481]:Active Directory PT: (if-operation match "delete|remove-association") = FALSE.
- [03/20/12 07:49:45.481]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.482]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.482]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute'.
- [03/20/12 07:49:45.482]:Active Directory PT: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
- [03/20/12 07:49:45.482]:Active Directory PT: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
- [03/20/12 07:49:45.482]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.482]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.482]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.483]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.483]:Active Directory PT:Applying policy: %+C%14Citp%-C.
- [03/20/12 07:49:45.483]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.484]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.484]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.484]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.484]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:49:45.484]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.484]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.485]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.485]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:49:45.485]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.485]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.485]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.485]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.486]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.486]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.486]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.486]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.486]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.487]:Active Directory PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.487]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.487]:Active Directory PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
- [03/20/12 07:49:45.487]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
- [03/20/12 07:49:45.487]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.487]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.487]:Active Directory PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
- [03/20/12 07:49:45.488]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
- [03/20/12 07:49:45.488]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.488]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.488]:Active Directory PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.488]:Active Directory PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.489]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.489]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.489]:Active Directory PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
- [03/20/12 07:49:45.489]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
- [03/20/12 07:49:45.490]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.490]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.490]:Active Directory PT:Applying policy: %+C%14Citp-EntitlementsImpl%-C.
- [03/20/12 07:49:45.491]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.491]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:49:45.491]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:49:45.491]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.491]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:49:45.491]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:49:45.492]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.492]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.492]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for group membership entitlements'.
- [03/20/12 07:49:45.492]:Active Directory PT: (if-global-variable 'drv.entitlement.Group' equal "true") = FALSE.
- [03/20/12 07:49:45.492]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.492]:Active Directory PT: Evaluating selection criteria for rule 'Check target of add-association for Exchange mailbox entitlements'.
- [03/20/12 07:49:45.493]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "entitlement") = FALSE.
- [03/20/12 07:49:45.493]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.493]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.493]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.494]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Sub Email Notifications%-C.
- [03/20/12 07:49:45.494]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.494]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:49:45.494]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.494]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.495]:Active Directory PT: (if-xpath true "self::status[@level != 'success'][text() != '']/operation-data/password-subscribe-status/association[text() != '']") = FALSE.
- [03/20/12 07:49:45.495]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.495]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:49:45.495]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.495]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.496]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-reset-status") = FALSE.
- [03/20/12 07:49:45.496]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.496]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.496]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
- [03/20/12 07:49:45.496]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.496]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.497]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.497]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
- [03/20/12 07:49:45.497]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.497]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.497]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.497]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.498]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.498]:Active Directory PT:Applying policy: %+C%14Clib-Audit-SendEntitlementsEvents-itp-V1%-C.
- [03/20/12 07:49:45.498]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.499]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:49:45.499]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.499]:Active Directory PT: (if-op-property 'accountAction' equal "accountCreateByEntitlementGrant") = FALSE.
- [03/20/12 07:49:45.499]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.500]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:49:45.500]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.500]:Active Directory PT: (if-xpath true "./operation-data/entitlement-impl/@state = '0'") = FALSE.
- [03/20/12 07:49:45.500]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.500]:Active Directory PT: (if-op-property 'accountAction' equal "accountDeleteByEntitlementRevoke") = FALSE.
- [03/20/12 07:49:45.500]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.500]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:49:45.501]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.501]:Active Directory PT: (if-op-property 'accountAction' equal "accountDisableByEntitlementRevoke") = FALSE.
- [03/20/12 07:49:45.501]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.501]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:49:45.501]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.501]:Active Directory PT: (if-op-property 'accountAction' equal "accountEnableByEntitlementGrant") = FALSE.
- [03/20/12 07:49:45.502]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.502]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:49:45.502]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.502]:Active Directory PT: (if-local-variable 'auditEventID' available) = FALSE.
- [03/20/12 07:49:45.502]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.502]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.502]:Active Directory PT: Evaluating selection criteria for rule '00031200 - Account Create By Entitlement Grant'.
- [03/20/12 07:49:45.503]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.503]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.503]:Active Directory PT: Evaluating selection criteria for rule '00031201 - Account Delete By Entitlement Revoke'.
- [03/20/12 07:49:45.503]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.503]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.503]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.503]:Active Directory PT: Evaluating selection criteria for rule '00031202 - Account Disable By Entitlement Revoke'.
- [03/20/12 07:49:45.504]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.504]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.504]:Active Directory PT: Evaluating selection criteria for rule '00031203 - Account Enable By Entitlement Grant'.
- [03/20/12 07:49:45.504]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.504]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.504]:Active Directory PT: Evaluating selection criteria for rule 'Generate Audit Event'.
- [03/20/12 07:49:45.504]:Active Directory PT: (if-operation equal "status") = FALSE.
- [03/20/12 07:49:45.505]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.505]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.505]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.506]:Active Directory PT:Applying schema mapping policies to input.
- [03/20/12 07:49:45.506]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:49:45.506]:Active Directory PT:Resolving association references.
- [03/20/12 07:49:45.506]:Active Directory PT:Reading XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverStorage.
- [03/20/12 07:49:45.507]:Active Directory PT:Writing driver state.
- [03/20/12 07:49:45.507]:Active Directory PT:Writing XML attribute vnd.nds.stream://EDIR2ADLAB/fdny/AD-TEST/Active+Directory#DirXML-DriverStorage.
- [03/20/12 07:49:45.514]:Active Directory PT:Applying event transformation policies.
- [03/20/12 07:49:45.514]:Active Directory PT:Applying policy: %+C%14Cpub-etp-EntitlementsImpl%-C.
- [03/20/12 07:49:45.515]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.515]:Active Directory PT: Evaluating selection criteria for rule 'Disallow user account delete when using entitlements'.
- [03/20/12 07:49:45.515]:Active Directory PT: (if-operation equal "delete") = FALSE.
- [03/20/12 07:49:45.515]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.515]:Active Directory PT: Evaluating selection criteria for rule 'Strip Login Disabled from operation (Disable Option)'.
- [03/20/12 07:49:45.515]:Active Directory PT: (if-global-variable 'drv.entitlement.UserAccount' equal "true") = FALSE.
- [03/20/12 07:49:45.516]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.516]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.516]:Active Directory PT: Evaluating selection criteria for rule 'Disallow user account delete when using entitlements'.
- [03/20/12 07:49:45.516]:Active Directory PT: (if-operation equal "delete") = FALSE.
- [03/20/12 07:49:45.516]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.516]:Active Directory PT: Evaluating selection criteria for rule 'Strip Login Disabled from operation (Disable Option)'.
- [03/20/12 07:49:45.516]:Active Directory PT: (if-global-variable 'drv.entitlement.UserAccount' equal "true") = FALSE.
- [03/20/12 07:49:45.517]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.517]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.517]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.518]:Active Directory PT:Applying policy: %+C%14Cpub-etp-HandleMovesAndRenames%-C.
- [03/20/12 07:49:45.518]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.518]:Active Directory PT: Evaluating selection criteria for rule 'break if not a move or rename'.
- [03/20/12 07:49:45.518]:Active Directory PT: (if-operation not-match "move|rename") = TRUE.
- [03/20/12 07:49:45.518]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.518]:Active Directory PT: Applying rule 'break if not a move or rename'.
- [03/20/12 07:49:45.519]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.519]:Active Directory PT: Applying to init-params #2.
- [03/20/12 07:49:45.519]:Active Directory PT: Evaluating selection criteria for rule 'break if not a move or rename'.
- [03/20/12 07:49:45.519]:Active Directory PT: (if-operation not-match "move|rename") = TRUE.
- [03/20/12 07:49:45.519]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.519]:Active Directory PT: Applying rule 'break if not a move or rename'.
- [03/20/12 07:49:45.519]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.519]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.520]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.520]:Active Directory PT:Applying publisher filter.
- [03/20/12 07:49:45.521]:Active Directory PT:Publisher processing status for .
- [03/20/12 07:49:45.521]:Active Directory PT:Applying command transformation policies.
- [03/20/12 07:49:45.521]:Active Directory PT:Applying policy: %+C%14Cpub-ctp-UserNameMap%-C.
- [03/20/12 07:49:45.522]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.522]:Active Directory PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.522]:Active Directory PT: (if-class-name not-equal "User") = TRUE.
- [03/20/12 07:49:45.522]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.522]:Active Directory PT: Applying rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.522]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.522]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.522]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.523]:Active Directory PT:Applying policy: %+C%14Cpub-ctp%-C.
- [03/20/12 07:49:45.523]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.523]:Active Directory PT: Evaluating selection criteria for rule 'set cached context value on merge'.
- [03/20/12 07:49:45.523]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.523]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.523]:Active Directory PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
- [03/20/12 07:49:45.524]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.524]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.524]:Active Directory PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
- [03/20/12 07:49:45.524]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.524]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.524]:Active Directory PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
- [03/20/12 07:49:45.525]:Active Directory PT: (if-operation equal "remove-association") = FALSE.
- [03/20/12 07:49:45.525]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.525]:Active Directory PT: Evaluating selection criteria for rule 'Prevent unassociated users from being removed from groups'.
- [03/20/12 07:49:45.525]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.525]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.525]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.525]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.526]:Active Directory PT:Applying XSLT policy: %+C%14Cpub-cts%-C.
- [03/20/12 07:49:45.526]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.526]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.527]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Default Password Policy%-C.
- [03/20/12 07:49:45.527]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.527]:Active Directory PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
- [03/20/12 07:49:45.527]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.527]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.528]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.528]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.528]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Check Password GCV%-C.
- [03/20/12 07:49:45.528]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.528]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
- [03/20/12 07:49:45.528]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.529]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.529]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
- [03/20/12 07:49:45.529]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.529]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.529]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.529]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.530]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish Distribution Password%-C.
- [03/20/12 07:49:45.530]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.530]:Active Directory PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
- [03/20/12 07:49:45.530]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.530]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.531]:Active Directory PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
- [03/20/12 07:49:45.531]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.531]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.531]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.531]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.531]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish NDS Password%-C.
- [03/20/12 07:49:45.532]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.532]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
- [03/20/12 07:49:45.532]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.532]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.532]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
- [03/20/12 07:49:45.532]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.533]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.533]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.533]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.533]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Add Password Payload%-C.
- [03/20/12 07:49:45.533]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.533]:Active Directory PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
- [03/20/12 07:49:45.534]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.534]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.534]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.534]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.534]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.534]:Active Directory PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
- [03/20/12 07:49:45.535]:Active Directory PT: (if-operation equal "addPayloadToPassword") = FALSE.
- [03/20/12 07:49:45.535]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.535]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.535]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.535]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.535]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.535]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.536]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1%-C.
- [03/20/12 07:49:45.536]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.536]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard policy if disabled'.
- [03/20/12 07:49:45.536]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.536]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.536]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add operation add Dirxml-Accounts'.
- [03/20/12 07:49:45.537]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.537]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.537]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.537]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <status event-id="report status" level="success">Remote driver successfully started.</status>
- </input>
- </nds>
- [03/20/12 07:49:45.537]:Active Directory PT:Filtering out notification-only attributes.
- [03/20/12 07:49:45.538]:Active Directory PT:Pumping XDS to eDirectory.
- [03/20/12 07:49:45.538]:Active Directory PT:Performing operation status for .
- [03/20/12 07:49:45.538]:Active Directory PT:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Publisher
- Status: Success
- Message: Remote driver successfully started.
- [03/20/12 07:49:45.538]:Active Directory PT:Applying publisher filter.
- [03/20/12 07:49:45.539]:Active Directory PT:Publisher processing init-params for .
- [03/20/12 07:49:45.539]:Active Directory PT:Applying command transformation policies.
- [03/20/12 07:49:45.539]:Active Directory PT:Applying policy: %+C%14Cpub-ctp-UserNameMap%-C.
- [03/20/12 07:49:45.539]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.539]:Active Directory PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.539]:Active Directory PT: (if-class-name not-equal "User") = TRUE.
- [03/20/12 07:49:45.540]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.540]:Active Directory PT: Applying rule 'consider user objects when name mapping is enabled'.
- [03/20/12 07:49:45.540]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.540]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.540]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.541]:Active Directory PT:Applying policy: %+C%14Cpub-ctp%-C.
- [03/20/12 07:49:45.541]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.541]:Active Directory PT: Evaluating selection criteria for rule 'set cached context value on merge'.
- [03/20/12 07:49:45.541]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.541]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.541]:Active Directory PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
- [03/20/12 07:49:45.542]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.542]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.542]:Active Directory PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
- [03/20/12 07:49:45.542]:Active Directory PT: (if-class-name equal "Group") = FALSE.
- [03/20/12 07:49:45.542]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.542]:Active Directory PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
- [03/20/12 07:49:45.543]:Active Directory PT: (if-operation equal "remove-association") = FALSE.
- [03/20/12 07:49:45.543]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.543]:Active Directory PT: Evaluating selection criteria for rule 'Prevent unassociated users from being removed from groups'.
- [03/20/12 07:49:45.543]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.543]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.543]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.543]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.544]:Active Directory PT:Applying XSLT policy: %+C%14Cpub-cts%-C.
- [03/20/12 07:49:45.544]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.545]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.545]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Default Password Policy%-C.
- [03/20/12 07:49:45.545]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.545]:Active Directory PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
- [03/20/12 07:49:45.546]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.546]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.546]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.546]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.547]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Check Password GCV%-C.
- [03/20/12 07:49:45.547]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.547]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
- [03/20/12 07:49:45.547]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.547]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.547]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
- [03/20/12 07:49:45.548]:Active Directory PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
- [03/20/12 07:49:45.548]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.548]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.548]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.549]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish Distribution Password%-C.
- [03/20/12 07:49:45.549]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.549]:Active Directory PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
- [03/20/12 07:49:45.549]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.549]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.550]:Active Directory PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
- [03/20/12 07:49:45.550]:Active Directory PT: (if-global-variable 'publish-password-to-dp' equal "true") = FALSE.
- [03/20/12 07:49:45.550]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.550]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.550]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.551]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Publish NDS Password%-C.
- [03/20/12 07:49:45.551]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.551]:Active Directory PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
- [03/20/12 07:49:45.551]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.551]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.551]:Active Directory PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
- [03/20/12 07:49:45.552]:Active Directory PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
- [03/20/12 07:49:45.552]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.552]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.552]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.553]:Active Directory PT:Applying policy: %+C%14CPassword(Pub)-Add Password Payload%-C.
- [03/20/12 07:49:45.553]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.553]:Active Directory PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
- [03/20/12 07:49:45.553]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.553]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.553]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.554]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.554]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.554]:Active Directory PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
- [03/20/12 07:49:45.554]:Active Directory PT: (if-operation equal "addPayloadToPassword") = FALSE.
- [03/20/12 07:49:45.554]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.554]:Active Directory PT: (if-operation equal "modify-password") = FALSE.
- [03/20/12 07:49:45.554]:Active Directory PT: (if-operation equal "modify") = FALSE.
- [03/20/12 07:49:45.555]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.555]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.555]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.555]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-WriteAccountsOnAdds-pub-ctp-V1%-C.
- [03/20/12 07:49:45.556]:Active Directory PT: Applying to init-params #1.
- [03/20/12 07:49:45.556]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard policy if disabled'.
- [03/20/12 07:49:45.556]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.556]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.556]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - on add operation add Dirxml-Accounts'.
- [03/20/12 07:49:45.556]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.556]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.557]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.557]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x" remote-interface="yes">
- <input>
- <init-params event-id="write state">
- <publisher-state>
- <cookie>TVNEUwMAAABUOC2qBQbNAQAAAAAAAAAAKAAAAMUhAQAAAAAAAAAAAAAAAADFIQEAAAAAADClPYtvg2hIghkEdsjobxgBAAAAAAAAAAEAAAAAAAAAMKU9i2+DaEiCGQR2yOhvGMUhAQAAAAAA</cookie>
- </publisher-state>
- </init-params>
- </input>
- </nds>
- [03/20/12 07:49:45.557]:Active Directory PT:Filtering out notification-only attributes.
- [03/20/12 07:49:45.558]:Active Directory PT:Pumping XDS to eDirectory.
- [03/20/12 07:49:45.558]:Active Directory PT:
- DirXML Log Event -------------------
- Driver: \EDIR2ADLAB\fdny\AD-TEST\Active Directory
- Channel: Publisher
- Status: Success
- [03/20/12 07:49:45.558]:Active Directory PT:Fixing up association references.
- [03/20/12 07:49:45.558]:Active Directory PT:Applying schema mapping policies to output.
- [03/20/12 07:49:45.558]:Active Directory PT:Applying policy: %+C%14Csmp%-C.
- [03/20/12 07:49:45.559]:Active Directory PT:Applying output transformation policies.
- [03/20/12 07:49:45.559]:Active Directory PT:Applying policy: %+C%14Cotp%-C.
- [03/20/12 07:49:45.559]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.559]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.559]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.559]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.559]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:49:45.560]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.560]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.560]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.560]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:49:45.560]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:49:45.561]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:49:45.561]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.561]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.561]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.561]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.561]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:49:45.562]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:49:45.562]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.562]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.562]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:49:45.562]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:49:45.563]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.563]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.563]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:49:45.563]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.563]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.563]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:49:45.563]:Active Directory PT: Applying to status #2.
- [03/20/12 07:49:45.564]:Active Directory PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.564]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.564]:Active Directory PT: Applying rule 'Street Address: Convert LF to CR-LF'.
- [03/20/12 07:49:45.564]:Active Directory PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
- [03/20/12 07:49:45.564]:Active Directory PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.564]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.565]:Active Directory PT: Applying rule 'logonHours: Convert to Active Directory form'.
- [03/20/12 07:49:45.565]:Active Directory PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
- [03/20/12 07:49:45.565]:Active Directory PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
- [03/20/12 07:49:45.565]:Active Directory PT: (if-op-attr 'accountExpires' changing) = FALSE.
- [03/20/12 07:49:45.565]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.566]:Active Directory PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.566]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.566]:Active Directory PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
- [03/20/12 07:49:45.566]:Active Directory PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
- [03/20/12 07:49:45.566]:Active Directory PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
- [03/20/12 07:49:45.566]:Active Directory PT: (if-operation equal "add") = FALSE.
- [03/20/12 07:49:45.567]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.567]:Active Directory PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
- [03/20/12 07:49:45.567]:Active Directory PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
- [03/20/12 07:49:45.567]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.567]:Active Directory PT: Evaluating selection criteria for rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.567]:Active Directory PT: (if-global-variable 'drv.exchMailboxMethod' equal "disabled") = TRUE.
- [03/20/12 07:49:45.568]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.568]:Active Directory PT: Applying rule 'Exchange: Remove HomeMDB when disabled'.
- [03/20/12 07:49:45.568]:Active Directory PT: Action: do-strip-op-attr("homeMDB").
- [03/20/12 07:49:45.568]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.568]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="report status" level="success"></status>
- <status event-id="write state" level="success"><application>DirXML</application>
- <module>Active Directory</module>
- <object-dn></object-dn>
- <component>Publisher</component>
- </status>
- </output>
- </nds>
- [03/20/12 07:49:45.569]:Active Directory PT:Applying policy: %+C%14CPassword(Sub)-Pub Email Notifications%-C.
- [03/20/12 07:49:45.569]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.569]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:49:45.569]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.570]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.570]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
- [03/20/12 07:49:45.570]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.570]:Active Directory PT: Applying to status #2.
- [03/20/12 07:49:45.570]:Active Directory PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
- [03/20/12 07:49:45.570]:Active Directory PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
- [03/20/12 07:49:45.571]:Active Directory PT: (if-operation equal "status") = TRUE.
- [03/20/12 07:49:45.571]:Active Directory PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
- [03/20/12 07:49:45.571]:Active Directory PT: Rule rejected.
- [03/20/12 07:49:45.571]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.572]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="report status" level="success"></status>
- <status event-id="write state" level="success"><application>DirXML</application>
- <module>Active Directory</module>
- <object-dn></object-dn>
- <component>Publisher</component>
- </status>
- </output>
- </nds>
- [03/20/12 07:49:45.573]:Active Directory PT:Applying policy: %+C%14Clib-CredProv-ConvertPayload-otp-V1%-C.
- [03/20/12 07:49:45.573]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.573]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.573]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.573]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.574]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.574]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.574]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:49:45.574]:Active Directory PT: Performing if actions.
- [03/20/12 07:49:45.574]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.574]:Active Directory PT: Applying to status #2.
- [03/20/12 07:49:45.574]:Active Directory PT: Evaluating selection criteria for rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.575]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.575]:Active Directory PT: Applying rule 'Is credential provisioning enabled? Are there any custom payloads?'.
- [03/20/12 07:49:45.575]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.575]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.575]:Active Directory PT: (if-global-variable 'credprov.enable' not-equal "true") = TRUE.
- [03/20/12 07:49:45.575]:Active Directory PT: Performing if actions.
- [03/20/12 07:49:45.575]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.576]:Active Directory PT:Policy returned:
- [03/20/12 07:49:45.576]:Active Directory PT:
- <nds dtdversion="3.5" ndsversion="8.x">
- <source>
- <product version="3.6.10.4747">DirXML</product>
- <contact>Novell, Inc.</contact>
- </source>
- <output>
- <status event-id="report status" level="success"></status>
- <status event-id="write state" level="success"><application>DirXML</application>
- <module>Active Directory</module>
- <object-dn></object-dn>
- <component>Publisher</component>
- </status>
- </output>
- </nds>
- [03/20/12 07:49:45.576]:Active Directory PT:Applying policy: %+C%14Clib-AccountTracking-Subscribe-otp-V1%-C.
- [03/20/12 07:49:45.577]:Active Directory PT: Applying to status #1.
- [03/20/12 07:49:45.577]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.577]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.577]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.577]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.577]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.578]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.578]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.578]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:49:45.578]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:49:45.578]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:49:45.578]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:49:45.578]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:49:45.579]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:49:45.579]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.579]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.579]:Active Directory PT: (if-class-name equal "$current-node$") = FALSE.
- [03/20/12 07:49:45.579]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.579]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.579]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.580]:Active Directory PT: (if-local-variable 'pass' not-available) = TRUE.
- [03/20/12 07:49:45.580]:Active Directory PT: Performing if actions.
- [03/20/12 07:49:45.580]:Active Directory PT: Action: do-break().
- [03/20/12 07:49:45.580]:Active Directory PT: Applying to status #2.
- [03/20/12 07:49:45.580]:Active Directory PT: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.580]:Active Directory PT: Rule selected.
- [03/20/12 07:49:45.580]:Active Directory PT: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
- [03/20/12 07:49:45.581]:Active Directory PT: Action: do-if().
- [03/20/12 07:49:45.581]:Active Directory PT: Evaluating conditions.
- [03/20/12 07:49:45.581]:Active Directory PT: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
- [03/20/12 07:49:45.581]:Active Directory PT: Performing else actions.
- [03/20/12 07:49:45.581]:Active Directory PT: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.objectClass"))).
- [03/20/12 07:49:45.581]:Active Directory PT: arg-node-set(token-global-variable("drv.acctTrk.objectClass"))
- [03/20/12 07:49:45.582]:Active Directory PT: token-global-variable("drv.acctTrk.objectClass")
- [03/20/12 07:49:45.582]:Active Directory PT: Token Value: {"user"}.
- [03/20/12 07:49:45.582]:Active Directory PT: Arg Value: {"user"}.
- [03/20/12 07:49:45.582]:Active Directory PT: Performing actions for local-variable(current-node) = "user".
- [03/20/12 07:49:45.582]:Active Directory PT: Action: do-if().
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement