You can use the explanations for common errors to troubleshoot
the IBM® Security Access Manager
v2 Connector.
- Unable to read in the configuration URL: file:/X:/TDI/LDAPSync/ISAM_API.properties.
- The IBM Security Access
Manager v2 Connector parameter that is labeled as Configuration File
must contain the path and file name of the IBM Security Access Manager API properties file.
This API properties file is generated with the com.tivoli.pd.rgy.util.RgyConfig tool.
- The IBM Security Access
Manager domain <DomainName> does not exist.
- The domain name that is specified either in the IBM Security Access Manager v2 Connector Connection
tab or in the API properties file is invalid.
- The distinguished name does not map to an existing entry in the
registry.
- The secDN value does not map to an existing
branch of the IBM Security Directory
Server directory tree. Ensure that your mapping of the attribute is
correct.
- The specified distinguished name (secDN) does not exist.
- The secDN value does not map to an existing
branch of the IBM Security Directory
Server directory tree. Ensure that your mapping of the attribute is
correct.
- An invalid group identification or Distinguished Name (DN) was
specified.
- The group identifier or DN value is invalid. For example, the cn attribute
value that is used when you are writing groups is invalid. Ensure
that your mapping of the attribute is correct.
- There is no IBM Security
Access Manager entity in the domain with ID <id>.
- While you are writing groups, the member attribute
must contain the IDs of existing IBM Security
Access Manager user and group entities. Otherwise, these values are
skipped and this error is logged.
- Entry was not found.
- The link criteria that is set up for the IBM Security Access Manager v2 Connector failed
to locate an entry.
- Group not found.
- While you are writing IBM Security
Access Manager users, the memberOf Attribute
must contain the IDs of existing groups. Otherwise, these values are
skipped and this error logged.
- Connector gives null pointer exception when userPassword is
missing in output map of the AddOnly mode
- The userPassword attribute is required if you
create both the IBM Security
Access Manager user and the LDAP person entry in the directory. It
is required because the API applies policy checks to the entry that
is created. However, if the person entry, which is to be added by
the connector, already exists, then the user is imported instead of
created. In this case, userPassword is not mandatory. For example,
if the connector is used in the Federated Directory Server IBM Security Access Manager plug-in,
you are not required to map the userPassword attribute.
- The secPwdValid password is written as true even
when the value mapped to it was false.
- The secValidPwd attribute for an IBM Security Access Manager user
is set to true whenever the userPassword attribute
is modified.
For more information, see the following links: