Joe, I hadn't thought of that, as the error does show up in the error log. I double checked and am not supressing any warnings.
Thanks, Thad On Tue, Mar 20, 2012 at 9:26 AM, Joe Martin D'Souza <[email protected]>wrote: > ** > You do not have Supress-Warning turned on in the ar.conf file do you? If > you do, make sure that none of the related errors (3377 specifically) are > not on the list to be suppressed.. > > Joe > > *From:* LJ LongWing <[email protected]> > *Sent:* Tuesday, March 20, 2012 12:22 PM > *Newsgroups:* public.remedy.arsystem.general > *To:* [email protected] > *Subject:* Re: ARERR 3377 (LDAP Errors) and Filter Error Handlers > > ** > > Thad,**** > > I read this mail yesterday morning and didn’t have a clue….it appears that > BMC will likely need to update their routine to recognize it as an error > and utilize the handler.**** > > **** > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Thad Esser > *Sent:* Tuesday, March 20, 2012 10:08 AM > *To:* [email protected] > *Subject:* Fwd: ARERR 3377 (LDAP Errors) and Filter Error Handlers**** > > **** > > ** **** > > One of these days I will learn that Friday night is not the best time to > send a question to the list. :-) **** > > **** > > Anyone have any thoughts on the below question?**** > > **** > > Thanks in advance,**** > > Thad**** > > ---------- Forwarded message ---------- > From: *Thad Esser* <[email protected]> > Date: Fri, Mar 16, 2012 at 6:59 PM > Subject: ARERR 3377 (LDAP Errors) and Filter Error Handlers > To: [email protected] > > **** > > Hello,**** > > **** > > We have an LDAP Vendor form that integrates with Active Directory. While > trying to add some error trapping, it seems that the errors from LDAP don't > trigger the ARS error handling of filters. I have a simple filter that > adds a user to the "member" attribute of an AD Group. It works fine and > has for years. Today, I added an error handler to that filter so that I > could gracefully deal with situations where the member add failed. To test > this, I am intentionally trying to add a user to a DN for which my LDAP > account doesn't have access. I do get this message in the arerror.log (and > on screen) so ARS does recognize it as an error:**** > > "The LDAP operation has failed : Insufficient access (LDAPERR > 50)00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), > data 0 (ARERR 3377)"**** > > The filter log shows the set field processing on the member field, but > there is no indication of an error other than the last line:**** > > <FLTR> /* Fri Mar 16 2012 19:14:18.0717 */ Checking > "TRG:ADG:UserDN_AddToGroup" (999)**** > > <FLTR> --> Passed -- perform actions**** > > <FLTR> 0: Set Fields**** > > <FLTR> members (536870921) = CN= <userinfo1>^|^CN= > <userinfo2>^|^CN= <userinfo3>**** > > <FLTR> /* Fri Mar 16 2012 19:14:18.0795 */ End of filter processing > (phase 1) -- Operation - SET on TRG:Active Directory:Group - <snip DN>**** > > <FLTR> /* Fri Mar 16 2012 19:14:18.1717 */Canceled filter processing > due to error**** > > I added an error message action to test the error handler, and it > triggered as expected:**** > > <FLTR> /* Fri Mar 16 2012 19:45:13.6116 */ Checking > "TRG:ADG:UserDN_AddToGroup" (999)**** > > <FLTR> --> Passed -- perform actions**** > > <FLTR> 0: Set Fields**** > > <FLTR> members (536870921) = CN= <userinfo1>^|^CN= > <userinfo2>^|^CN= <userinfo3>**** > > <FLTR> 1: Message**** > > <FLTR> test error message.**** > > <FLTR> **** Error while performing filter action: Error 10000**** > > <FLTR> **** Filter "TRG:ADG:UserDN_AddToGroup": Calling filter error > handler "zzz:TempErrorHandler"**** > > <FLTR> /* Fri Mar 16 2012 19:45:13.6276 */ Checking > "zzz:TempErrorHandler" (999)**** > > <FLTR> --> Passed -- perform actions**** > > <FLTR> 0: Set Fields**** > > <FLTR> z1D_Char01 (536870922) = This is the error handler > handling the error.**** > > <FLTR> **** Filter "zzz:TempErrorHandler": Successfully handled filter > error**** > > <FLTR> **** Filter "TRG:ADG:UserDN_AddToGroup"**** > > <FLTR> /* Fri Mar 16 2012 19:45:13.6277 */ End of filter processing > (phase 1) -- Operation - SET on TRG:Active Directory:Group - <snip DN>**** > > <FLTR> /* Fri Mar 16 2012 19:45:13.7246 */Canceled filter processing > due to error**** > > So, does anyone have any ideas on how I can get ARS to "see" the LDAP > error as an error?**** > > Thanks, > Thad**** > > ARS 7.1 on AIX 5.3**** > > ITSM 7.0.3**** > > Oracle 10g Remote > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
