Forums » Interstage BPM Knowledgebase Articles

• C.Y. Chen

  

  • 33 posts
   

  February 23, 2012 3:40:03 AM PST

  Goal: How to Resolve the Error of Updating User Profile to Active Directory
   
  Fact: Interstage BPM (Business Process Manager) v7.4 AE (Advanced Edition)
   
  Fact: Microsoft Active Directory
   
  Fact: Interstage BPM Directory Adapter
   
  Symptom: Fails to update user profile with email notification enabled and provided an email address.  The Interstage BPM console error message:
  The stack trace is as follows:Could not update the user property list. {cychen does not contain user attributes 'sms,pin' for Directory.}Symptom: Error message found in IBPMServer.log:
  ERR:Fri Jan 27 15:27:12 EST 2012: TID=17211602: uai 5228279071028329911 : dirUpdateUserProfile: com.fujitsu.iflow.common.exceptions.ServerOperationFailed: khashz does not contain user attributes 'sms,pin' for Directory.
  Symptom: Error message found in DirAdapter.log:
  ERR:Fri Jan 27 15:27:11 EST 2012: TID=21000826: DirSessionImpl : @() javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B73, comment: Error in attribute conversion operation, data 0, v1772 ]; remaining name 'CN=CY, CHEN,OU=TO,DC=FUJITSU,DC=com'javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B73, comment: Error in attribute conversion operation, data 0, v1772 ]; remaining name 'CN=CY, CHEN,OU=TO,DC=FUJITSU,DC=com'at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3006)at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1437)at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)at com.fujitsu.iflow.diradapter.jndiimpl.DirSessionImpl.updateUserProfile(DirSessionImpl.java:682)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:585)at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)at sun.rmi.transport.Transport$1.run(Transport.java:153)at java.security.AccessController.doPrivileged(Native Method)at sun.rmi.transport.Transport.serviceCall(Transport.java:149)at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)at java.lang.Thread.run(Thread.java:595)ERR:Fri Jan 27 15:27:11 EST 2012: TID=21000826: DirSessionImpl : updateUserProfile: cychen does not contain user attributes 'sms,pin' for Directory.

  Fix:
  User profile attributes are stored in Active Directory if you are using Interstage BPM version prior to v8.1.  Post to v8.1, all user profile attributes such as email, iflownotification and dmsdir are stored in BPM database table, UserProfile.
   
  To avoid this error, please refer to Interstage BPM installation guide, typically found in chapter 4 Setting Up Microsoft Active Directory.  The Active Directory schema needs to be updated with the addition of the following attributes: email, iflownotification, uid and dmsdir.  Simply present the following to Active Directory administrator for the modification of the schema.
   
  dn: CN=email,CN=Schema,CN=Configuration,DC=X
  changetype: Add
  objectClass: attributeSchema
  ldapDisplayName: email
  adminDisplayName: email
  adminDescription: email
  attributeId: 1.2.840.113556.1.8000.716.10060
  attributeSyntax: 2.5.5.4
  isSingleValued: TRUE
  systemOnly: FALSE
  searchFlags: 1
  oMSyntax: 20
  extendedCharsAllowed: TRUE
  showInAdvancedViewOnly: TRUE
  
  dn: CN=iflownotification,CN=Schema,CN=Configuration,DC=X
  changetype: Add
  objectClass: attributeSchema
  ldapDisplayName: iflownotification
  adminDisplayName: iflownotification
  adminDescription: iflownotification
  attributeId: 1.2.840.113556.1.8000.716.10061
  attributeSyntax: 2.5.5.4
  isSingleValued: TRUE
  systemOnly: FALSE
  searchFlags: 1
  oMSyntax: 20
  extendedCharsAllowed: TRUE
  showInAdvancedViewOnly: TRUE
  
  dn: CN=dmsdir,CN=Schema,CN=Configuration,DC=X
  changetype: Add
  objectClass: attributeSchema
  ldapDisplayName: dmsdir
  adminDisplayName: dmsdir
  adminDescription: dmsdir
  attributeId: 1.2.840.113556.1.8000.716.10062
  attributeSyntax: 2.5.5.4
  isSingleValued: TRUE
  systemOnly: FALSE
  searchFlags: 1
  oMSyntax: 20
  extendedCharsAllowed: TRUE
  showInAdvancedViewOnly: TRUE

  dn: CN=uid,CN=Schema,CN=Configuration,DC=X
  changetype: Add
  objectClass: attributeSchema
  ldapDisplayName: uid
  adminDisplayName: uid
  adminDescription: A user ID.
  attributeId: 0.9.2342.19200300.100.1.1
  attributeSyntax: 2.5.5.12
  omSyntax: 64
  isSingleValued: FALSE
  systemOnly: FALSE
  searchFlags: 13
  schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ==
  attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw==
  showInAdvancedViewOnly: FALSE
   
  The attached zip file contains a .ldif file for automating the Active Directory users and groups creation.  It can be used as a basis for the AD administrator to perform the users and groups creations.
   
  Alternatively, refer to Knowledge Base Article How to Create A Custom Email Notification for Task Assignment

  for sending email notifications without updating user profile.  Then, there is no need to change the schema attributes in Active Directory.
  
  

  Note: Refer to AEInstallation_Guide.pdf, Chapter 4.1 Setting Up Microsoft Active Directory for more information concerning AD Schema attributes required for updating user profile.

  Author: C.Y. Chen
  Attachment: iFlowADAdd.zip