Programming Guides › Connector Programming Guide › Frequently Asked Questions › Implementation Questions

Implementation Questions

Why is my custom connector implementation not found?

Consider the following:

1. Does the implementationBundle metadata setting on your connector’s metadata match the <property name="name"> value in connector.xml? The setting must match, otherwise CA IAM CS does not know which ImplBundle to use to create an appropriate connector instance. As a result there are explanatory log messages in jcs_daily.log.
2. Is CA IAM CS noticing your connector implementation exists?
   1. A summary of all connectors is logged to logs/jcs_daily.log at start-up at INFO log-level, for example:

      INFO   - loaded 10 connectors:
      

      loaded connector "AS400" [connectorTypeName='OS400', connectorTypeLdapObjClass=eTAS4Namespace]
      

      loaded connector "JDBC" [connectorTypeName='null', connectorTypeLdapObjClass=eTDYNNamespace]
      

      loaded connector "JNDI" [connectorTypeName='null', connectorTypeLdapObjClass=eTDYNNamespace]
      

      loaded connector "KRB" [connectorTypeName='KRB Namespace', connectorTypeLdapObjClass=eTKRBNamespace]
      

      loaded connector "ORA" [connectorTypeName='Oracle Server', connectorTypeLdapObjClass=eTORANamespace]
      

      loaded connector "SAP" [connectorTypeName='SAP R3', connectorTypeLdapObjClass=eTSAPNamespace]
      

      loaded connector "SDK" [connectorTypeName='SDK Namespace', connectorTypeLdapObjClass=null]
      

      loaded connector "SDKDYN" [connectorTypeName='SDK DYN Namespace', connectorTypeLdapObjClass=null]
      

      loaded connector "SDKSCRIPT" [connectorTypeName='SDK Script DYN Namespace', connectorTypeLdapObjClass=null]
      

   2. Also logged at the INFO level is a summary of the information read from schemas contributed by static connectors. For example:

      INFO   - '/conf/eta_sql_openldap.schema': registered 9 objectClasss (skipped 0) 
      

      Errors encountered processing schemas are also logged, and can be a reason that CA IAM CS is not finding your connector implementation.

      If your connector does not appear in this list and you are running within a Java IDE like Eclipse or IDEA, then add your connector’s jar file to the CA IAM CS classpath.

   3. If your connector does not appear in this list and you are running from the command line (jcs.bat or jcs.sh), then your connector jar is probably malformed or has not been copied to cs-home/lib/. Verify that it contains a valid /conf/connector.xml file. For more information refer to the structure of the SDK connector’s jar file.

Why does CA IAM CS appear to execute without triggering break-points in the debugger?

In some circumstances, CA IAM CS has trouble shutting down. There have been observations of a phantom CA IAM CS running in the background which is servicing LDAP requests but to which the debugger is not connected. Run the task manager and manually shut down the phantom CA IAM CS java.exe process.

Why are exception breakpoints I set in CA IAM CS not being triggered?

CA IAM CS use of Java proxies in its implementation complicates setting exception breakpoints in your IDE.

If you observe an exception but then find a matching exception breakpoint that is not triggered as you expect, try setting a breakpoint on InvocationTargetException, which can wrap the original exception.

Why does the debugger step into JDK code if I trace into the end of a call on MetaConnector, to search() for example?

The CA IAM CS framework (and some connectors) uses Java proxies. You may be stepping into the call on the proxy method. Try inserting a breakpoint in the related method of the target class (like JDBCAttributeStyleOpProcessor.doSearch()) to skip through the proxy code.

How does my code access custom metadata settings I have added?

CA IAM CS uses JAXB generated code to convert the metadata files into JavaBean instances, which are then wrapped in instances of classes from the com.ca.commons.datamodel packages (like DataModelClass / DataModelProperty). These are then cached inside instances of the com.ca.jcs.meta.MetaObjectClassMapping for efficient runtime access using CA IAM CS. To access your extra custom metadata settings, you create a reference to the parent DataModelProperty (say using MetaObjectClassMapping.getDataModelProperty(String)), and then look up its metadata settings using the getMetaDataProperty(String) method.

Note: For an example, see the com.ca.jcs.sdk.converter.DummyFlattenPropertyConverter class reference MetaDataConsts.MD_FLATTEN_SEPARATOR in the SDK sample connector.

Why does CA IAM CS silently hang when performing a search?

ApacheDS worker threads occasionally hang in the following circumstances:

• When attributes are passed from doLookup() or doSearch() with no values, the ApacheDS LDAP codec is affected. In this case, do not include the attribute names should not be included, rather than being added with no values. To guard against this occurrence, the CA IAM CS framework checks attributes passed by your connector using the com.ca.jcs.LdapUtil.checkAttrsValid() method, so a descriptive assertion failure singles out the errant attribute.
• The CA IAM CS code may need to parse internally generated LDAP filter expressions (like determining which objects have associations with an existing object that is being deleted, renamed, or returned in search results) using org.apache.directory.shared.ldap.filter.FilterParserImpl.

  In the presence of various special characters, there have been some cases where these expressions are not well-formed. In these cases, the ApacheDS filter parsing code does not fail gracefully but displays an error message to stdout (and may therefore not be noticed). ApacheDS throws an exception which causes the thread executing the current LDAP request to never return to the client.

  Note: If you observe this behavior, contact CA technical support.

How can I customize the behavior of the connector level of the DIT, for instance to calculate the values of some virtual attributes?

Implement a class extending com.ca.jcs.processor.ConnectorAttributesProcessor and register it by calling the setConnectorAttributesProcessor() method in your connector's constructor.

How can I insert the values of virtual attributes in search results returned by my connector?

Usually it is sufficient to override the convertAttributesFromConnector() method in your connector. Verify that you call super.convertAttributesFromConnector() !) to handle what ever logic in required, as this method is called by com.ca.jcs.meta.MapSearchResultsFromConnectorEnum for each search result to map them to LDAP.

We recommended that you add you virtual attributes first and then call super.convertAttributesFromConnector() afterwards, so that you can keep your logic free from referencing LDAP attribute names.

How can I determine which objectclass instance my code has been passed when my connectorMapTo settings are long involved expressions (like a complicated SELECT statement in SQL)? I do not want my code to refer to LDAP objectclass names.

Use the metadata setting com.ca.commons.datamodel.MetaDataDefs.html#MD_CONN_MAP_ALIAS to specify a short alias for your objectclass (say connectorMapToAlias=account), and use the metadata setting as the discriminator in your code. We recommend that you use your own utility method to look up the value of this metadata setting where required (see previous question for tips).

What does an exception of this form mean: "ERROR - ... LdapInvalidAttributeIdentifierException: eTLNDDeleteOldReplicas not found in attribute registry!"?

The metadata document for your connector refers to an attribute not known in the following:

• Your connector's LDAP schema (in this case, connectors/lnd/conf/eta_lnd_openldap.schema), registered using conf/connector.xml
• Any other global schema files loaded by CA IAM CS as driven by server_osgi_jcs.xml.

This means that either an incorrect attribute name has been referenced, or that you need to add the attribute name to the appropriate .schema file.

Why is the Provisioning Server not behaving as expected?

If you enter non-valid XML code directly into the Provisioning Directory, the Provisioning Server or Provisioning Manager may no longer work as expected.

What's the impact of using integer types in java connectors?

When you use an attribute mapped as an integer, for example, when you add an integer typed field to an account in Connector Xpress, the integer values that your connector receives may end up padded. This can effect minimum and maximum field length validation in the CA IdentityMinder Provisioning Server.

This is because the CA IdentityMinderProvisioning Server pads the value. For example, for a client sending 22, CA IAM CS receives the following:

Type : 'eTDYN-int-c-01'

Val[0] : 0000000022 

For a client sending 022, CA IAM CS receives the following:

Type : 'eTDYN-int-c-01'

Val[0] : 0000000022 

Although the CA IAM CS unpads the values, in this example, CA IAM CS cannot determine if 022 or 22 is sent. The unpadding algorithm unpads the value up to the minimum length you specified, so 0000000022 becomes 022 for a specified minimum length of 3.

This occurs for all connectors when you map an int datatype. We recommend that you do not map to -int and use –str, unless, for example you use a capability attribute.