A.0 Troubleshooting the API

Most calls to the Novell® Identity Manager Fan-Out driver AS Client API return a value that describes the outcome of the call. These return code values are defined in the C language ascauth.h header file and are provided as fields in the JAscAuth class in the Java interface. The C language API function ASC_STRERROR() and the Java interface method strError() can be used to return a text string that corresponds to the return code. This text string is included in many of the messages that are written to the platform log file for errors involving API calls.

The Java interface uses exceptions for most non-affirmative API call outcomes.

The following table lists the return codes and their corresponding text string, and suggests actions to take for them.

Table A-1 Return Codes for Troubleshooting

Return Code

Symbol Text String

Explanation and Suggested Action

0

AS_OK

Action successful

The operation returned a positive response. For calls such as check password, this corresponds to an answer of “Yes.”

1

AS_NO

Action not successful

The operation returned a negative response. For calls such as check password, this corresponds to an answer of “No.”

2

AS_NOUSER

Unknown user

The Enterprise User ID specified on the call is inactive or is not in the Census.

Action: If you expect this user to be active in the Census, see “Managing the Census” in the Core Driver Administration Guide for additional information.

3

AS_NOAGENT

No core drivers are available for authentication

No core drivers could be contacted to process the request.

Action: This is generally caused by a configuration problem.

  • Ensure that the platform configuration file specifies the correct network addresses for the core drivers.

  • Ensure that the core driver is running on the specified servers and listening on the port specified in the platform configuration file.

  • Ensure that the Platform Services Process is running or that you have specified the DIRECTTOAUTHENTICATION statement in your platform configuration file.

  • Ensure that you have network connectivity to a core driver server.

  • Ensure that driver has been activated or that the evaluation period has not expired.

For more information, see the Platform Services Planning Guide and Reference and the Core Driver Administration Guide.

4

AS_BADCLIENT

Local host is not authorized to query the core driver

The network address used by the platform to contact a core driver did not match the network address listed in the Platform Configuration object in the ASAM System container.

Action: For information about managing Platform objects with the Web interface, see the Core Driver Administration Guide.

For an administrative password reset, this can indicate that the administrator user ID/password is not valid or that the administrator does not have rights to change the password.

5

AS_REVOKED

User is disabled/revoked

The specified Enterprise User ID corresponds to a User object that has been disabled.

6

AS_INTRUDER

Intruder detection is active

The specified Enterprise User ID corresponds to a User object that has been locked because of intruder detection.

7

AS_INVALIDARGS

Invalid arguments

The arguments specified on the call are not valid.

Action: Make certain that the arguments passed to the call are of the correct type and value. For example, an argument that specifies the name of an object cannot be blank or null, and an argument that specifies a buffer size to hold a result cannot be zero.

8

AS_INVALIDOBJ

Invalid object

An object specified as an argument was not of the correct type or was not found.

Action: Verify that the objects specified on arguments to the call are of the proper type. Handle the not-found condition as appropriate for your application.

9

AS_INVALIDOBJLEN

Invalid object length

An object name specified as an argument was longer than the maximum allowable eDirectory™ object name.

Action: Check object names that are specified as arguments to be sure that they do not exceed the maximum length for an eDirectory object name.

10

AS_PASSDUPLICATE

Password has been previously used

The new password that was specified to the change password API function has been previously used for this User object and the User object is required to specify unique passwords.

Action: Specify a password that has not been previously used.

11

AS_PASSTOOSHORT

Password does not meet password rules

The new password that was specified to the change password API function is shorter than the minimum password length set for the User object.

Action: Specify a password that meets the password rules for the User object.

12

AS_TOOSMALL

Buffer is too small

The size specified for a buffer argument is too small to hold the result. The result is truncated.

Action: Allocate a larger buffer, and issue the request again.

13

AS_ATTRNOTFOUND

Attribute not found

The attribute specified was not found for the specified object.

Action: Process this response accordingly, or specify the name of an attribute that exists for the specified object.

14

AS_WSOCKUP

WINSOCK not initialized

Not used in the Identity Manager Fan-Out driver.

15

AS_WSOCKDOWN

WINSOCK not terminated

Not used in the Identity Manager Fan-Out driver.

16

AS_NOAUTHENV

No authentication environment established

The asce argument did not specify a valid environment item.

C Action: Verify that a successful call to ASC_INIT() or ASC_INIT_EXT() has been made. Successful calls return a pointer to a valid environment item. Unsuccessful calls return NULL. Verify that the pointer to the environment item is correctly specified as an argument to this call.

Java Action: Verify that a successful call to init() has been made.

17

AS_PRODUCTEXPIRED

Ascauth client has expired

The expiration date for the platform has passed.

Action: Install a current version of Platform Services.

18

AS_INCLUDED

User matched an INCLUDE statement

The Enterprise User ID specified on a call to ASC_USER_INCLUDE_EXCLUDE() matched an AS.USER.INCLUDE statement in the platform configuration file.

19

AS_EXCLUDED

User matched an EXCLUDE statement

The Enterprise User ID specified on a call to ASC_USER_INCLUDE_EXCLUDE() matched an AS.USER.EXCLUDE statement in the platform configuration file.

20

AS_NOMATCH

User did not match any INCLUDE/EXCLUDE statement

The Enterprise User ID specified on a call to ASC_USER_INCLUDE_EXCLUDE() did not match any AS.USER.INCLUDE or AS.USER.EXCLUDE statement in the platform configuration file. The user is included because AS.USER.INCLUDE * is implicit if AS.USER.EXCLUDE * is not specified.

21

AS_NOLICENSE

Client is not licensed to use the driver

Not used in the Identity Manager Fan-Out driver.

22

AS_INVALIDREQ

API request is not valid or unsupported

The AS Client API call was not recognized by the core driver.

Action: Ensure that the version of Platform Services and the version of the core driver are compatible.

23

AS_KEYEXPIRED

Client is using an expired DES key

The DES encryption key used by a non-SSL version of Platform Services has expired.

Action: Update the KEY statement in the platform configuration file with the same encryption key that is specified for the Platform in the Platform object in the ASAM System container. For information about managing Platform objects with the Web interface, see the Core Driver Administration Guide.

24

AS_INSUFFICIENTRIGHTS

Client is using an expired DES key

An administrative password reset was rejected. The administrative user does not exist, the password given for the administrative user is not valid, or the administrative user does not have rights to change the target user's password.