Environment
NetIQ Identity Manager - Bidirectional eDirectory Driver
Situation
The Bidirectional eDirectory Driver does not have an explicit trace file to see what is happening on the connected side eDirectory with the change log module installed there. How do you troubleshoot the driver to see what is happening.
Resolution
You have to use DSTRACE to see what is happening on the connected side.
1. The Bidirectional eDirectory driver uses LDAP for communication and synchronization to and from the connected side eDirectory server. You need to configure the eDirectory LDAP server on the connected side to provide details in the LDAP trace on that server. This can is done on the connected side server with the command: "/var/opt/novell/eDirectory/bin/ldapconfig set "LDAP Screen Level=all"
For additional information on how to do this, see Technical Information Document 7001461 - How to trace LDAP operations to the screen or log file
2. Configure the Bidirectional eDirectory Driver to provide detail tracing. Set the Change-log trace level to DEBUG in the Properties of the Bidrectional eDirectory Driver, Driver Configuration, Driver Parameters section, Publisher Settings, Change-log trace level.
You will likely also want to configure the Bidirectional eDirectory Driver to trace the driver side information to a file. Set it to Level 3 and specify the log file name and location. See Technical Information Document 7015934 - How to capture a trace generated by Identity Manager and Drivers
3. Configure NDSTRACE on the connected side server with TIME, TAGS, LDAP, DVRS and DXML.
Here are the commands to issue in a terminal window
ndstrace
set ndstrace=nodebug (clears previous settings)
ndstrace +time +tags +ldap +dxml +dvrs
ndstrace file on
ndstrace=*r (resets the log file to zero)
4. Once you have the trace files configured, restart the driver and duplicate the issue. Once you are complete, then turn off the ndstrace log file with "ndstrace file off" and review the driver log and ndstrace log files (var/opt/novell/eDirectory/log/ndstrace.log)
If additional eDirectory agent inform is needed then you can add AREQ, ABUF to the ndstrace on the connected side. However, these flags add a lot of data do the log file, and you may only want to add them if needed. Turn them on if needed and turn them off when done.