You do not have Supress-Warning turned on in the ar.conf file do you? If you do, make sure that none of the related errors (3377 specifically) are not on the list to be suppressed..
Joe From: LJ LongWing Sent: Tuesday, March 20, 2012 12:22 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: ARERR 3377 (LDAP Errors) and Filter Error Handlers ** Thad, I read this mail yesterday morning and didn’t have a clue….it appears that BMC will likely need to update their routine to recognize it as an error and utilize the handler. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thad Esser Sent: Tuesday, March 20, 2012 10:08 AM To: arslist@ARSLIST.ORG Subject: Fwd: ARERR 3377 (LDAP Errors) and Filter Error Handlers ** One of these days I will learn that Friday night is not the best time to send a question to the list. :-) Anyone have any thoughts on the below question? Thanks in advance, Thad ---------- Forwarded message ---------- From: Thad Esser <thad.es...@gmail.com> Date: Fri, Mar 16, 2012 at 6:59 PM Subject: ARERR 3377 (LDAP Errors) and Filter Error Handlers To: arslist@arslist.org Hello, We have an LDAP Vendor form that integrates with Active Directory. While trying to add some error trapping, it seems that the errors from LDAP don't trigger the ARS error handling of filters. I have a simple filter that adds a user to the "member" attribute of an AD Group. It works fine and has for years. Today, I added an error handler to that filter so that I could gracefully deal with situations where the member add failed. To test this, I am intentionally trying to add a user to a DN for which my LDAP account doesn't have access. I do get this message in the arerror.log (and on screen) so ARS does recognize it as an error: "The LDAP operation has failed : Insufficient access (LDAPERR 50)00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 (ARERR 3377)" The filter log shows the set field processing on the member field, but there is no indication of an error other than the last line: <FLTR> /* Fri Mar 16 2012 19:14:18.0717 */ Checking "TRG:ADG:UserDN_AddToGroup" (999) <FLTR> --> Passed -- perform actions <FLTR> 0: Set Fields <FLTR> members (536870921) = CN= <userinfo1>^|^CN= <userinfo2>^|^CN= <userinfo3> <FLTR> /* Fri Mar 16 2012 19:14:18.0795 */ End of filter processing (phase 1) -- Operation - SET on TRG:Active Directory:Group - <snip DN> <FLTR> /* Fri Mar 16 2012 19:14:18.1717 */Canceled filter processing due to error I added an error message action to test the error handler, and it triggered as expected: <FLTR> /* Fri Mar 16 2012 19:45:13.6116 */ Checking "TRG:ADG:UserDN_AddToGroup" (999) <FLTR> --> Passed -- perform actions <FLTR> 0: Set Fields <FLTR> members (536870921) = CN= <userinfo1>^|^CN= <userinfo2>^|^CN= <userinfo3> <FLTR> 1: Message <FLTR> test error message. <FLTR> **** Error while performing filter action: Error 10000 <FLTR> **** Filter "TRG:ADG:UserDN_AddToGroup": Calling filter error handler "zzz:TempErrorHandler" <FLTR> /* Fri Mar 16 2012 19:45:13.6276 */ Checking "zzz:TempErrorHandler" (999) <FLTR> --> Passed -- perform actions <FLTR> 0: Set Fields <FLTR> z1D_Char01 (536870922) = This is the error handler handling the error. <FLTR> **** Filter "zzz:TempErrorHandler": Successfully handled filter error <FLTR> **** Filter "TRG:ADG:UserDN_AddToGroup" <FLTR> /* Fri Mar 16 2012 19:45:13.6277 */ End of filter processing (phase 1) -- Operation - SET on TRG:Active Directory:Group - <snip DN> <FLTR> /* Fri Mar 16 2012 19:45:13.7246 */Canceled filter processing due to error So, does anyone have any ideas on how I can get ARS to "see" the LDAP error as an error? Thanks, Thad ARS 7.1 on AIX 5.3 ITSM 7.0.3 Oracle 10g Remote _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
