Browse » Home » G-Suite » Identity Management » Micro Focus » Security » G-Suite IDM Driver v4.2 - Common Driver issues

G-Suite IDM Driver v4.2 - Common Driver issues

Posted by Darenji

at Friday, September 04, 2020

Labels: G-Suite, Identity Management, Micro Focus, Security

Common G-Suite Driver Issues

Issue	Example and Notes
User Placement. Do not use a leading "\" to place users or Organization Units.	To place a user in the root container, the dest-dn should only contain the Username. If you are placing a user in the G-Suite Sales\Marketing container your dest-dn should look like: <add class-name="User" dest-dn="Sales\Marketing\ ddare"/> Organization Units use the same format for dest-dn.
Group Placement: Do not use a placement rule on groups as Google does not support placing groups in organizations.	Groups are not kept in a hierarchical structure. Placement is not relevant to group objects.
Unique naming: It is important that Nicknames, Group names and usernames be unique in the G Suite domain.	When developing a matching rule be sure to check for nicknames and usernames to ensure proper matching. Further, naming must be unique across all Google Organization units. It is not legal to have Sales\Marketing\myname and Engineering\myname since myname needs to be unique across the domain.
Driver Unable to Start	Are the driver jar files installed and eDirectory restarted? Have you created the admin account in Google and logged into the web interface at least once? Examine a level 3 or higher trace log of the driver start up for errors.
Driver Exceeds Quota on requests to specific services.	Google has specific default quotas defined for the various services the driver uses. The quotas limit the total number of requests allowed in a given 24 hour period. Once these quotas are exceeded the driver will receive an HTTP 403: Forbidden error.
Token Response Exception when using Gmail Settings Attributes	The trace will show something like this: DirXML Log Event ------------------- Driver: \GLOBAL-DOMINATION\system\driverset1\Google Apps Status: Fatal Message: <description>com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized</description> <exception class-name="com.google.api.client.auth.oauth2.TokenResponseException"> <message>401 Unauthorized</message> </exception> This error is due to not authorizing the new Gmail scopes within the Security section of your G Suite domain. Please refer to the following guide to reset the authorized scopes for the service account. Micro Focus Identity Manager Driver 4.8 : G-Suite Driver v4.2 - OAuth Update
GoogleJsonResponseException error 403 forbidden when accessing Gmail Settings attributes	The trace will show something like this: <status level="retry" type="app-connection"> <description>IOException: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden { "code" : 403, "errors" : [ { "domain" : "usageLimits", "message" : "Access Not Configured. Gmail API has not been used in project 1233 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail.googleapis.com/overview?project=1233 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.", "reason" : "accessNotConfigured". The Gmail API has not been enabled for your G Suite domain. Enable it in your service account's developers console project.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)