T l Access Manager Global Security Kit Tivoli Access Manager provides data encryption through the use of the Global Security Kit (GSKit) version 7.0. GSKit is included on the IBM Tivoli

Tivoli Access Manager

Error Message Reference

Version 6.1

GI11-8157-00

Note Before using this information and the product it supports, read the information in Appendix B, Notices, on page 863.

First Edition (April 2008)

This edition applies to version 6, release 1, modification 0 of IBM Tivoli Access Manager (product number 5724-C08) and to all subsequent releases and modifications until otherwise indicated in new editions.

Copyright International Business Machines Corporation 2001, 2008. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents

About this publication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v What this publication contains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

IBM Tivoli Access Manager for e-business library . . . . . . . . . . . . . . . . . . . . . . v Related products and publications . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Accessing terminology online . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Accessing publications online . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Ordering publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Tivoli technical training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Support information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Conventions used in this publication . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Typeface conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Operating system-dependent variables and paths . . . . . . . . . . . . . . . . . . . . . . xi

Chapter 1. Tivoli Access Manager Base Messages . . . . . . . . . . . . . . . . . 1

Chapter 2. Tivoli Access Manager for e-business WebSEAL Messages . . . . . . . . 225

Chapter 3. Tivoli Access Manager for e-business Plug-in for Web Servers Messages 253

Chapter 4. Tivoli Access Manager for e-business Messages for Session Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Chapter 5. Tivoli Access Manager for e-business Messages for IBM WebSphere Edge Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Chapter 6. Tivoli Access Manager for e-business Messages for Web Runtime . . . . 475

Chapter 7. Tivoli Access Manager for Operating Systems Messages . . . . . . . . . 573

Chapter 8. IBM Global Security Kit return codes . . . . . . . . . . . . . . . . . 803 General return codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803 Key management return codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807

Chapter 9. Common Auditing and Reporting Services messages . . . . . . . . . . 813

Appendix A. Support information . . . . . . . . . . . . . . . . . . . . . . . . 857 Searching knowledge bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857

Searching information centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857 Searching the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857

Obtaining fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857 Registering with IBM Software Support . . . . . . . . . . . . . . . . . . . . . . . . . 858 Receiving weekly software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . 858 Contacting IBM Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 859

Determining the business impact . . . . . . . . . . . . . . . . . . . . . . . . . . . 859 Describing problems and gathering information . . . . . . . . . . . . . . . . . . . . . . 860 Submitting problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860

Appendix B. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863 Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865

Copyright IBM Corp. 2001, 2008 iii

iv Error Message Reference

About this publication

The IBM Tivoli Access Manager for e-business: Error Message Reference provides a list of all informational, warning, and error messages associated with IBM Tivoli Access Manager

Intended audience This book is intended for system administrators who are responsible for maintaining and troubleshooting Tivoli Access Manager.

What this publication contains This reference contains the following sections: v Chapter 1, Tivoli Access Manager Base Messages, on page 1 v Chapter 2, Tivoli Access Manager for e-business WebSEAL Messages, on page

225 v Chapter 3, Tivoli Access Manager for e-business Plug-in for Web Servers

Messages, on page 253 v Chapter 4, Tivoli Access Manager for e-business Messages for Session

Management Server, on page 373 v Chapter 5, Tivoli Access Manager for e-business Messages for IBM WebSphere

Edge Server, on page 429 v Chapter 6, Tivoli Access Manager for e-business Messages for Web Runtime,

on page 475 v Chapter 7, Tivoli Access Manager for Operating Systems Messages, on page

573 v Chapter 8, IBM Global Security Kit return codes, on page 803 v Chapter 9, Common Auditing and Reporting Services messages, on page 813

Publications This section lists publications in the IBM Tivoli Access Manager for e-business library and related documents. The section also describes how to access Tivoli publications online and how to order Tivoli publications.

IBM Tivoli Access Manager for e-business library Review the descriptions of the Tivoli Access Manager library, the prerequisite publications, and the related publications to determine which publications you might find helpful. After you determine the publications you need, refer to the instructions for accessing publications online.

Additional information about the Tivoli Access Manager for e-business product itself can be found at the following Web address:

http://www.ibm.com/software/tivoli/products/access-mgr-e-bus

The Tivoli Access Manager library is organized into the following categories: v Release information on page vi

Copyright IBM Corp. 2001, 2008 v

http://www.ibm.com/software/tivoli/products/access-mgr-e-bus

v Installation and upgrade documentation v Administration documentation v Reference documentation on page vii v Problem determination documentation on page vii v Performance tuning documentation on page vii

Release information v IBM Tivoli Access Manager for e-business: Release Notes, GC23-6501-00

Provides information about installing and getting started, system requirements, known installation and configuration problems, and problem workarounds.

Installation and upgrade documentation v IBM Tivoli Access Manager for e-business: Installation Guide, GC23-6502-00

Explains how to install and configure Tivoli Access Manager for e-business. v IBM Tivoli Access Manager for e-business: Upgrade Guide, SC23-6503-00

Explains how to upgrade to Tivoli Access Manager for e-business version 6.1. v IBM Tivoli Access Manager for e-business: Quick Start Guide, GI11-8174-00

Provides a high-level overview of a Tivoli Access Manager for e-business version 6.1 installation.

Administration documentation v IBM Tivoli Access Manager for e-business: Administration Guide, SC23-6504-00

Describes the concepts and procedures for using Tivoli Access Manager. Provides instructions for performing tasks from the Web Portal Manager interface and by using the pdadmin utility.

v IBM Tivoli Access Manager for e-business: WebSEAL Administration Guide, SC23-6505-00 Provides background material, administrative procedures, and technical reference information for using WebSEAL to manage the resources of your secure Web domain.

v IBM Tivoli Access Manager for e-business: Plug-in for Edge Server Administration Guide, SC23-6506-00 Provides administration instructions for integrating Tivoli Access Manager with the IBM WebSphere Edge Server application.

v IBM Tivoli Access Manager for e-business: Plug-in for Web Servers Administration Guide, SC23-6507-00 Provides administration procedures, and technical reference information for securing your Web domain using a Web server plug-in.

v IBM Tivoli Access Manager for e-business: Shared Session Management Administration Guide, SC23-6509-00 Provides deployment considerations and operational instructions for the session management server.

v IBM Global Security Kit: Secure Sockets Layer Introduction and iKeyman Users Guide, SC23-6510-00 Provides information for network or system security administrators who plan to enable SSL communication in their Tivoli Access Manager environment.

v IBM Tivoli Access Manager for e-business: Auditing Guide, SC23-6511-00 Provides information about configuring and managing audit events using the native Tivoli Access Manager approach and the Common Auditing and

vi Error Message Reference

Reporting Service. Information about installing and configuring the Common Auditing and Reporting Service that can be used for generating and viewing operational reports is also provided.

Reference documentation v IBM Tivoli Access Manager for e-business: Command Reference, SC23-6512-00

Provides reference information about the commands, utilities, and scripts that are provided with Tivoli Access Manager.

v IBM Tivoli Access Manager for e-business: Administration C API Developer Reference, SC23-6513-00 Provides reference information about using the C language implementation of the administration API to enable an application to perform Tivoli Access Manager administration tasks.

v IBM Tivoli Access Manager for e-business: Administration Java Classes Developer Reference, SC23-6514-00 Provides reference information about using the Java language implementation of the administration API to enable an application to perform Tivoli Access Manager administration tasks.

v IBM Tivoli Access Manager for e-business: Authorization C API Developer Reference, SC23-6515-00 Provides reference information about using the C language implementation of the authorization API to enable an application to use Tivoli Access Manager security.

v IBM Tivoli Access Manager for e-business: Authorization Java Classes Developer Reference, SC23-6516-00 Provides reference information about using the Java language implementation of the authorization API to enable an application to use Tivoli Access Manager security.

v IBM Tivoli Access Manager for e-business: Web Security Developer Reference, SC23-6517-00 Provides programming and reference information for developing authentication modules.

Problem determination documentation v IBM Tivoli Access Manager for e-business: Problem Determination Guide,

GI11-8156-00 Provides problem determination information for Tivoli Access Manager.

v IBM Tivoli Access Manager for e-business: Error Message Reference, GI11-8157-00 Provides explanations and recommended actions for the messages and return code that are generated by Tivoli Access Manager.

Performance tuning documentation v IBM Tivoli Access Manager for e-business: Performance Tuning Guide, SC23-6518-00

Provides performance tuning information for an environment consisting of Tivoli Access Manager with the IBM Tivoli Directory Server as the user registry.

Related products and publications This section lists the IBM products that are related to and included with a Tivoli Access Manager solution.

About this publication vii

IBM Global Security Kit Tivoli Access Manager provides data encryption through the use of the Global Security Kit (GSKit) version 7.0. GSKit is included on the IBM Tivoli Access Manager Base CD for your particular platform, as well as on the IBM Tivoli Access Manager Web Security CDs, the IBM Tivoli Access Manager Shared Session Management CDs, and the IBM Tivoli Access Manager Directory Server CDs.

The GSKit package provides the iKeyman key management utility, gsk7ikm, which is used to create key databases, public-private key pairs, and certificate requests. The IBM Global Security Kit: Secure Sockets Layer Introduction and iKeyman Users Guide is available on the Tivoli Information Center Web site in the same section as the Tivoli Access Manager product documentation.

IBM Tivoli Directory Server IBM Tivoli Directory Server version 6.1 is included on the IBM Tivoli Access Manager Directory Server set of CDs for the desired operating system.

Additional information about Tivoli Directory Server can be found at the following Web address:

http://www.ibm.com/software/tivoli/products/directory-server/

IBM Tivoli Directory Integrator IBM Tivoli Directory Integrator version 6.1.1 is included on the IBM Tivoli Directory Integrator CD for the desired operating system.

Additional information about IBM Tivoli Directory Integrator can be found at the following Web address:

http://www-306.ibm.com/software/tivoli/products/directory-integrator/

IBM DB2 Universal Database IBM DB2 Universal Database Enterprise Server Edition version 9.1 is provided on the IBM Tivoli Access Manager Directory Server set of CDs and is installed with the Tivoli Directory Server software. DB2 is required when using Tivoli Directory Server or z/OS LDAP servers as the user registry for Tivoli Access Manager. For z/OS LDAP servers, you must separately purchase DB2.

Additional information about DB2 can be found at the following Web address:

http://www.ibm.com/software/data/db2

IBM WebSphere Application Server WebSphere Application Server version 6.1 is included on the IBM Tivoli Access Manager WebSphere Application Server set of CDs for the desired operating system. WebSphere Application Server enables the support of the Web Portal Manager interface, which is used to administer Tivoli Access Manager; the Web Administration Tool, which is used to administer Tivoli Directory Server; the Common Auditing and Reporting Service, which is used to process and report on audit events; the session management server, which is used to managed shared session in a Web security server environment and the Attribute Retrieval Service.

Additional information about WebSphere Application Server can be found at the following Web address:

http://www.ibm.com/software/webservers/appserv/infocenter.html

viii Error Message Reference

http://www.ibm.com/software/tivoli/products/directory-serverhttp://www-306.ibm.com/software/tivoli/products/directory-integrator/http://www.ibm.com/software/data/db2http://www.ibm.com/software/webservers/appserv/was

Accessing terminology online The Tivoli Software Glossary includes definitions for many of the technical terms related to Tivoli software. The Tivoli Software Glossary is available at the following Tivoli software library Web site:

http://publib.boulder.ibm.com/tividd/glossary/tivoliglossarymst.htm

The IBM Terminology Web site consolidates the terminology from IBM product libraries in one convenient location. You can access the Terminology Web site at the following Web address:

http://www.ibm.com/software/globalization/terminology

Accessing publications online The Tivoli Software Library provides a variety of Tivoli publications such as white papers, data sheets, demonstrations, Redbooks, and announcement letters. The publications for this product and many other Tivoli products are available online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in the Tivoli software library at the following Web address:

http://publib.boulder.ibm.com/tividd/td/tdprodlist.html

To locate product publications in the library, click the first letter of the product name or scroll until you find the product name. Then click the name of the product. Product publications include release notes, installation guides, users guides, administrators guides, and developers references.

Note: To ensure proper printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window (which is available when you click File Print).

Ordering publications You can order many Tivoli publications online at http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss.

You can also order by telephone by calling one of these numbers: v In the United States: 800-879-2755 v In Canada: 800-426-4968

In other countries, contact your software account representative to order Tivoli publications. To locate the telephone number of your local representative, perform the following steps: 1. Go to http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss. 2. Select your country from the list and click Go. 3. Click About this site in the main panel to see an information page that

includes the telephone number of your local representative.

About this publication ix

http://publib.boulder.ibm.com/tividd/glossary/tivoliglossarymst.htmhttp://www.ibm.com/software/globalization/terminologyhttp://publib.boulder.ibm.com/tividd/td/tdprodlist.htmlhttp://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wsshttp://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss

Accessibility Accessibility features help users with a physical disability, such as restricted mobility or limited vision, to use software products successfully. With this product, you can use assistive technologies to hear and navigate the interface. You can also use the keyboard instead of the mouse to operate all features of the graphical user interface.

Tivoli technical training For Tivoli technical training information, refer to the following IBM Tivoli Education Web site at http://www.ibm.com/software/tivoli/education.

Support information If you have a problem with your IBM software, you want to resolve it quickly. IBM provides the following ways for you to obtain the support you need:

Online Go to the IBM Software Support site at http://www.ibm.com/software/supportand follow the instructions.

IBM Support Assistant The IBM Support Assistant (ISA) is a free local software serviceability workbench that helps you resolve questions and problems with IBM software products. The ISA provides quick access to support-related information and serviceability tools for problem determination. To install the ISA software, go to http://www.ibm.com/software/support/isa.

Problem Determination Guide For more information about resolving problems, see the IBM Tivoli Access Manager for e-business: Problem Determination Guide.

Conventions used in this publication This publication uses several conventions for special terms and actions, operating system-dependent commands and paths, and margin graphics.

Typeface conventions This publication uses the following typeface conventions:

Bold

v Lowercase commands and mixed case commands that are otherwise difficult to distinguish from surrounding text

v Interface controls (check boxes, push buttons, radio buttons, spin buttons, fields, folders, icons, list boxes, items inside list boxes, multicolumn lists, containers, menu choices, menu names, tabs, property sheets), labels (such as Tip:, and Operating system considerations:)

v Keywords and parameters in textItalic

v Citations (examples: titles of publications, diskettes, and CDs v Words defined in text (example: a nonswitched line is called a

point-to-point line)

x Error Message Reference

http://www.ibm.com/software/tivoli/educationhttp://www.ibm.com/software/supporthttp://www.ibm.com/software/supporthttp://www.ibm.com/software/support/isa

v Emphasis of words and letters (words as words example: "Use the word that to introduce a restrictive clause."; letters as letters example: "The LUN address must start with the letter L.")

v New terms in text (except in a definition list): a view is a frame in a workspace that contains data.

v Variables and values you must provide: ... where myname represents....Monospace

v Examples and code examples v File names, programming keywords, and other elements that are difficult

to distinguish from surrounding text v Message text and prompts addressed to the user v Text that the user must type v Values for arguments or command options

Operating system-dependent variables and paths This publication uses the UNIX convention for specifying environment variables and for directory notation.

When using the Windows command line, replace $variable with % variable% for environment variables and replace each forward slash (/) with a backslash (\) in directory paths. The names of environment variables are not always the same in the Windows and UNIX environments. For example, %TEMP% in Windows environments is equivalent to $TMPDIR in UNIX environments.

Note: If you are using the bash shell on a Windows system, you can use the UNIX conventions.

About this publication xi

xii Error Message Reference

Chapter 1. Tivoli Access Manager Base Messages

This chapter describes the messages provided by the Tivoli Access Manager Base.

HPDAC0153E Could not build ACL with the supplied ACL entries.

Explanation: An ACL entry failed the validity check. The Tivoli Access Manager policy servers error log file will contain an error status message indicating the reason for the failure.

Action: Review the Tivoli Access Manager policy servers error log to determine the reason that the ACL failed the validity check.

Name: ivacl_s_cant_build_acl

Number: 0x1005b099 (268808345)

Severity: Error

Component: acl / ivacl_s_general

HPDAC0178E Could not obtain local host name.

Explanation: The system library call to get the local host name failed.

Action: Ensure that the machine has a valid hostname.

Name: ivacl_s_hostname_failure

Number: 0x1005b0b2 (268808370)

Severity: Error


HPDAC0179E Unexpected exception caught.

Explanation: An unexpected exception was caught while registering an azn administration service with the Tivoli Access Manager policy server.

Action: Ensure that the Tivoli Access Manager policy server is running and that the client and server versions are compatible with each other.

Name: ivacl_s_unexpected_exception

Number: 0x1005b0b3 (268808371)

Severity: Error


HPDAC0180E The Tivoli Access Manager authorization server could not be started (0x%8.8lx).

Explanation: The Tivoli Access Manager authorization server encountered an error during initialization.

Action: See the accompanying status code, which gives more information about the failure.

Name: ivacl_s_could_not_start

Number: 0x1005b0b4 (268808372)

Severity: Fatal


HPDAC0450E There is no root ACL in the authorization policy database.

Explanation: See message.

Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the resource managers policy database, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_no_root_acl

Number: 0x1005b1c2 (268808642)

Severity: Error

Component: acl / ivacl_s_acldb

HPDAC0451E A protected object should have only one attached ACL (%s).



Name: ivacl_s_attached_acl

Number: 0x1005b1c3 (268808643)

Copyright IBM Corp. 2001, 2008 1

Severity: Error


HPDAC0452E An ACL that is attached to a protected object cannot be found in the policy database (%s,%s).



Name: ivacl_s_missing_acl

Number: 0x1005b1c4 (268808644)

Severity: Error


HPDAC0453E Authorization policy database version is incompatible with the server version (%ld,%ld) and will be automatically replaced.

Explanation: The authorization client application has detected an incompatible version of the policy database. The database is replaced automatically.

Action: No action is required.

Name: ivacl_s_incompatible_db

Number: 0x1005b1c5 (268808645)

Severity: Error


HPDAC0454E Could not initialize the authorization policy database (0x%8.8lx).

Explanation: An error occurred while attempting to access the authorization policy database. The authorization engine client was not initialized correctly.

Action: See the accompanying status code, which gives more information about failure.

Name: ivacl_s_authzn_db_init

Number: 0x1005b1c6 (268808646)

Severity: Error


HPDAC0455E The authorization policy database has not been initialized.

Explanation: An error occurred during application initialization and the authorization policy database was not initialized correctly.

Action: Review the Tivoli Access Manager base error log and look for error messages during initialization that might account for problems with the authorization policy database.

Name: ivacl_s_authzn_db_not_found

Number: 0x1005b1c7 (268808647)

Severity: Error


HPDAC0456E The ACL name specified was not found in the authorization policy database.


Action: Review the ACL name and ensure that the name is a valid ACL name and that it matches an ACL that exists in the authorization policy database.

Name: ivacl_s_acl_not_found

Number: 0x1005b1c8 (268808648)

Severity: Error


HPDAC0457E The protected object name is invalid.

Explanation: The protected object name is invalid. The name must begin with the / character. The name cannot contain carriage return or line-feed characters and it cannot contain two / characters in sequence.

Action: Review the protected object name and ensure that it adheres to the restrictions outlined in the message explanation.

Name: ivacl_s_invalid_pobj_name

Number: 0x1005b1c9 (268808649)

Severity: Error


HPDAC0458E The protected object name specified was not found in the authorization policy database.


Action: Review the protected object name and ensure that the name is a valid protected object name and that it matches an object that exists in the authorization policy database.

Name: ivacl_s_pobj_not_found

2 Error Message Reference

Number: 0x1005b1ca (268808650)

Severity: Error


HPDAC0459E The protected object space specified was not found in the authorization policy database.


Action: Review the protected object space name and ensure that the name is a valid protected object space name and that it matches an object space that exists in the authorization policy database.

Name: ivacl_s_pobjspace_not_found

Number: 0x1005b1cb (268808651)

Severity: Error


HPDAC0460E The protected object space specified already exists in the authorization policy database.


Action: Each protected object space name must be unique so choose a different name for the new protected object space.

Name: ivacl_s_pobjspace_already_exists

Number: 0x1005b1cc (268808652)

Severity: Error


HPDAC0461E The extended attribute specified was not found.


Action: Review the extended attributes on the target object and ensure that the extended attribute requested actually exists in the extended attribute list for this object.

Name: ivacl_s_extattr_not_found

Number: 0x1005b1cd (268808653)

Severity: Error


HPDAC0462E The extended attribute name specified is invalid.


Action: Review the extended attribute name to ensure that it is valid.

Name: ivacl_s_invalid_extattr_name

Number: 0x1005b1ce (268808654)

Severity: Error


HPDAC0463E There are no extended attributes associated with the specified protected object or authorization policy object.


Action: Define extended attributes for specified object or parent object if you want to perform extended attributes associated with the object.

Name: ivacl_s_extattrs_not_found

Number: 0x1005b1cf (268808655)

Severity: Error


HPDAC0464E A POP that is attached to a protected object cannot be found in the policy database (%s,%s).



Name: ivacl_s_missing_pop

Number: 0x1005b1d0 (268808656)

Severity: Error


HPDAC0465E A new action group could not be created because the count of action groups has reached the maximum permitted.


Action: If you want to create another action group, then you must first reduce the count of defined action groups. Review the list of defined action groups and remove those that are no longer required.

Name: ivacl_s_no_available_action_groups

Number: 0x1005b1d1 (268808657)

Chapter 1. Tivoli Access Manager Base Messages 3

Severity: Error


HPDAC0466E A new action could not be created because the count of actions has reached the maximum permitted.


Action: Before creating another action you must first reduce the count of defined actions. Review the list of defined actions and remove those that are no longer required.

Name: ivacl_s_no_available_actions

Number: 0x1005b1d2 (268808658)

Severity: Error


HPDAC0467E Unable to create the new action because the bitmask supplied is invalid.

Explanation: The bitmask must have only one of bits 0 to 31 set to be a valid action bitmask. Having multiple bits set or no bits at all is invalid.

Action: Review the specified action bitmask to ensure that at least one and only one action bit is set in the mask.

Name: ivacl_s_bad_action_bitmap

Number: 0x1005b1d3 (268808659)

Severity: Error


HPDAC0468E Unable to create new action group because an action group exists with the same name.


Action: You must choose a unique name for the new action group.

Name: ivacl_s_duplicate_action_group_ name

Number: 0x1005b1d4 (268808660)

Severity: Error


HPDAC0469E Unable to locate an action group with the name supplied.


Action: Review the action group name specified and ensure that it is a valid action group name and that the group exists.

Name: ivacl_s_action_group_name_not_ found

Number: 0x1005b1d5 (268808661)

Severity: Error


HPDAC0470E Unable to create the new action because an action exists with the same name.


Action: You must choose a unique action name for the new action.

Name: ivacl_s_duplicate_action_name

Number: 0x1005b1d6 (268808662)

Severity: Error


HPDAC0471E Action name contains invalid characters or too many characters.

Explanation: The action name specified is invalid. The name must not be NULL and can contain only one character from the set [a-zA-Z].

Action: Review the action name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrators Guide.

Name: ivacl_s_invalid_action_name

Number: 0x1005b1d7 (268808663)

Severity: Error


HPDAC0472E Action group name contains invalid characters.

Explanation: The action group name specified is invalid. The name must not be NULL and can contain only characters from the set [a-zA-Z0-9 +-_:].

Action: Review the action group name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrators Guide.

Name: ivacl_s_invalid_action_group_name

Number: 0x1005b1d8 (268808664)

Severity: Error


HPDAC0473E The primary action group cannot be deleted.



Name: ivacl_s_cant_delete_primary_group


Number: 0x1005b1d9 (268808665)

Severity: Error


HPDAC0474E A protected object should have only one rule attached (%s).



Name: ivacl_s_attached_rule

Number: 0x1005b1da (268808666)

Severity: Error


HPDAC0475E A rule that is attached to a protected object cannot be found in the policy database (%s,%s).



Name: ivacl_s_missing_rule

Number: 0x1005b1db (268808667)

Severity: Error


HPDAC0476E A protected object should have only one POP attached (%s).


Action: This is a severe error indicating integrity problems with the policy database. If the problem occurs with the Tivoli Access Manager authorization

server or with a Tivoli Access Manager resource manager application, then stop the resource manager, remove the policy database of the resource manager, and start the resource manager again. If the problem occurs with the Tivoli Access Manager policy server, then stop the policy server, restore a known good version of the master policy database, and then start the Tivoli Access Manager servers again. If the problem persists then contact your IBM service representative.

Name: ivacl_s_attached_pop

Number: 0x1005b1dc (268808668)

Severity: Error


HPDAC0477I No local extended attributes were found for protected object (%s).

Explanation: The specified protected object does not have extended attributes defined at the object.

Action: Define extended attributes for the specified protected object if you want extended attributes defined locally at the object.

Name: ivacl_s_extattrs_not_found_local

Number: 0x1005b1dd (268808669)

Severity: Notice


HPDAC0478I No effective or local extended attributes were found for protected object (%s).

Explanation: When extended attributes are used they are defined for specific protected objects. When there are no extended attributes defined for a specific protected object, effective extended attributes are used if they are defined. Effective extended attributes are extended attributes inherited from the fist parent protected object that has extended attributes defined.

Action: Define extended attributes for the specified protected object or for a parent protected object if you want extended attributes for the object or effective extended attributes inherited from a parent protected object.

Name: ivacl_s_extattrs_not_found_ effective

Number: 0x1005b1de (268808670)

Severity: Notice



HPDAC0750E Invalid ACL name.

Explanation: The ACL name received was invalid. The ACL name contained illegal characters or was NULL.

Action: Review the ACL name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrators Guide.

Name: ivacl_s_invalid_acl_name

Number: 0x1005b2ee (268808942)

Severity: Error

Component: acl / ivacl_s_mgmt

HPDAC0751E Invalid protected object name.

Explanation: The protected object name received was invalid. The protected object name contained illegal characters or was NULL.

Action: Review the protected object name and ensure that it conforms to the criteria specified in the Tivoli Access Manager Base Administrators Guide.

Name: ivacl_s_invalid_object_name

Number: 0x1005b2ef (268808943)

Severity: Error


HPDAC0752E The requested object was not found.


Action: Review the object name and ensure that it is valid and that it actually exists.

Name: ivacl_s_object_not_found

Number: 0x1005b2f0 (268808944)

Severity: Error


HPDAC0753E The ACL action specified could not be mapped.

Explanation: There is no mapping for this ACL action in the policy database.

Action: Review the ACL name and ensure that it is valid and refers to an existing ACL action in the policy database.

Name: ivacl_s_unknown_action

Number: 0x1005b2f1 (268808945)

Severity: Error


HPDAC0754E Privacy or data integrity quality of protection cannot be specified in the unauthenticated entry.

Explanation: Quality of protection cannot be enforced by the authorization client runtime for unauthenticated users.


Name: ivacl_s_cant_have_unauth_qop

Number: 0x1005b2f2 (268808946)

Severity: Error


HPDAC0755E The ACL has an unauthenticated entry but there is no any-other entry. The any-other entry must be at least as permissive as unauthenticated.


Action: Add an any-other entry to the ACL with permissions at least equal to those of the unauthenticated user.

Name: ivacl_s_missing_any_other_entry

Number: 0x1005b2f3 (268808947)

Severity: Error


HPDAC0756E The any-other entry is missing actions from the unauthenticated entry. The any-other entry must be at least as permissive as unauthenticated.


Action: Ensure that the permissions in the ACL for the any-other entry are at least equal to those of the unauthenticated entry.

Name: ivacl_s_missing_any_other_perms

Number: 0x1005b2f4 (268808948)

Severity: Error


HPDAC0757E An entry in the ACL is missing some actions granted by the unauthenticated entry. Users can bypass an explicit action revocation if allowed by the unauthenticated entry.


Action: Review the ACL and ensure that the unauthenticated entry does not have the permission to perform actions that other authenticated entries cannot. The permissions of the unauthenticated entry should be


the most restrictive in the secure domain.

Name: ivacl_s_missing_entry_perms

Number: 0x1005b2f5 (268808949)

Severity: Error


HPDAC0758E An entry in the ACL that grants control does not also grant traverse.

Explanation: To have the control permission the user must also be able to traverse.

Action: Ensure that entries with the control permission also have the traverse permission.

Name: ivacl_s_control_entry_has_no_ traverse

Number: 0x1005b2f6 (268808950)

Severity: Error


HPDAC0759E No entry in the ACL grants control permission.

Explanation: At least one entry in the ACL must have the control permission. Otherwise the ACL cannot be modified or deleted.

Action: Add the control permission to at least one of the ACL entries. An administrative user is the most suitable candidate because control permission will authorize the user to modify and delete the ACL.

Name: ivacl_s_no_control_entry

Number: 0x1005b2f7 (268808951)

Severity: Error


HPDAC0760E The user is revoking the control permission for itself on this ACL.

Explanation: If the current user removes the control permission from its own ACL entry, that user can no longer modify or delete the object. If the user were the only user with control permission then the ACL can no longer be modified or deleted. To avoid losing control over the ACL, it is more prudent to have another user who has control permission remove the control permission on behalf of the current user.

Action: Login as another user who has the control permission for this ACL and have that user remove the control permission on behalf of the current user.

Name: ivacl_s_self_cannot_control

Number: 0x1005b2f8 (268808952)

Severity: Error


HPDAC0766E The ACL cannot be detached from the root protected object. Try replacing the attached ACL instead.


Action: Modify or even replace the root ACL with an ACL of the desired configuration.

Name: ivacl_s_cant_detach_from_root

Number: 0x1005b2fe (268808958)

Severity: Error


HPDAC0767E Core ACL actions cannot be deleted.



Name: ivacl_s_cant_delete_core_action

Number: 0x1005b2ff (268808959)

Severity: Error


HPDAC0768E The ACL action name already exists.


Action: Choose a unique action name for the new action.

Name: ivacl_s_action_exists

Number: 0x1005b300 (268808960)

Severity: Error


HPDAC0769E Too many ACL actions are already defined.

Explanation: Only 32 actions bits can be defined and this limit has been reached.

Action: An ACL action must be deleted before a new action can be created.

Name: ivacl_s_too_many_actions

Number: 0x1005b301 (268808961)

Severity: Error



HPDAC0771E The user registry client is unavailable.

Explanation: The authorization client was unable to contact the user registry. The user registry client may not be configured correctly.

Action: Refer to the Installation Guide for your chosen platform and ensure that the correct user registry has been specified and that the configuration steps succeeded. Also ensure that the user registry is running and can be contacted from the client machine. The Tivoli Access Manager Problem Determination Guide contains instructions on how to ensure that the user registry is configured correctly and is operational.

Name: ivacl_s_registry_client_unavailable_

Number: 0x1005b303 (268808963)

Severity: Error


HPDAC0772E The LDAP user registry client returned an error status for the specified DN.

Explanation: The LDAP client returned an error status because the DN was invalid or there are multiples of the same DN.

Action: Ensure that the specified DN exists in the user registry and is valid and that the DN is unique.

Name: ivacl_s_registry_client_bad_ ldap_dn

Number: 0x1005b304 (268808964)

Severity: Error


HPDAC0773E The LDAP user registry client returned an unexpected failure status.

Explanation: The LDAP user registry client returned an error code that was unexpected or unknown to Tivoli Access Manager.

Action: Ensure that the LDAP registry server and local registry client runtime are correctly installed and operational then try the procedure again. The Tivoli Access Manager Problem Determination Guide contains instructions on how to ensure that the user registry is configured correctly and is operational. If the problem persists then contact your IBM service representative.

Name: ivacl_s_registry_client_error

Number: 0x1005b305 (268808965)

Severity: Error


HPDAC0776E The DN specified was not found in the registry.

Explanation: The specified DN was not found in the user registry.

Action: Ensure that the DN specified exists in the user registry and is valid.

Name: ivacl_s_registry_client_dn_ not_found

Number: 0x1005b308 (268808968)

Severity: Error


HPDAC0777E LDAP Registry client returned a memory error.

Explanation: The LDAP registry client encountered a memory error.

Action: Ensure that the affected process has been configured with sufficient virtual memory for its requirements. The Tivoli Access Manager Performance Tuning Guide contains instructions on how to ensure that the application is configured with the correct amount of virtual memory. Stop and restart the process. If the problem persists then contact your IBM service representative.

Name: ivacl_s_registry_client_memory_ error

Number: 0x1005b309 (268808969)

Severity: Error


HPDAC0778E The specified users account is set to invalid.

Explanation: When an account is created in the user registry, the user account must also be marked as valid.

Action: Start the administration console or command-line administration tool and set the user account to be valid with the user modify command.

Name: ivacl_s_account_set_invalid

Number: 0x1005b30a (268808970)

Severity: Error


HPDAC0779E The LDAP registry server is down.

Explanation: The LDAP registry server is not running.

Action: Ensure that the LDAP registry server is running and that the LDAP client has been correctly configured to communicate with the server. The Tivoli Access Manager Problem Determination Guide contains instructions on how to ensure that the user registry is configured correctly and is operational.


Name: ivacl_s_registry_server_down

Number: 0x1005b30b (268808971)

Severity: Error


HPDAC0780E A valid action group is specified, but no action is specified.

Explanation: The permission string contains a valid action group, but no action within this group is specified. Therefore, an authorization check cannot be performed.

Action: Ensure that a valid action for the specified action group was provided.

Name: ivacl_s_no_action_specified

Number: 0x1005b30c (268808972)

Severity: Error


HPDAC0901E The Authorization service is already initialized.

Explanation: You cannot reinitialize the authorization service once it has been initialized. The azn_shutdown() interface must be called before the aznAPI client can be initialized again.

Action: Review your aznAPI application and ensure that the azn_initialize() interface is called only once during the execution of the program.

Name: ivacl_s_already_initialized

Number: 0x1005b385 (268809093)

Severity: Error

Component: acl / ivacl_s_client

HPDAC0902E There was no authorization client listener port specified.

Explanation: The authorization client requires a TCP port to listen for authorization policy updates and azn admin service requests.

Action: Ensure that you have specified a listening port for the authorization client in the aznAPI client configuration file or by using programmatic aznAPI initialization attributes.

Name: ivacl_s_no_rpc_port

Number: 0x1005b386 (268809094)

Severity: Error


HPDAC0906E An invalid parameter was supplied to the API function.

Explanation: A parameter supplied to the API function was NULL or outside the range of valid values.

Action: Ensure that the API function call parameters supplied meet the criteria defined for the API interface in the Tivoli Access Manager Authorization C API Developers Reference. If the problem persists then contact your IBM service representative.

Name: ivacl_s_bad_param

Number: 0x1005b38a (268809098)

Severity: Error


HPDAC0909E An unspecified implementation dependent error has occurred.

Explanation: A minor error could not be mapped to a known message catalog category. The minor error might be returned by an authorization service plug-in without first being encoded using azn_util_errcode(). Another reason this occurs is that an authorization clients message catalogs might not be synchronized with those of the Tivoli Access Manager authorization server.

Action: If you have loaded a custom authorization service plug-in then ensure that the plug-in returns the appropriate azn_status_t error codes from its exported interfaces. If this is not the case, then the authorization clients message catalogs might not be synchronized with those of the server. Upgrade the Tivoli Access Manager Runtime package to the same level as the server.

Name: ivacl_s_unknown_minor_code

Number: 0x1005b38d (268809101)

Severity: Error


HPDAC0910E An invalid policy cache mode value was specified.


Action: Ensure that the specified policy cache mode is a valid mode from the set of modes defined in the Tivoli Access Manager Authorization C API Developers Reference.

Name: ivacl_s_invalid_init_mode

Number: 0x1005b38e (268809102)

Severity: Error



HPDAC0912E An invalid database file path value was specified.


Action: Ensure that the specified database file path is valid.

Name: ivacl_s_invalid_init_db_file

Number: 0x1005b390 (268809104)

Severity: Error


HPDAC0914E An invalid policy cache refresh interval value was specified.


Action: Ensure that the policy cache refresh interval specified is within the range of valid values specified in the Tivoli Access Manager Authorization C API Developers Reference.

Name: ivacl_s_invalid_init_cache_ refresh_interval

Number: 0x1005b392 (268809106)

Severity: Error


HPDAC0915E An invalid listen flags value was specified.

Explanation: The listen flags can be set to either enable or disable.

Action: Ensure that the listen flags configuration parameter is set to either enable or disable.

Name: ivacl_s_invalid_init_listen_flags

Number: 0x1005b393 (268809107)

Severity: Error


HPDAC0919E An invalid LDAP host name was specified.


Action: Ensure that the LDAP host name specified is valid.

Name: ivacl_s_invalid_init_ldap_host

Number: 0x1005b397 (268809111)

Severity: Error


HPDAC0920E An invalid LDAP host port was specified.


Action: Ensure that the LDAP server port specified is valid.

Name: ivacl_s_invalid_init_ldap_port

Number: 0x1005b398 (268809112)

Severity: Error


HPDAC0923E An invalid LDAP server SSL keyfile was specified.

Explanation: The SSL keyfile could not be found, is invalid or has inappropriate access permissions.

Action: Ensure that the path to the LDAP server SSL keyfile is correct that the file exists, is valid and has the appropriate access permissions.

Name: ivacl_s_invalid_init_ldap_ssl_ keyfile

Number: 0x1005b39b (268809115)

Severity: Error


HPDAC0924E An invalid LDAP server SSL keyfile DN was specified.


Action: Ensure that the specified DN for the LDAP server SSL keyfile is correct.

Name: ivacl_s_invalid_init_ldap_ssl_ keyfile_dn

Number: 0x1005b39c (268809116)

Severity: Error


HPDAC0925E An invalid LDAP server SSL keyfile password was specified.


Action: Ensure that the specified password for the LDAP server SSL keyfile is correct.

Name: ivacl_s_invalid_init_ldap_ssl_ keyfile_pwd

Number: 0x1005b39d (268809117)

Severity: Error



HPDAC0926E One or more of the LDAP server values was not specified.

Explanation: To configure an LDAP registry server you must at least specify the server host name, the port on which to connect to the server, the DN with which to bind to the server and the password for that DN. One of these values was not specified in the configuration settings.

Action: Ensure that you have specified the LDAP registry server name, request port, bind DN, and bind DN password in the aznAPI client configuration settings.

Name: ivacl_s_invalid_init_ldap_server_ config

Number: 0x1005b39e (268809118)

Severity: Error


HPDAC0928E The attempt to initialize the LDAP registry failed.

Explanation: This failure can occur when the LDAP registry server configuration settings are incorrect or when the Tivoli Access Manager runtime is incorrectly configured for a registry type other than LDAP.

Action: Ensure that you have correctly configured the Tivoli Access Manager Runtime package to use an LDAP user registry. The current user registry setting can be determined by looking at the user-reg-type entry in the [pdrte] stanza of the etc/pd.conf file in the Tivoli Access Manager install directory. If the runtime is configured incorrectly, you will need to unconfigure all packages and reconfigure the machine again. If the runtime has been correctly configured, then ensure that the configuration parameters specified for the LDAP registry server are correct.

Name: ivacl_s_init_ldap_unreachable

Number: 0x1005b3a0 (268809120)

Severity: Error


HPDAC0930E A memory allocation call failed.

Explanation: In most cases this error due to the aznAPI application program running out of memory.

Action: Ensure that the application has been configured with sufficient virtual memory for its requirements. The Tivoli Access Manager Performance Tuning Guide contains instructions on how to ensure that the application is configured with the correct amount of virtual memory. Stop and restart the process. If the problem persists then contact your IBM service representative.

Name: ivacl_s_out_of_memory

Number: 0x1005b3a2 (268809122)

Severity: Error


HPDAC0931E Unable to configure LDAP replica server.

Explanation: The replica is either misconfigured or there are too many replicas configured.

Action: Ensure that the replica LDAP server configuration settings are valid and refer to an operational replica of the master LDAP server. Also ensure that you have not registered more LDAP replicas than that allowed by the LDAP registry implementation.

Name: ivacl_s_init_ldap_replica_error

Number: 0x1005b3a3 (268809123)

Severity: Error


HPDAC0932E An invalid LDAP bind user DN was specified.


Action: Ensure that the LDAP bind user DN specified is valid.

Name: ivacl_s_invalid_init_ldap_bind_dn

Number: 0x1005b3a4 (268809124)

Severity: Error


HPDAC0933E The password for the LDAP bind user was invalid.


Action: Ensure that the LDAP bind user password specified is valid.

Name: ivacl_s_invalid_init_ldap_bind_pwd

Number: 0x1005b3a5 (268809125)

Severity: Error


HPDAC0934E An invalid configuration file path was specified.


Action: Ensure that the path to the configuration file that was specified is valid.

Name: ivacl_s_invalid_init_cfg_file

Number: 0x1005b3a6 (268809126)


Severity: Error


HPDAC0935E An error occurred loading the aznAPI configuration file.


Action: Review the aznAPI configuration file used to initialize the application and ensure that it is a valid stanza format file and that the entries conform to stanza format syntax.

Name: ivacl_s_config_load_failed

Number: 0x1005b3a7 (268809127)

Severity: Error


HPDAC0936E An error occurred loading the configuration file specified as the parameter to ldap-server-config in the aznAPI config file.


Action: Review the respective aznAPI configuration file and ensure that it is a valid stanza format file and that the entries conform to stanza format syntax.

Name: ivacl_s_ldap_config_load_failed

Number: 0x1005b3a8 (268809128)

Severity: Error


HPDAC0937E An invalid maximum search size was specified.

Explanation: The specified maximum search size could not be converted to an integer number or is zero.

Action: Ensure that the value specified for maximum search size is a valid integer value in the range specified in the LDAP registry server documentation and is not zero.

Name: ivacl_s_invalid_init_ldap_max_ search_size

Number: 0x1005b3a9 (268809129)

Severity: Error


HPDAC0940E An invalid attribute value was specified for the azn_init_set_perminfo_attrs attribute.


Action: Ensure that the value specified for the azn_init_set_perminfo_attrs initialization attribute is a

text string consisting of one or more valid aznAPI attribute names separated by spaces.

Name: ivacl_s_invalid_init_perminfo_ attrs

Number: 0x1005b3ac (268809132)

Severity: Error


HPDAC0941E Too many permission information attributes were specified with the azn_init_set_perminfo_attrs attribute.

Explanation: The maximum number of permission info attributes that can be returned from an azn_decision_access_allowed_ext() call is 32.

Action: Review the list of permission information attributes that you have specified in the azn_init_set_perminfo_attrs attribute and ensure that the count of attributes is no greater than 32.

Name: ivacl_s_invalid_init_perminfo_ count

Number: 0x1005b3ad (268809133)

Severity: Error


HPDAC0943E An invalid trace configuration parameter was specified: %s.

Explanation: Either the application configuration file contains an invalid trace configuration item in the [aznapi-configuration] stanza or the application is passing an invalid value for the azn_init_trace programmatic initialization attribute. The value considered invalid is shown in the error message.

Action: Correct the value of the trace configuration parameter in the configuration file or the application as appropriate.

Name: ivacl_s_invalid_init_trace

Number: 0x1005b3af (268809135)

Severity: Error


HPDAC0944E An invalid statistics configuration parameter was specified: %s.

Explanation: Either the application configuration file contains an invalid stats configuration item in the [aznapi-configuration] stanza or the application is passing an invalid value for the azn_init_stats azn_initialize parameter. The value considered invalid is shown in the error message.

Action: Correct the value of the stats configuration parameter in the configuration file or the application as appropriate.


Name: ivacl_s_invalid_init_stats

Number: 0x1005b3b0 (268809136)

Severity: Error


HPDAC0945E The value specified for the timeout parameter in the [ldap] stanza is invalid: %s.

Explanation: Either the application configuration file contains an invalid timeout configuration value in the [ldap] stanza or the application is passing an invalid value for the azn_init_ldap_timeout azn_initialize parameter. The value considered invalid is shown in the error message.

Action: Correct the value of the timeout parameter in the [ldap] stanza. It must be a non-negative integer.

Name: ivacl_s_invalid_init_ldap_timeout

Number: 0x1005b3b1 (268809137)

Severity: Error


HPDAC0946E The value specified for the authn-timeout parameter in the [ldap] stanza is invalid: %s.

Explanation: Either the application configuration file contains an invalid authn-timeout configuration value in the [ldap] stanza or the application is passing an invalid value for the azn_init_ldap_authn_timeout azn_initialize parameter. The value considered invalid is shown in the error message.

Action: Correct the value of the authn-timeout parameter in the [ldap] stanza. It must be a non-negative integer.

Name: ivacl_s_invalid_init_ldap_authn_ timeout

Number: 0x1005b3b2 (268809138)

Severity: Error


HPDAC0947E The value specified for the search-timeout parameter in the [ldap] stanza is invalid: %s.

Explanation: Either the application configuration file contains an invalid search-timeout configuration item in the [ldap] stanza or the application is passing an invalid value for the azn_init_ldap_search_timeout azn_initialize parameter. The value considered invalid is shown in the error message.

Action: Correct the value of the search-timeout parameter in the [ldap] stanza. It must be a non-negative integer.

Name: ivacl_s_invalid_init_ldap_search_ timeout

Number: 0x1005b3b3 (268809139)

Severity: Error


HPDAC0948E Validation of the rule text for the rule object failed. Refer to the error log for more information about the failure.

Explanation: The rule text of the rule policy is not valid.

Action: Review the rule text for the rule policy named in the error log and correct any errors.

Name: ivacl_s_xsl_rule_validation_failed

Number: 0x1005b3b4 (268809140)

Severity: Error

Component: acl / ivacl_s_authzn

HPDAC0949E Validation of the rule text for rule object %s failed. Error code 0x%x was returned along with error message %s.

Explanation: The rule text of the rule policy is not valid.


Name: ivacl_s_xsl_rule_validation_ failed_detail

Number: 0x1005b3b5 (268809141)

Severity: Error


HPDAC0950E An ADI container name was found in multiple places in the input from the application. Refer to the error log for more information about the failure.

Explanation: The same piece of access decision information cannot be provided to the rules evaluator from two different sources as this indicates that one piece of data may not be valid or is incorrectly named. Container names must be unique across data sources.

Action: Review your system configuration to ensure that only one of either the application context or user credentials is the source for the piece of ADI named in the error log.

Name: ivacl_s_duplicate_container_ names_found

Number: 0x1005b3b6 (268809142)

Severity: Error



HPDAC0951E The ADI container name %s was found in multiple places in the input from the application.

Explanation: The same piece of access decision information cannot be provided to the rules evaluator from two different sources as this indicates that one piece of data may not be valid or is incorrectly named. Container names must be unique across data sources.

Action: Review your system configuration to ensure that only one of either the application context or user credentials is the source for the piece of ADI named in the error log.

Name: ivacl_s_duplicate_container_ names_found_detail

Number: 0x1005b3b7 (268809143)

Severity: Error


HPDAC0952E The XSL processor failed to evaluate the rule object. Refer to the error log for more information about the failure.

Explanation: The rule text of the rule policy named in the error log is not valid and caused an error condition in the XSL processor.

Action: Review the rule text for the rule policy object named in the error log and correct any errors.

Name: ivacl_s_xsl_rule_processing_failed

Number: 0x1005b3b8 (268809144)

Severity: Error


HPDAC0953E The XSL processor failed to evaluate the rule object %s. Error code 0x%x was returned along with error message %s.

Explanation: The rule text of the rule policy named in the error log is not valid and caused an error condition in the XSL processor.

Action: Review the rule text for the rule policy object named in the error log and correct any errors.

Name: ivacl_s_xsl_rule_processing_ failed_detail

Number: 0x1005b3b9 (268809145)

Severity: Error


HPDAC0954E The rule object was not evaluated because there was insufficient access decision information provided in the application context and credential attributes.

Explanation: To evaluate a rule, the authorization engine must have all of the ADI referenced in the rule text available at evaluation time. If any items of data are missing then the rule cannot be evaluated.

Action: Review the rule text for the rule policy object named in the error log and ensure that all of the items of data listed in the error message are provided to the access decision call.

Name: ivacl_s_insufficient_input_ adi_provided

Number: 0x1005b3ba (268809146)

Severity: Error


HPDAC0955E Rule object %s was not evaluated because there was insufficient access decision information provided to the access decision call. Missing ADI items include: %s.

Explanation: To evaluate a rule the authorization engine must have all of the ADI referenced in the rule text available at evaluation time. If any items of data are missing then the rule cannot be evaluated.

Action: Review the rule text for the rule policy object named in the error log and ensure that all of the items of data listed in the error message are provided to the access decision call.

Name: ivacl_s_insufficient_input_ adi_provided_detail

Number: 0x1005b3bb (268809147)

Severity: Error


HPDAC0956E The rule text is invalid because the template match statement does not match one of the minimum required paths of /XMLADI or XMLADI.

Explanation: Input data is supplied to the rules evaluator within a top-level element XMLADI. To match any data item within the XML document the template match statement must match either the XPath /XMLADI or XMLADI. Matching paths above this point in the path is not valid.

Action: Review the rule text for the rule policy object and change the template match statement to include one of /XMLADI or XMLADI.

Name: ivacl_s_xsl_rule_illegal_template_ match

Number: 0x1005b3bc (268809148)


Severity: Error


HPDAC0957E The rule %s is invalid because the template match statement does not match one of the minimum required paths of /XMLADI or XMLADI.

Explanation: Input data is supplied to the rules evaluator witin a top-level element XMLADI. To match any data item within the XML document the template match statement must match either the XPath /XMLADI or XMLADI. Matching paths above this point in the path is not valid.

Action: Review the rule text for the rule policy object named in the error log and change the template match statement to include one of /XMLADI or XMLADI.

Name: ivacl_s_xsl_rule_illegal_template_ match_detail

Number: 0x1005b3bd (268809149)

Severity: Error


HPDAC0958E The rule was found to have no identifiable ADI to use when evaluating the rule.

Explanation: The validation of the rule text of the rule policy named in the error log failed because there was no ADI identified in the rule text. ADI consists of the variables used in a rule to make comparisons against. A rule with no variables, for example a rule that is comparing static data, is invalid.

Action: Review the rule text for the rule policy and correct any errors.

Name: ivacl_s_rule_has_no_adi

Number: 0x1005b3be (268809150)

Severity: Error


HPDAC0959E Rule %s was found to have no identifiable ADI to use when evaluating the rule.

Explanation: The validation of the rule text of the rule policy named in the error log failed because there was no ADI identified in the rule text. ADI consists of the variables used in a rule to make comparisons against. A rule with no variables, for example a rule that is comparing static data, is invalid.


Name: ivacl_s_rule_has_no_adi_detail

Number: 0x1005b3bf (268809151)

Severity: Error


HPDAC0960E The rule has a null entry in the compiled rules cache.

Explanation: The validation of the rule text of the rule policy named in the error log failed and the rule could not be cached in the local client.

Action: Review the rule text for the rule policy and correct any errors.

Name: ivacl_s_rule_null_in_rule_cache

Number: 0x1005b3c0 (268809152)

Severity: Error


HPDAC0961E Rule %s has a null entry in the compiled rules cache.

Explanation: The validation of the rule text of the rule policy named in the error log failed and the rule could not be cached in the local client.


Name: ivacl_s_rule_null_in_rule_cache_ detail

Number: 0x1005b3c1 (268809153)

Severity: Error


HPDAC0962E The XSL prolog entry specifies an XSL output method other than text, which is an invalid processor setting for rules evaluation.

Explanation: The output of any rule evaluation must be plain text so setting any other output method in the XSL prolog entry for the rules evaluator is invalid.

Action: Review the XSL prolog entry in the applications configuration file and ensure that the output method is text.

Name: ivacl_s_non_text_xsl_output_ illegal

Number: 0x1005b3c2 (268809154)

Severity: Error


HPDAC0963E The XSL prolog asks the XSL processor to generate an XML declaration in the output from a rule evaluation. This setting is invalid.

Explanation: The output of any rule evaluation must be minimal plain text so including an XML declaration


in the text output is invalid.

Action: This is an invalid processor setting for rules evaluation. Review the XSL prolog entry in the applications configuration file and ensure that the omit-xml-declaration setting in the output method is yes.

Name: ivacl_s_xsl_output_has_xml_decl

Number: 0x1005b3c3 (268809155)

Severity: Error


HPDAC0964E The method of output encoding specified for the XSL processor is invalid for the purposes of rule evaluation.

Explanation: The encoding for XSL output specified in the XSL prolog configuration entry must be UTF-8.

Action: Review the XSL prolog entry in the applications configuration file and ensure that the output encoding is UTF-8.

Name: ivacl_s_invalid_xsl_output_ encoding

Number: 0x1005b3c4 (268809156)

Severity: Error


HPDAC0965E The parsing of the compiled XSL rule returned an invalid element pointer.

Explanation: An internal XSL rule parsing error has occurred.

Action: Review the rule text for the rule attached to the target object and ensure that it is valid XSL and conforms to Tivoli Access Manager requirements.

Name: ivacl_s_xsl_elem_parse_failure

Number: 0x1005b3c5 (268809157)

Severity: Error


HPDAC0966E The parsing of the compiled XSL rule returned an invalid template match string pointer.


Action: Review the rule text for the rule attached to the target object and ensure that it is valid XSL and conforms to Tivoli Access Manager template match statement requirements.

Name: ivacl_s_xsl_template_match_ parse_invalid

Number: 0x1005b3c6 (268809158)

Severity: Error


HPDAC0967E An invalid XSL operation was encountered while parsing the compiled XSL rule.


Action: Review the rule text for the rule attached to the target object and ensure that it is valid XSL and conforms to Tivoli Access Manager requirements.

Name: ivacl_s_xsl_invalid_compiled_ opcode_found

Number: 0x1005b3c7 (268809159)

Severity: Error

Documents

T l Access Manager Global Security Kit Tivoli Access Manager provides data encryption through the use of the Global Security Kit (GSKit) version 7.0. GSKit is included on the IBM Tivoli