Hi,

I have a IdM 4.02 installation running an AD driver. It's using a 4.02
remote loader on Windows 2008 R2.

It was working fine, until we noticed some accounts had all their
attributes stripped. Even new account are being created without 99% of
their attributes.

In the trace we see that the rules/filters let the attributes go to
the remote loader, but when the shim goes to write to LDAP, doesn't
write most of the values.

Here is a level 5 remote loader trace.

Any ideas?

Thanks> Eric.


Code:
--------------------

<add cached-time="20130408164716.963Z" class-name="user" dest-dn="CN=testad,DC=Domain" event-id="SERVER#20130408164716#7#2:49971645-f8f2-459d-66b0-45169749f2f8" qualified-src-dn="O=CBCSRC\OU=USERS\OU=ACTIVE\CN=testad" src-dn="\TREE\testad" src-entry-id="54405" timestamp="1365439635#5">
<add-attr attr-name="carLicense">
<value timestamp="1365439627#14" type="state">false</value>
</add-attr>
<add-attr attr-name="displayName">
<value timestamp="1365439627#11" type="string">AD TEST</value>
</add-attr>
<add-attr attr-name="givenName">
<value timestamp="1365439627#20" type="string">AD</value>
</add-attr>
<add-attr attr-name="mail">
<value timestamp="1365439635#5" type="string">AD.TEST@email.com</value>
</add-attr>
<add-attr attr-name="physicalDeliveryOfficeName">
<value timestamp="1365439627#10" type="string">TORONTO</value>
</add-attr>
<add-attr attr-name="preferredLanguage">
<value timestamp="1365439627#5" type="structured">
<component name="string">English</component>
</value>
</add-attr>
<add-attr attr-name="accountExpires">
<value type="octet">130115547600000000</value>
</add-attr>
<add-attr attr-name="manager">
<value association-ref="2b1e76b78c7b6e4fbbea7b3597877e73" timestamp="1365439627#6" type="dn">\TREE\VEYSEYE</value>
</add-attr>
<add-attr attr-name="department">
<value timestamp="1365439627#8" type="string">A&amp;E (ARTS &amp; ENTERTAINMENT)</value>
</add-attr>
<add-attr attr-name="sn">

DirXML: [04/08/13 12:47:17.54]: <value timestamp="1365439627#16" type="string">TEST</value>
</add-attr>
<add-attr attr-name="title">
<value timestamp="1365439627#19" type="string">test</value>
</add-attr>
<add-attr attr-name="userPrincipalName">
<value type="string">testad@domain</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value type="string">testad</value>
</add-attr>
<add-attr attr-name="dirxml-uACAccountDisable">
<value type="string">false</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
DirXML: [04/08/13 12:47:17.54]: ADDriver: parse command

className user
destDN CN=testad,DC=Domain
eventId SERVER#20130408164716#7#2:49971645-f8f2-459d-66b0-45169749f2f8
association
DirXML: [04/08/13 12:47:17.54]: ADDriver: MadCommandAdd:nCommand
DirXML: [04/08/13 12:47:17.54]: ADDriver: MadCommandAdd::insertXdsAttributes()
DirXML: [04/08/13 12:47:17.54]: ADDriver: carLicense
DirXML: [04/08/13 12:47:17.54]: ADDriver: displayName
DirXML: [04/08/13 12:47:17.56]: ADDriver: givenName
DirXML: [04/08/13 12:47:17.56]: ADDriver: mail
DirXML: [04/08/13 12:47:17.56]: ADDriver: physicalDeliveryOfficeName
DirXML: [04/08/13 12:47:17.56]: ADDriver: preferredLanguage
DirXML: [04/08/13 12:47:17.56]: ADDriver: accountExpires
DirXML: [04/08/13 12:47:17.56]: ADDriver: manager
DirXML: [04/08/13 12:47:17.56]: ADDriver: department
DirXML: [04/08/13 12:47:17.56]: ADDriver: sn
DirXML: [04/08/13 12:47:17.57]: ADDriver: title
DirXML: [04/08/13 12:47:17.57]: ADDriver: userPrincipalName
DirXML: [04/08/13 12:47:17.57]: ADDriver: sAMAccountName
DirXML: [04/08/13 12:47:17.57]: ADDriver: dirxml-uACAccountDisable
DirXML: [04/08/13 12:47:17.57]: ADDriver: Add user CN=testad,DC=Domain
LDAPMod operations:
add attribute objectClass
>> user

add attribute objectCategory
>> CN=Person,CN=Schema,CN=Configuration,DC=in,DC=doma in

add attribute accountExpires
>> 130115547600000000

add attribute manager
>> CN=VEYSEYE,OU=OTT,OU=ONT,OU=Identity Management Accounts,DC=media,DC=in,DC=domain

DirXML: [04/08/13 12:47:17.62]: ADDriver: change password: old=(none), new=***
DirXML: [04/08/13 12:47:17.70]: ADDriver: password change complete
DirXML: [04/08/13 12:47:17.70]: ADDriver: set userAccountControl returns 0x0000
DirXML: [04/08/13 12:47:17.70]: Loader: subscriptionShim->execute() returned:
DirXML: [04/08/13 12:47:17.70]: Loader: XML Document:
DirXML: [04/08/13 12:47:17.70]: <nds ndsversion="8.7" dtdversion="1.1">


--------------------


--
EricVeysey
------------------------------------------------------------------------
EricVeysey's Profile: https://forums.netiq.com/member.php?userid=493
View this thread: https://forums.netiq.com/showthread.php?t=47513