Hi,

Not sure if we are doing this the right way but this is what the
customer requested so.. :-)

They have a working IDM <-->AD driver provisioning users from IDM.
Many users have Exchange but even more have Google Mail.

Now they wanted me to create contact objects for all those Google users,
no problem with the new powershell possibilities in the AD driver.
Problem is that all of a sudden those users have two accounts, one
normal for logging in and one just for being displayed in the address
book.

I then have to add a few rules to modify the names etc. if they are
changed in IDM so the contact object is also changed.
This object does not have an association and the modify will not go
through.
Ldap modify works.

Do I have to inject an association or what is the problem?

This is the RL trace of a change of Full Name where the User works but
not the contact:

Code:
--------------------
DirXML: [09/18/13 14:58:32.05]: ADDriver: parse command

className user
destDN
eventId IDM01-NDS#20130918125833#3#1:b58c53e0-75ac-4b69-ab22-471bd3b747f7
association 7027687f5ce0bd4db1d9db3a983e78c6
DirXML: [09/18/13 14:58:32.05]: ADDriver: parse modify class = user
DirXML: [09/18/13 14:58:32.05]: ADDriver: association
DirXML: [09/18/13 14:58:32.05]: ADDriver: 7027687f5ce0bd4db1d9db3a983e78c6
DirXML: [09/18/13 14:58:32.05]: ADDriver: modify-attr
DirXML: [09/18/13 14:58:32.05]: ADDriver: remove-value
DirXML: [09/18/13 14:58:32.05]: ADDriver: value
DirXML: [09/18/13 14:58:32.05]: ADDriver: First LoukaLast
DirXML: [09/18/13 14:58:32.05]: ADDriver: add-value
DirXML: [09/18/13 14:58:32.05]: ADDriver: value
DirXML: [09/18/13 14:58:32.05]: ADDriver: First Last1
DirXML: [09/18/13 14:58:32.05]: ADDriver: modify-attr
DirXML: [09/18/13 14:58:32.05]: ADDriver: remove-all-values
DirXML: [09/18/13 14:58:32.05]: ADDriver: add-value
DirXML: [09/18/13 14:58:32.05]: ADDriver: value
DirXML: [09/18/13 14:58:32.05]: ADDriver: false
DirXML: [09/18/13 14:58:32.05]: ADDriver: modify-attr
DirXML: [09/18/13 14:58:32.05]: ADDriver: remove-all-values
DirXML: [09/18/13 14:58:32.05]: ADDriver: add-value
DirXML: [09/18/13 14:58:32.05]: ADDriver: value
DirXML: [09/18/13 14:58:32.05]: ADDriver: 0
DirXML: [09/18/13 14:58:32.05]: ADDriver: modify-attr
DirXML: [09/18/13 14:58:32.05]: ADDriver: remove-all-values
DirXML: [09/18/13 14:58:32.05]: ADDriver: add-value
DirXML: [09/18/13 14:58:32.05]: ADDriver: value
DirXML: [09/18/13 14:58:32.05]: ADDriver: 0
DirXML: [09/18/13 14:58:32.05]: ADDriver: ldap_modify user CN=SuLo0904,OU=USERS,OU=META,OU=_TK,DC=Adprod,DC=s e
LDAPMod operations:
replace attribute displayName
>> First Last1

replace attribute accountExpires
>> 0

replace attribute accountExpires
>> 0

replace attribute userAccountControl
>> 544

DirXML: [09/18/13 14:58:32.07]: ADDriver: parse command

className
destDN cn=SuLo0904,ou=MailContact,ou=META,ou=_TK,dc=adpro d,dc=se
eventId IDM01-NDS#20130918125833#3#1:b58c53e0-75ac-4b69-ab22-471bd3b747f7
association
DirXML: [09/18/13 14:58:32.07]: ADDriver: parse modify class =
DirXML: [09/18/13 14:58:32.07]: Loader: subscriptionShim->execute() returned:
DirXML: [09/18/13 14:58:32.07]: Loader: XML Document:
DirXML: [09/18/13 14:58:32.07]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.0.0.2" asn1id="" build="20130813_120000" instance="\TK-IDVAULT2\TK\System\DriverSet02\AD Prod">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success" event-id="IDM01-NDS#20130918125833#3#1:b58c53e0-75ac-4b69-ab22-471bd3b747f7"/>
<status level="success" event-id="IDM01-NDS#20130918125833#3#1:b58c53e0-75ac-4b69-ab22-471bd3b747f7"/>
</output>
</nds>
DirXML: [09/18/13 14:58:32.07]:
--------------------


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=48713