Anyone seen an LDAP shim publish only a single event per polling cycle,
Pub channel, via changelog. Note: ISODE M-Vault LDAP server, which has
its own setting specific to changelog.


IDM 4.02 patch 6, LDAP Shim 4.0.0.3, (Whatever the latest this summer was).

Set the poll to 1 second, it resets to 60. 5 seems to be the magic
threshold. (Gee, nice if that was written down somewhere, right?) and
you get one event every 5 seconds, we had 100's of events queued up, and
we cleared them with 5 second poll, but that is not scalable if you
dumped in 10,000 modifies like at the beginning o f aschool term...

Trace is hard to show, but here is a sample:

At 11:26:33AM the last event succeeds (Still hundreds in changelog), but
next event is not processed till: 11:27:23AM


[10/08/14 11:26:23.661]:ldap PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="1" level="success"><application>DirXML</application>
<module>LDAP</module>
<object-dn>cn=6058,ou=Active,ou=Employee,dc=acme,dc=edu
(acme\users\testuser)</object-dn>
<component>Publisher</component>
<operation-data op="modify"
src-dn="cn=6058,ou=Active,ou=Employee,dc=acme,dc=edu"/>
</status>
<status event-id="chgLogNum"
level="success"><application>DirXML</application>
<module>LDAP</module>
<object-dn></object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[10/08/14 11:26:23.666]:ldap PT:LDAP: returnCounter=1
[10/08/14 11:27:23.667]:ldap PT:LDAP: LDAP Search
base=cn=changelog
scope=1
filter=(changenumber=51940)
attrs=null
attrsOnly=false
[10/08/14 11:27:23.671]:ldap PT:LDAP: Changelog:
dn: changeNumber=51940,cn=changelog
changeType: modify
changeNumber: 51940
entryUUID: 76353539-4083-4625-9453-367272420832
createTimestamp: 20141008081501-0400
targetDN: cn=6058,ou=Active,ou=Employee,dc=acme,dc=edu




Some driver startup trace, showing the interesting parts (settings, etc):

[10/08/14 11:09:18.105]:ldap :Global Configuration Values:
[10/08/14 11:09:18.105]:ldap : Name: aie.drvmon.checkHeartbeat Value: true
[10/08/14 11:09:18.105]:ldap : Name: aie.drvmon.checkTrigger Value: false
[10/08/14 11:09:18.105]:ldap : Name: drv.subPlacementType Value: mirrored
[10/08/14 11:09:18.106]:ldap : Name: driver.ldap.base.container Value:
dc=acme,dc=edu
[10/08/14 11:09:18.108]:ldap : Name: driver.ldap.base.employee Value:
ou=Employee,dc=acme,dc=edu
[10/08/14 11:09:18.108]:ldap : Name: driver.ldap.base.student Value:
ou=Students,dc=acme,dc=edu
[10/08/14 11:09:18.108]:ldap : Name: drv.pubPlacementType Value: flat
[10/08/14 11:09:18.109]:ldap : Name: ConnectedSystemName Value: LDAP
[10/08/14 11:09:18.109]:ldap : Name: enable-password-subscribe Value: false
[10/08/14 11:09:18.109]:ldap : Name: enable-password-publish Value: false
[10/08/14 11:09:18.109]:ldap : Name: publish-password-to-nds Value: false
[10/08/14 11:09:18.110]:ldap : Name: publish-password-to-dp Value: true
[10/08/14 11:09:18.110]:ldap : Name: enforce-password-policy Value: false
[10/08/14 11:09:18.110]:ldap : Name: reset-external-password-on-failure
Value: true
[10/08/14 11:09:18.115]:ldap : Name:
notify-user-on-password-dist-failure Value: false
[10/08/14 11:09:18.115]:ldap : Name: drv.acctTrk.statusAttr Value:
pwdAccountLockedTime
[10/08/14 11:09:18.115]:ldap : Name: driver.ldap.disabledRole Value:
CN=nsManagedDisabledRole,DC=example,DC=com
[10/08/14 11:09:18.116]:ldap : Name: drv.acctTrk.enable Value: true
[10/08/14 11:09:18.116]:ldap : Name: drv.acctTrk.mode Value: 121
[10/08/14 11:09:18.116]:ldap : Name: drv.acctTrk.realm Value: ldap
[10/08/14 11:09:18.116]:ldap : Name: drv.acctTrk.realmLookupKeySource
Value: association
[10/08/14 11:09:18.117]:ldap : Name: drv.acctTrk.realmKeyExtractor
Value: .+
[10/08/14 11:09:18.117]:ldap : Name: drv.acctTrk.fanout.som.display
Value: hide
[10/08/14 11:09:18.120]:ldap : Name: drv.acctTrk.fanout.som.repWaitTime
Value: 0
[10/08/14 11:09:18.120]:ldap : Name: drv.acctTrk.fanout.som Value:
[10/08/14 11:09:18.120]:ldap : Name: drv.acctTrk.advancedsettings.show
Value: false
[10/08/14 11:09:18.121]:ldap : Name: drv.acctTrk.identifiers Value: LDAPDN
[10/08/14 11:09:18.121]:ldap : Name: drv.acctTrk.objectClass Value:
inetOrgPerson;user
[10/08/14 11:09:18.121]:ldap : Name: drv.acctTrk.activeStatus Value: FALSE
[10/08/14 11:09:18.121]:ldap : Name: drv.acctTrk.inactiveStatus Value: TRUE
[10/08/14 11:09:18.122]:ldap : Name: drv.acctTrk.idvDefaultStatus Value: A
[10/08/14 11:09:18.122]:ldap : Name: drv.acctTrk.appDefaultStatus Value: -
[10/08/14 11:09:18.122]:ldap : Name: msysinfo.drv.ms.id Value:
DACE6982-C805-3145-67BA-DACE6982C805
[10/08/14 11:09:18.122]:ldap : Name: msysinfo.drv.ms.name Value: LDAP
Driver
[10/08/14 11:09:18.123]:ldap : Name: msysinfo.drv.ms.description Value:
[10/08/14 11:09:18.126]:ldap : Name: msysinfo.drv.ms.type Value: LDAP
[10/08/14 11:09:18.126]:ldap : Name: msysinfo.drv.ms.classification
Value: Not-Critical
[10/08/14 11:09:18.126]:ldap : Name: msysinfo.drv.ms.vendor Value:
[10/08/14 11:09:18.127]:ldap : Name: msysinfo.drv.ms.version Value:
[10/08/14 11:09:18.127]:ldap : Name: msysinfo.drv.ms.businessOwner Value:
[10/08/14 11:09:18.127]:ldap : Name: msysinfo.drv.ms.applicationOwner
Value:
[10/08/14 11:09:18.127]:ldap : Name: msysinfo.drv.ms.location Value:
[10/08/14 11:09:18.128]:ldap : Name: msysinfo.drv.ms.environment Value:
Development
[10/08/14 11:09:18.128]:ldap : Name: msysinfo.drv.ms.auth.ip Value:
ldap1.acme.edu
[10/08/14 11:09:18.128]:ldap : Name: msysinfo.drv.ms.auth.port Value: 19636
[10/08/14 11:09:18.128]:ldap : Name: msysinfo.drv.ms.auth.id Value:
cn=DSA Manager,cn=Master,dc=edu
[10/08/14 11:09:18.129]:ldap : Name: cis.pwd-validator.min.length Value: 8
[10/08/14 11:09:18.132]:ldap : Name: cis.pwd-validator.max.length Value: 12
[10/08/14 11:09:18.132]:ldap : Name: cis.pwd-validator.dest-attr Value:
userPassword
[10/08/14 11:09:18.132]:ldap : Name: cis.pwd.logFile Value:
/var/log/idv/badpasswords.out
[10/08/14 11:09:18.133]:ldap : Name: cis.pwd-validator.dest-uid Value:
uniqueID
[10/08/14 11:09:18.133]:ldap : Name: cis.pwd-validator.dest-path Value:
dc=acme,dc=edu
[10/08/14 11:09:18.133]:ldap : Name: cis-testing.filter Value: false
[10/08/14 11:09:18.133]:ldap : Name: cis-testing.attribute Value: SA
[10/08/14 11:09:18.134]:ldap : Name: cis-testing.attribute-value Value:
1157 Sussex Road
[10/08/14 11:09:18.134]:ldap : Name: aie.drvmon.checkTriggerGlobally
Value: false
[10/08/14 11:09:18.134]:ldap : Name: aie.drvmon.checkHeartbeatGlobally
Value: true
[10/08/14 11:09:18.134]:ldap : Name: aie.drvmon.heartbeatStatusMessage
Value: Heartbeat
[10/08/14 11:09:18.135]:ldap : Name:
aie.drvmon.timestampMinimumInterval Value: 30
[10/08/14 11:09:18.135]:ldap : Name: aie.drvmon.timestampAuxClass
Value: aieDriverExtensions
[10/08/14 11:09:18.135]:ldap : Name: aie.drvmon.triggerTimestampAuxAttr
Value: aieLastTrigger
[10/08/14 11:09:18.136]:ldap : Name:
aie.drvmon.heartbeatTimestampAuxAttr Value: aieLastHeartbeat
[10/08/14 11:09:18.139]:ldap : Name: idv.dit.data.users Value: acme\users
[10/08/14 11:09:18.139]:ldap : Name: idv.dit.data.groups Value: data\groups
[10/08/14 11:09:18.139]:ldap : Name: smtpServer Value: mail.acme.edu
[10/08/14 11:09:18.140]:ldap : Name: acme.email.from Value:
idv1@idv1.root.acme.edu
[10/08/14 11:09:18.140]:ldap : Name: dirxml.auto.treename Value: acme-IDV
[10/08/14 11:09:18.144]:ldap : Name: dirxml.auto.driverdn Value:
\acme-IDV\acme\idm\DriverSet\LDAP
[10/08/14 11:09:18.144]:ldap : Name: dirxml.auto.driverguid Value:
{8269CEDA-05C8-4531-67BA-DACE6982C805}
[10/08/14 11:09:18.144]:ldap : Name: dirxml.auto.localserverdn Value:
CN=idv1,OU=services,O=acme
[10/08/14 11:09:18.145]:ldap :Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-ReciprocalAttrMap.
[10/08/14 11:09:18.151]:ldap :Loaded reciprocal attribute map
[10/08/14 11:09:18.151]:ldap :
<reciprocal-links/>
[10/08/14 11:09:18.152]:ldap :Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-PersistentData.
[10/08/14 11:09:18.156]:ldap :Loaded persistent data
[10/08/14 11:09:18.157]:ldap :
<persistent-data>
<op-counters last-reset-time="1384982305999">
<subscriber>
<counters index="0">
<modify>80</modify>
<query>36</query>
<add>12</add>
<delete>4</delete>
</counters>
<counters index="1">
<modify>21</modify>
<query>33</query>
<add>12</add>
</counters>
<counters index="2">
<modify>2</modify>
<query>442953</query>
<query-ex>3757</query-ex>
</counters>
<counters index="3">
<modify>2</modify>
<query>442953</query>
<query-ex>3757</query-ex>
</counters>
<counters index="4">
<status>446712</status>
<instance>627829</instance>
<query-token>3709</query-token>
</counters>
</subscriber>
<publisher>
<counters index="0">
<status>262867</status>
<modify>9024</modify>
<add>1300</add>
<delete>782</delete>
<init-params>25101</init-params>
</counters>
<counters index="1">
<status>262867</status>
<modify>9020</modify>
<add>1298</add>
<sync>185393</sync>
<delete>782</delete>
<init-params>25096</init-params>
</counters>
<counters index="2">
<status>262867</status>
<modify>9021</modify>
<add>1298</add>
<sync>185394</sync>
<delete>782</delete>
<init-params>25096</init-params>
</counters>
<counters index="3">
<status>262867</status>
<modify>8290</modify>
<query>108141</query>
<add>90547</add>
<delete>38</delete>
<init-params>25096</init-params>
</counters>
<counters index="4">
<status>495032</status>
<instance>103955</instance>
</counters>
</publisher>
</op-counters>
</persistent-data>
[10/08/14 11:09:18.172]:ldap :Found subscriber
acme\idm\DriverSet\LDAP\Subscriber.
[10/08/14 11:09:18.174]:ldap :Found publisher
acme\idm\DriverSet\LDAP\Publisher.
[10/08/14 11:09:18.175]:ldap :Creating subscriber thread.
[10/08/14 11:09:18.182]:ldap ST:Subscriber thread starting.
[10/08/14 11:09:18.214]:ldap ST:Initializing driver shim.
[10/08/14 11:09:18.215]:ldap ST:Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-ApplicationSchema.
[10/08/14 11:09:18.844]:ldap ST:Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-ConfigManifest.
[10/08/14 11:09:18.852]:ldap ST:Reading driver information from the
\acme-IDV\acme\idm\DriverSet\LDAP object.
[10/08/14 11:09:18.856]:ldap ST:Loading Java shim
com.novell.nds.dirxml.driver.ldap.LDAPDriverShim.
[10/08/14 11:09:19.622]:ldap ST:Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-ShimConfigInfo.
[10/08/14 11:09:19.631]:ldap ST:Reading XML attribute
vnd.nds.stream://acme-IDV/acme/idm/DriverSet/LDAP#DirXML-DriverStorage.
[10/08/14 11:09:19.644]:ldap ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\acme-IDV\acme\idm\DriverSet\LDAP">
<authentication-info>
<server>ldap1.acme.edu:19636</server>
<user>cn=DSA Manager,cn=Master,dc=edu</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-options>
<ldap-vendor display-name="LDAP Directory
Type">M-Vault</ldap-vendor>
<enforce-matching-parenthesis display-name="Enforce Matching
Parenthesis in Schema Elements">false</enforce-matching-parenthesis>
<allowable-schema-element-chars display-name="Additional
Allowable Schema Name Characters">_</allowable-schema-element-chars>
<use-ssl display-name="Use SSL">yes</use-ssl>
<keystore display-name="Keystore Path for SSL
Certs">/usr/local/adm/etc/idm-certs.jks</keystore>
<use-mutual-auth display-name="Use Mutual
Authentication">no</use-mutual-auth>
<keyalias display-name="Key Alias">isode</keyalias>
<keystore-pass display-name="Keystore
Password">changeit</keystore-pass>
</driver-options>
</init-params>
</input>
</nds>
[10/08/14 11:09:19.653]:ldap ST:LDAP: LDAPDriverShim.setDriverParameters()
[10/08/14 11:09:19.654]:ldap ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\acme-IDV\acme\idm\DriverSet\LDAP">
<authentication-info>
<server>ldap1.acme.edu:19636</server>
<user>cn=DSA Manager,cn=Master,dc=edu</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-options>
<ldap-vendor display-name="LDAP Directory
Type">M-Vault</ldap-vendor>
<enforce-matching-parenthesis display-name="Enforce Matching
Parenthesis in Schema Elements">false</enforce-matching-parenthesis>
<allowable-schema-element-chars display-name="Additional
Allowable Schema Name Characters">_</allowable-schema-element-chars>
<use-ssl display-name="Use SSL">yes</use-ssl>
<keystore display-name="Keystore Path for SSL
Certs">/usr/local/adm/etc/idm-certs.jks</keystore>
<use-mutual-auth display-name="Use Mutual
Authentication">no</use-mutual-auth>
<keyalias display-name="Key Alias">isode</keyalias>
<keystore-pass display-name="Keystore
Password">changeit</keystore-pass>
</driver-options>
</init-params>
</input>
</nds>
[10/08/14 11:09:19.658]:ldap ST:LDAP: ldap-vendor set to M-Vault
[10/08/14 11:09:19.659]:ldap ST:LDAP: Driver name: Identity Manager
Driver for LDAP
[10/08/14 11:09:19.659]:ldap ST:LDAP: Driver version: 4.0.0.3
[10/08/14 11:09:19.659]:ldap ST:LDAP: Driver ID: 20140616_113627
[10/08/14 11:09:19.659]:ldap ST:LDAP: os.name: Linux
[10/08/14 11:09:19.660]:ldap ST:LDAP: os.version: 2.6.32-358.23.2.el6.x86_64
[10/08/14 11:09:19.660]:ldap ST:LDAP: os.arch: amd64
[10/08/14 11:09:19.665]:ldap STriverShim.init() returned:


[10/08/14 11:09:21.436]:ldap ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\acme-IDV\acme\idm\DriverSet\LDAP">
<authentication-info>
<server>ldap1.acme.edu:19636</server>
<user>cn=DSA Manager,cn=Master,dc=edu</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-filter>
<allow-class class-name="User"/>
</driver-filter>
<subscriber-options>
<subUseBinaryAttrOption display-name="LDAP Server Supports
Binary Attribute Option">yes</subUseBinaryAttrOption>
<subIgnoreEmptyComponentOption display-name="Ignore empty
components for Postal Address">no</subIgnoreEmptyComponentOption>
</subscriber-options>
</init-params>
</input>
</nds>



[10/08/14 11:17:11.888]:ldap ST:LDAP: LDAPDriverShim.setDriverParameters()
[10/08/14 11:17:11.888]:ldap ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\acme-IDV\acme\idm\DriverSet\LDAP">
<authentication-info>
<server>ldap1.acme.edu:19636</server>
<user>cn=DSA Manager,cn=Master,dc=edu</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-options>
<ldap-vendor display-name="LDAP Directory
Type">M-Vault</ldap-vendor>
<enforce-matching-parenthesis display-name="Enforce Matching
Parenthesis in Schema Elements">false</enforce-matching-parenthesis>
<allowable-schema-element-chars display-name="Additional
Allowable Schema Name Characters">_</allowable-schema-element-chars>
<use-ssl display-name="Use SSL">yes</use-ssl>
<keystore display-name="Keystore Path for SSL
Certs">/usr/local/adm/etc/idm-certs.jks</keystore>
<use-mutual-auth display-name="Use Mutual
Authentication">no</use-mutual-auth>
<keyalias display-name="Key Alias">isode</keyalias>
<keystore-pass display-name="Keystore
Password">changeit</keystore-pass>
</driver-options>
</init-params>
</input>
</nds>


[10/08/14 11:17:17.513]:ldap PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.6">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\acme-IDV\acme\idm\DriverSet\LDAP">
<authentication-info>
<server>ldap1.acme.edu:19636</server>
<user>cn=DSA Manager,cn=Master,dc=edu</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-filter>
<allow-class class-name="User">
<allow-attr attr-name="employeeNumber"/>
<allow-attr attr-name="acmeAnswer"/>
<allow-attr attr-name="acmeBirthYear"/>
<allow-attr attr-name="acmeDeliveryMailbox"/>
<allow-attr attr-name="acmeId"/>
<allow-attr attr-name="acmeLoginMailbox"/>
<allow-attr attr-name="acmeMailAlias"/>
<allow-attr attr-name="acmePrivacy"/>
<allow-attr attr-name="acmeQuestion"/>
<allow-attr attr-name="Given Name"/>
<allow-attr attr-name="Initials"/>
<allow-attr attr-name="Internet EMail Address"/>
<allow-attr attr-name="nspmDistributionPassword"
is-sensitive="true"/>
<allow-attr attr-name="OU"/>
<allow-attr attr-name="Surname"/>
<allow-attr attr-name="Telephone Number"/>
<allow-attr attr-name="uniqueID"/>
</allow-class>
</driver-filter>
<publisher-options>
<pollRate display-name="Polling Interval in Seconds">60</pollRate>
<pagedSearch display-name="Enable Paged Search">no</pagedSearch>
<pub-state-dir display-name="Temporary File
Directory"></pub-state-dir>
<pub-heartbeat-interval display-name="Heartbeat interval in
minutes">1</pub-heartbeat-interval>
<pub-method display-name="Publication
Method">changelog</pub-method>
<changeLogBegin display-name="Changelog Entries to Process on
Startup">3</changeLogBegin>
<batchSize display-name="Maximum Batch Size for Changelog
Processing">1000</batchSize>
<preferredObjectClasses display-name="Preferred LDAP
ObjectClass Names"></preferredObjectClasses>
<preventLoopback display-name="Prevent
Loopback">yes</preventLoopback>
<pub-ldap-search-base display-name="LDAP Directory Base
Container
(driver.ldap.base.container)">dc=acme,dc=edu</pub-ldap-search-base>
<pub-ldap-search-scope display-name="Search
Scope">1</pub-ldap-search-scope>
<pub-class-processing-order display-name="Class Processing
Order">others groupofuniquenames</pub-class-processing-order>
<pub-search-filters display-name="LDAP search filters to filter
on individual attributes"></pub-search-filters>
<maxOperations display-name="Maximum number of operations for a
single bind">500</maxOperations>
<pub-ldap-search-begin display-name="Search Results to
Synchronize on First Startup">1</pub-ldap-search-begin>
<useSunPluginGroup display-name="Use Sun Password
Plugin">no</useSunPluginGroup>
<pub-password-encryption-key display-name="Sun Plugin
Encryption Password" is-sensitive="true" type="password-ref"/>
</publisher-options>
<publisher-state>
<change-log-number>51929</change-log-number>
</publisher-state>
</init-params>
</input>
</nds>