I think this is a bug, but unsure. What do others think?


A merge triggers a query against the connected system for an attribute
that is not present in the destination system (which is a fake
attribute that is set by policy)

The actual response from driver shim is ALL attributes for the object
in question.

The documentation only says:

"By default, all object attributes for the selected objects are to be
read. The attributes to be read are limited by <read-attr>. To read
none of the object attributes, specify a single nameless <read-attr>."


So according to the specification, we've limited the search to one
attribute. The Driver shim can't find that attribute (it doesn't exist)
and gets confused and sends all attributes.

Is this correct according to spec? I don't think so - It differs from
the behaviour if an attribute is defined in the schema but empty on the

Driver shim (Active Directory) is patched to latest version,
application schema was refreshed prior to testing.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...