in an productive IDM environment we have problems in syncing groups to
Active Directory.
The membership should be controlled through the IDVault, so we set up
the filter to reset member on the publisher and set the merge-authority
to IDVault as well.

What we see is an infinite loop of the synchronization of (certain)
groups. It seams that all changes on the subscriber come back on the
pubisher (as expected) resulting in a reset. The reset is invoced on the
subscriber channel which ends up in the loop.

My guess is that the optimize-modify seams not to work if there are to
many members ?!

we are running idm 4.0.2 and ad driver version

Any suggestions?



tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=52219