Hi,

We had a 24 hours down time of our IDM 3.5.1 server and after we started
again some user whose name where changed in the past(girls who had
married) noticed that the name was changed back to the old name. And
they are changes back in 2010! We checked the logs and we discovered the
change requests.
How can this happen ? What should we check ?
An example is bellow: ACurrentName is the name that should be in the
system(and it was as you can see until the change request) and AOldName
is the name that was changed in the past.

Thanks,
Viki

DirXML: [02/17/14 15:29:29.78]: ADDriver: query
DirXML: [02/17/14 15:29:29.78]: ADDriver: query constraints
DirXML: [02/17/14 15:29:29.78]: ADDriver: query
base DN: CN=Andreea CurrentName,OU=DEP1,OU=USERS,DC=orgname,DC=ro,
filter: (objectClass=*),
return: (attribute values) objectClass, objectGUID, description,
userAccountControl, displayName, facsimileTelephoneNumber, givenName,
initials, l, logonHours, mail, physicalDeliveryOfficeName,
postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
telephoneNumber, title, userPrincipalName,
DirXML: [02/17/14 15:29:29.78]: ADDriver: query
base DN: CN=Andreea CurrentName,OU=DEP1,OU=USERS,DC=orgname,DC=ro,
filter: (objectClass=*),
return: (attribute values) objectClass, objectGUID, description,
userAccountControl, displayName, facsimileTelephoneNumber, givenName,
initials, l, logonHours, mail, physicalDeliveryOfficeName,
postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
telephoneNumber, title, userPrincipalName,
DirXML: [02/17/14 15:29:29.78]: ADDriver: ldap get next page (
2147483647)
DirXML: [02/17/14 15:29:29.78]: ADDriver: ldap get next page (
2147483647)
DirXML: [02/17/14 15:29:29.78]: Loader: subscriptionShim->execute()
returned:
DirXML: [02/17/14 15:29:29.78]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.78]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="3.5.1" asn1id="" build="20070823_095000"
instance="\orgnameTREE\orgname\IDMan\AD_orgname\AD _orgname">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance src-dn="CN=Andreea
CurrentName,OU=DEP1,OU=USERS,DC=orgname,DC=ro" class-name="user"
event-id="0">
<association>172f3de48bc0a14f9f954accc20e64ec</association>
<attr attr-name="description">
<value type="string" naming="true">*NOU WEB - administrator</value>
</attr>
<attr attr-name="dirxml-uACAccountDisable">
<value type="state">false</value>
</attr>
<attr attr-name="displayName">
<value type="string" naming="true">Andreea Mihaela CurrentName
[DEP1-BAS]</value>
</attr>
<attr attr-name="facsimileTelephoneNumber">
<value type="string" naming="true">7963</value>
</attr>
<attr attr-name="givenName">
<value type="string" naming="true">Andreea</value>
</attr>
<attr attr-name="logonHours">
<value type="octet"
naming="true">////////////////////////////</value>
</attr>
<attr attr-name="mail">
<value type="string"
naming="true">Andreea.CurrentName@orgname.ro</value>
</attr>
<attr attr-name="postOfficeBox">
<value type="string" naming="true">4745</value>
</attr>
<attr attr-name="postalCode">
<value type="string" naming="true">7963</value>
</attr>
<attr attr-name="sAMAccountName">
<value type="string" naming="true">ACurrentName</value>
</attr>
<attr attr-name="sn">
<value type="string" naming="true">CurrentName</value>
</attr>
<attr attr-name="title">
<value type="string" naming="true">INGINER OPERARE
orgname.215115</value>
</attr>
<attr attr-name="userPrincipalName">
<value type="string" naming="true">ACurrentName@orgname.ro</value>
</attr>
</instance>

DirXML: [02/17/14 15:29:29.78]: <status level="success" event-id="0"/>
</output>
</nds>
DirXML: [02/17/14 15:29:29.78]:
DirXML Log Event -------------------
Driver = \orgnameTREE\orgname\IDMan\AD_orgname\AD_orgname
Thread = Subscriber Channel
Level = success
DirXML: [02/17/14 15:29:29.81]: Loader: Received 'subscriber execute'
document
DirXML: [02/17/14 15:29:29.81]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.81]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="user" event-id="SRV3#20140217110000#99#341"
from-merge="true"
qualified-src-dn="O=orgname\OU=UTILIZ1\OU=DEP1\CN=ACurrentName"
src-dn="\orgnameTREE\orgname\UTILIZ1\DEP1\ACurrentName "
src-entry-id="37491">
<association>172f3de48bc0a14f9f954accc20e64ec</association>
<modify-attr attr-name="sAMAccountName">
<add-value>
<value type="string">AOldName</value>
</add-value>
</modify-attr>
<modify-attr attr-name="userPrincipalName">
<remove-all-values/>
<add-value>
<value type="string">AOldName@orgname.ro</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [02/17/14 15:29:29.81]: Loader: Calling
subscriptionShim->execute()
DirXML: [02/17/14 15:29:29.81]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.81]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="user" event-id="SRV3#20140217110000#99#341"
from-merge="true"
qualified-src-dn="O=orgname\OU=UTILIZ1\OU=DEP1\CN=ACurrentName"
src-dn="\orgnameTREE\orgname\UTILIZ1\DEP1\ACurrentName "
src-entry-id="37491">
<association>172f3de48bc0a14f9f954accc20e64ec</association>
<modify-attr attr-name="sAMAccountName">
<add-value>
<value type="string">AOldName</value>
</add-value>
</modify-attr>
<modify-attr attr-name="userPrincipalName">
<remove-all-values/>
<add-value>
<value type="string">AOldName@orgname.ro</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [02/17/14 15:29:29.81]: ADDriver: parse command

className user
destDN
eventId SRV3#20140217110000#99#341
association 172f3de48bc0a14f9f954accc20e64ec
DirXML: [02/17/14 15:29:29.81]: ADDriver: parse modify class = user
DirXML: [02/17/14 15:29:29.81]: ADDriver: association
DirXML: [02/17/14 15:29:29.81]: ADDriver:
172f3de48bc0a14f9f954accc20e64ec
DirXML: [02/17/14 15:29:29.81]: ADDriver: modify-attr
DirXML: [02/17/14 15:29:29.81]: ADDriver: add-value
DirXML: [02/17/14 15:29:29.81]: ADDriver: value
DirXML: [02/17/14 15:29:29.81]: ADDriver: AOldName
DirXML: [02/17/14 15:29:29.81]: ADDriver: modify-attr
DirXML: [02/17/14 15:29:29.81]: ADDriver: remove-all-values
DirXML: [02/17/14 15:29:29.81]: ADDriver: add-value
DirXML: [02/17/14 15:29:29.81]: ADDriver: value
DirXML: [02/17/14 15:29:29.81]: ADDriver: AOldName@orgname.ro
DirXML: [02/17/14 15:29:29.81]: ADDriver: ldap_modify user CN=Andreea
CurrentName,OU=DEP1,OU=USERS,DC=orgname,DC=ro
LDAPMod operations:
replace attribute sAMAccountName
>> AOldName

delete attribute userPrincipalName
add attribute userPrincipalName
>> AOldName@orgname.ro

DirXML: [02/17/14 15:29:29.81]: Loader: subscriptionShim->execute()
returned:
DirXML: [02/17/14 15:29:29.81]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.81]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="3.5.1" asn1id="" build="20070823_095000"
instance="\orgnameTREE\orgname\IDMan\AD_orgname\AD _orgname">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success" event-id="SRV3#20140217110000#99#341"/>
</output>
</nds>
DirXML: [02/17/14 15:29:29.81]:
DirXML Log Event -------------------
Driver = \orgnameTREE\orgname\IDMan\AD_orgname\AD_orgname
Thread = Subscriber Channel
Object = \orgnameTREE\orgname\UTILIZ1\DEP1\ACurrentName
Level = success
DirXML: [02/17/14 15:29:29.81]: Loader: Received 'subscriber execute'
document
DirXML: [02/17/14 15:29:29.81]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.81]: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="user" event-id="0" scope="entry">
<association>174db9e5d67eae4bb73de5a72b1f6dcf</association>
<read-attr attr-name="userPrincipalName"/>
<read-attr attr-name="description"/>
<read-attr attr-name="sAMAccountName"/>
<read-attr attr-name="facsimileTelephoneNumber"/>
<read-attr attr-name="displayName"/>
<read-attr attr-name="givenName"/>
<read-attr attr-name="initials"/>
<read-attr attr-name="mail"/>
<read-attr attr-name="physicalDeliveryOfficeName"/>
<read-attr attr-name="logonHours"/>
<read-attr attr-name="dirxml-uACAccountDisable"/>
<read-attr attr-name="l"/>
<read-attr attr-name="postalCode"/>
<read-attr attr-name="postOfficeBox"/>
<read-attr attr-name="st"/>
<read-attr attr-name="streetAddress"/>
<read-attr attr-name="sn"/>
<read-attr attr-name="telephoneNumber"/>
<read-attr attr-name="title"/>
</query>
</input>
</nds>
DirXML: [02/17/14 15:29:29.81]: Loader: Calling
subscriptionShim->execute()
DirXML: [02/17/14 15:29:29.81]: Loader: XML Document:
DirXML: [02/17/14 15:29:29.81]: <nds dtdversion="3.5" ndsversion="8.x">


--
vdusnoki
------------------------------------------------------------------------
vdusnoki's Profile: https://forums.netiq.com/member.php?userid=5728
View this thread: https://forums.netiq.com/showthread.php?t=50047