When I make a change to the remote end of eDirectory Bidirectional
driver with iManager or LDAP I get the error/warning shown below and
publisher channel synchronization any attributes do not occur. Only
passwords sync on publisher channel. Subscriber channel works as
expected. Any help is welcome.

[03/17/17 14:51:57.690]:MyDriver PT:MyDriver: The connection status
isConnect is true
[03/17/17 14:51:57.690]:MyDriver PT:MyDriver: Received an event sequence
from eDirectory.Number of events in the sequence = 1
[03/17/17 14:51:57.690]:MyDriver PT:MyDriver: Started processing event 1
of 1
[03/17/17 14:51:57.690]:MyDriver PT:MyDriver: WARNING !!! Incorrect
ldiff change detected during parsing of the modify event :
[03/17/17 14:51:57.690]:MyDriver PT:MyDriver:
CN=testLogin,OU=OrgUnit,O=OrgaZbYmodifyaZbYdelete:
MyBooleanAttributeaZbYMyBooleanAttribute: FALSEaZbYadd:
MyBooleanAttributeaZbYMyBooleanAttribute: TRUEaZbYadd:
objectClassaZbYobjectClass: UseraZbYadd: GUIDaZbYGUID:
8FK7g2kPWk2RN/BSu4NpDw==aZbY
[03/17/17 14:51:57.691]:MyDriver PT:MyDriver: WARNING !!! Incorrect
ldiff change detected during parsing of the modify event :
[03/17/17 14:51:57.691]:MyDriver PT:MyDriver:
CN=testLogin,OU=OrgUnit,O=OrgaZbYmodifyaZbYdelete:
MyBooleanAttributeaZbYMyBooleanAttribute: FALSEaZbYadd:
MyBooleanAttributeaZbYMyBooleanAttribute: TRUEaZbYadd:
objectClassaZbYobjectClass: UseraZbYadd: GUIDaZbYGUID:
8FK7g2kPWk2RN/BSu4NpDw==aZbY
[03/17/17 14:51:57.692]:MyDriver PT:MyDriver: Received an modify event
from eDir server...
[03/17/17 14:51:57.693]:MyDriver PT:MyDriver: GUID =
F052BB83690F5A4D9137F052BB83690F
[03/17/17 14:51:57.693]:MyDriver PT:
<nds dtdversion="4.0">
<source>
<product build="20160425_0222" instance="MyDriver"
version="4.0.2.0">Identity Manager Bi-directional Driver for
eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="inetOrgPerson"
src-dn="CN=testLogin,OU=OrgUnit,O=Org">
<association>F052BB83690F5A4D9137F052BB83690F</association>
</modify>
</input>
</nds>

Here is configuration data from the driver:

[03/17/17 15:21:50.606]:Idtools : Name: drv.edir.base.container Value:
O=Org
[03/17/17 15:21:50.606]:Idtools : Name: drv.edir.passwd.sync.ver Value:
2
[03/17/17 15:21:50.607]:Idtools : Name: enable-password-publish Value:
true
[03/17/17 15:21:50.607]:Idtools : Name: publish-password-to-nds Value:
false
[03/17/17 15:21:50.607]:Idtools : Name: publish-password-to-dp Value:
true
[03/17/17 15:21:50.607]:Idtools : Name: enforce-password-policy Value:
true
[03/17/17 15:21:50.607]:Idtools : Name:
reset-external-password-on-failure Value: true
[03/17/17 15:21:50.607]:Idtools : Name: enable-password-subscribe
Value: true
[03/17/17 15:21:50.607]:Idtools : Name:
notify-user-on-password-dist-failure Value: false
[03/17/17 15:21:50.607]:Idtools : Name: drv.entitlement.Account Value:
false
[03/17/17 15:21:50.607]:Idtools : Name: drv.sync.disabled Value: false
[03/17/17 15:21:50.608]:Idtools : Name: drv.entitlement.remove Value:
delete
[03/17/17 15:21:50.608]:Idtools : Name: drv.entitlement.Group Value:
false
[03/17/17 15:21:50.608]:Idtools : Name:
drv.entitlement.advancedsettings.show Value: true
[03/17/17 15:21:50.608]:Idtools : Name: drv.datacollection.enable
Value: true
[03/17/17 15:21:50.608]:Idtools : Name: drv.datacollection.Account
Value: true
[03/17/17 15:21:50.608]:Idtools : Name: drv.datacollection.Group Value:
true
[03/17/17 15:21:50.608]:Idtools : Name: drv.rolemapping.enable Value:
true
[03/17/17 15:21:50.608]:Idtools : Name: drv.rolemapping.Account Value:
true
[03/17/17 15:21:50.608]:Idtools : Name: drv.rolemapping.Group Value:
true
[03/17/17 15:21:50.609]:Idtools : Name: drv.resourcemapping.enable
Value: true
[03/17/17 15:21:50.609]:Idtools : Name: drv.resourcemapping.Account
Value: true
[03/17/17 15:21:50.609]:Idtools : Name: drv.resourcemapping.Group
Value: true
[03/17/17 15:21:50.609]:Idtools : Name: drv.entitlement.format.Account
Value: legacy
[03/17/17 15:21:50.609]:Idtools : Name: drv.entitlement.format.Group
Value: legacy
[03/17/17 15:21:50.609]:Idtools : Name:
drv.entitlement.extensions.Account Value: <entitlement-extensions>

Driver configuration xml:

<group>
<definition display-name="Show default configuration" id="111"
name="drv.edir.pub.basic.config" type="enum">
<description/>
<enum-choice display-name="Show">show</enum-choice>
<enum-choice display-name="Hide">hide</enum-choice>
<value>show</value>
</definition>
<subordinates active-value="show">
<definition display-name="eDirectory base container"
dn-space="application" dn-type="ldap"
gcv-driver-param-name="drv.edir.pub.base.cont"
gcv-ref="drv.edir.base.container" id="112"
name="drv.edir.base.container" type="dn">
<description>Specify the container where objects reside in the
connected eDirectory. If you are using a flat Placement rule, this is
the container where the objects to be synchronized are placed. If you
are using a mirrored Placement rule, this is the root container. E.g.:
OU=People,O=com. This container is also the base container for all
driver searches to the remote edirectory.</description>
<value>O=Org</value>
</definition>
<definition display-name="Polling interval in seconds" id="113"
name="drv.edir.pub.pollRate" type="integer">
<description>Specify the number of seconds after which the
publisher channel polls the eDirectory for updates.</description>
<value>10</value>
</definition>
<definition display-name="Heartbeat interval in minutes" id="114"
name="pub-heartbeat-interval" type="string">
<description>Specify the heartbeat interval in minutes. Leave
this field blank to turn off the heartbeat.</description>
<value>600</value>
</definition>
<definition display-name="Keep Alive interval in minutes" id="115"
name="keep-alive-interval" type="integer">
<description>Specifies how often, in minutes, the driver shim
re-initializes an idle change-log connection in order to keep the
connection alive between the bidirectional eDirectory shim and the
change-log. The default value is 30 minutes. The minimum duration is 1
minute. Setting the interval as 0 or lesser will disable this
option.</description>
<value>30</value>
</definition>
<definition critical-change="true" display-name="Allow loop-back
detection" id="116" name="drv.edir.pub.event.optimize" type="boolean">
<description>Specify whether the driver should perform loop-back
detection. When set to true, the driver avoids event loop-back. When set
to false, subscriber events may loop into the publisher channel.
</description>
<value>true</value>
</definition>
</subordinates>
</group>


Changelog configuration:

<group>
<definition display-name="Show Change-log plugin configuration"
id="117" name="drv.edir.chng.log.config" type="enum">
<description/>
<enum-choice display-name="Show">show</enum-choice>
<enum-choice display-name="Hide">hide</enum-choice>
<value>show</value>
</definition>
<subordinates active-value="show">
<definition critical-change="true" display-name="Max days without
re-connect" id="118" name="drv.edir.cl.CLMaxDisconnectDays"
range-hi="100" range-lo="1" type="integer">
<description>Specify the number of days after which driver change
cache and registration information is deleted if the driver does not
connect.Default value is 30. Min val=1, max val=100</description>
<value>30</value>
</definition>
<definition critical-change="true" display-name="Ignore processing
errors" id="119" name="drv.edir.cl.CLIgnoreErrors" type="boolean">
<description>Specify if the change-log should ignore any error
encountered while processing a publisher event.If the value is set to
true, then errors are ignored and the next event will be processed.If
the value is set to false, then the same event be
resend.</description>
<value>false</value>
</definition>
<definition critical-change="true" display-name="Allow password on
clear-text connection" id="120"
name="drv.edir.cl.CLAllowPasswdOnClearConn" type="boolean">
<description>Specify if password can be sent over insecure
connection.If the value is set to true, then password will be sent over
insecure connection.If the value is set to false, then password will be
sent over secure channel only .</description>
<value>false</value>
</definition>
<definition critical-change="true" display-name="Change-log trace
level" id="121" name="drv.edir.cl.CLTraceLevel" type="enum">
<description>Specify the change-log trace level. Following are
the identified trace levels :1 : ERROR log only errors,2 : INFO log
informational messages,3 : DEBUG log debug data along with info
messages,Default trace level is 1(ERROR).</description>
<enum-choice display-name="ERROR">1</enum-choice>
<enum-choice display-name="INFO">2</enum-choice>
<enum-choice display-name="DEBUG">3</enum-choice>
<value>3</value>
</definition>
<definition critical-change="true" display-name="Change-log
preferred maximum batch-size" id="122"
name="drv.edir.cl.CLPreferedMaxBatchSize" range-hi="500" range-lo="1"
type="integer">
<description>Specify the maximum number of events that may be
sent in a batch by the change-log module. minimum = 1,maximum =
500</description>
<value>100</value>
</definition>
</subordinates>
</group>


--
kuronen
------------------------------------------------------------------------
kuronen's Profile: https://forums.netiq.com/member.php?userid=10870
View this thread: https://forums.netiq.com/showthread.php?t=57563