Hello,
I would like IDM to take control of the value of attribute ndsHomeDirectory on the connected system (eDirectory).
IDM creates home directories on the connected system via another driver, therefore it should also synchronise the corresponding attributes over bidirectional driver.
The synchronisation of homeDirectory attribute works, but synchronisation of ndsHomeDirectory doesnt.
It is not possible to have a structured attribute (same as ndsHomeDirectory) on IDM because the volume path does not exist on IDM.
Instead I created a new attribute on IDM named IDM_ndsHomeDirectory, which is a case ignore string.
This string attribute is then reformated to a structured attribute in otp.
The document submitted to subscriber shim looks like shown below. Side note: the association-ref and type XML attributes were hardcoded for testing purpuses.
<nds dtdversion="4.0" ndsversion="8.x"> <source> <product edition="Standard" version="4.9.0.0000">DirXML</product> <contact>NetIQ Corporation</contact> </source> <input> <modify class-name="inetOrgPerson" event-id="dz-idm-01#20250116133950#1#1:8297e303-b7f9-4404-9fce-03e39782f9b7" from-merge="true" qualified-src-dn="\xxx\CN=test" src-dn="\xxx\test" src-entry-id="64443"> <association>AAAC4D92D7C261439025AAAC4D92D7C2</association> <modify-attr attr-name="homeDirectory"> <remove-all-values/> <add-value> <value timestamp="1724410149#7" type="string">/home/test</value> </add-value> </modify-attr> <modify-attr attr-name="ndsHomeDirectory"> <remove-all-values/> <add-value> <value type="structured"> <component name="nameSpace">0</component> <component association-ref="9D37F68B34A68C4DB7F19D37F68B34A6" name="volume" type="dn">cn=vol1-server_VOL1,ou=OESSystemObjects,xxx</component> <component name="path">USERS\test</component> </value> </add-value> </modify-attr> </modify> </input> </nds>
The problem is that this modification succeeds but there is no change of the ndsHomeDirectory attribute on the connected system.
The trace below starts right after submitting to subscriber shim. You can see that the event results in success but there is no value in the ldap modification.
[01/16/25 14:47:46.803]:eDir2eDir ST:eDir2eDir: LDAP Search base=xxx scope=2 filter=guid=\9D\37\F6\8B\34\A6\8C\4D\B7\F1\9D\37\F6\8B\34\A6 attrs=[dn] attrsOnly=false [01/16/25 14:47:46.912]:eDir2eDir ST:eDir2eDir: LDAP Modify: cn=test,xxx LDAPModification: (operation=replace,(LDAPAttribute: {type='homeDirectory', value='/home/test'})) LDAPModification: (operation=replace,(LDAPAttribute: {type='ndsHomeDirectory'})) [01/16/25 14:47:46.919]:eDir2eDir ST:SubscriptionShim.execute() returned: [01/16/25 14:47:46.919]:eDir2eDir ST: <nds dtdversion="2.0" ndsversion="8.x"> <source> <product build="20240201_1039" instance="eDir2eDir" version="4.1.0.0000">Identity Manager Bi-directional Driver for eDirectory</product> <contact>NetIQ Corporation</contact> </source> <output> <status event-id="dz-idm-01#20250116134745#1#1:42f857de-272b-4f51-bef3-de57f8422b27" level="success"/> </output> </nds>
At first I thought it was an issue with association-ref but hard-coding it in the event as shown above did not help.
I have also traced the event on the connected system using ndstrace, where the ldap modification of the ndsHomeDirectory attribute succeeds.
I was not able to see the value of the modification in ndstrace. Is it possible to see the value there?
Does anyone have experience at synchronising structured attributes? Thanks in advance!