We are experiencing problem with Group member not getting the associated Role as nrfGroupRoles.
We have a group: cn=Emply_Access,ou=systemgroups,o=data
and a role: cn=Emply_Access_Role,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system
where the group has the role as nrfAssociatedRoles and the role has the groups as nrfImplicitGroups.
We are running Identity Manager 4.10 (24.4) on SLES 15 sp6.
The Role and Resource Driver and the User Application Driver are straight out of the box and installed with Identity Applications, which runs on a separate SLES server.
When configuring Role and Resource Driver is set up to trace log (trace level 5) nothing appears in the trace log when a user is added to the group.
There is no requests in cn=Requests,cn=RoleConfig,cn=AppConfig,cn=User Application Driver,cn=driverset1,o=system with the user getting the role.
I wonder why the filter for Role and Resource Driver does not include nrfAssociatedRoles for groups and/or nrfImplicitGroups for roles.
In the release notes for IDM 4.10 under 5.0 Resolved issues there's a mentioning :
Component |
Global ID |
Description |
---|---|---|
Identity Applications |
OCTCR56A582892 |
Roles and Resource Service Driver does not process groups, roles, or resources consistently. |
that suggests that there was something fixed in 4.10 role and resource service driver regarding this issue.
But it still doesn't work for us.
Has anybody experienced the same problem, and preferably, is there a fix?