Role not processing add/removes from assigned eDir Group

We are currently updating IDM and the User Application to 4.7.2 The role and resource driver is at 4.7.1.0 and the installed Role and Resource Service Base package is 4.7.0.20180213164852. The User Application driver is at 0.20180222.092342 with package 4.7.0.20180227204757 installed. IDM is at 4.7.2.

I started noticing that the role assignments are not working as expected anymore. I have an eDirectory group assigned to a role. When I add a user to this group the role should show up in the user's nrfMemberOf attribute and the user should be provisioned to the resources mapped to the role. This is no longer happening. The role no longer "sees" when a user is added or removed from the eDirectory group.

Adding a user directly to the role mentioned above works as expected. The role shows up in the user's nrfMemberOf attribute and the user provisioned to the mapped resources.

Any ideas?
  • On 2019-03-19 22:56:02 0000, joelburke said:

    > We are currently updating IDM and the User Application to 4.7.2 The role
    > and resource driver is at 4.7.1.0 and the installed Role and Resource
    > Service Base package is 4.7.0.20180213164852. The User Application
    > driver is at 0.20180222.092342 with package 4.7.0.20180227204757
    > installed. IDM is at 4.7.2.
    >
    > I started noticing that the role assignments are not working as expected
    > anymore. I have an eDirectory group assigned to a role. When I add a
    > user to this group the role should show up in the user's nrfMemberOf
    > attribute and the user should be provisioned to the resources mapped to
    > the role. This is no longer happening. The role no longer "sees" when a
    > user is added or removed from the eDirectory group.
    >
    > Adding a user directly to the role mentioned above works as expected.
    > The role shows up in the user's nrfMemberOf attribute and the user
    > provisioned to the mapped resources.
    >
    > Any ideas?


    Hi Joel,

    we have noticed this as well, it appears to be an issue with the 4.7.1
    RRSD driver.
    We are seeing Java errors processing group roles.

    Currently we have an incident open with NTS and there is a remote
    session scheduled for tomorrow.
    Will keep you posted if anything develops.

    /Mark

  • Thanks for the response. I also opened an incident. Microfocus has acknowledged a bug I reported a couple months ago with the GetGroup SOAP service on IDM 4.7.2. I wonder if these are related? Both issues involve eDirectory groups.
  • On 2019-03-20 14:26:01 0000, joelburke said:

    > Thanks for the response. I also opened an incident. Microfocus has
    > acknowledged a bug I reported a couple months ago with the GetGroup SOAP
    > service on IDM 4.7.2. I wonder if these are related? Both issues
    > involve eDirectory groups.


    We are getting Java NullPointerExceptions - sounds like it could
    definitely be related to a bug in the SOAP service if it does not
    return certain information that the driver expects it to.


  • Did anything come out of your remote session?
  • On 2019-03-21 14:04:03 0000, joelburke said:

    > Did anything come out of your remote session?


    Hi Joel,

    yes it is a bug in the 4.7.1 RRSD driver and a patch will be forthcoming.

    The bug is in the handling of <add> events with the Group Membership
    attribute present.

    Cheers,

    Mark