Merge on associated ADD, no command transform processing?

I have a generic text driver that always produces ADD events, if the object
already exists and is associated in Edir, a merge happens but unlike a merge
after matching or from a sync event, publisher command transforms are not
processed:

[02/25/16 14:03:59.143]:TextDriver PT:Policy returned:
[02/25/16 14:03:59.148]:TextDriver PT:
<nds dtdversion="3.0">
<source>
<product build="2014-11-06 19:23" instance="TextDriver"
version="0.9RC1">Generic File Driver</product>
<contact>VanCauwenberge.info</contact>
</source>
<input>
<add class-name="User" event-id="gfd-pub-236" src-dn="User#AA08">
<association>User#AA08</association>
<add-attr attr-name="recordNumber">
<value>1</value>
</add-attr>
<add-attr attr-name="username">
<value>AA08</value>
</add-attr>
<add-attr attr-name="isLastRecord">
<value>false</value>
</add-attr>
<add-attr attr-name="locked">
<value>1</value>
</add-attr>
</add>
</input>
</nds>
[02/25/16 14:03:59.149]:TextDriver PT:Applying schema mapping policies to input.
[02/25/16 14:03:59.149]:TextDriver PT:Applying policy:
% CCSM-300-TextDriver (Schema Mapping)%-C.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping class-name 'User' to 'User'.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'username' to
'auxUsername'.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'locked' to
'auxLocked'.
[02/25/16 14:03:59.149]:TextDriver PT:Resolving association references.
[02/25/16 14:03:59.149]:TextDriver PT:No event transformation policies.
[02/25/16 14:03:59.164]:TextDriver PT:Applying publisher filter.
[02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
attr-name='recordNumber'>.
[02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
attr-name='isLastRecord'>.
[02/25/16 14:03:59.164]:TextDriver PT:Publisher processing add for User#AA08.
[02/25/16 14:03:59.164]:TextDriver PT:Found an associated object.
[02/25/16 14:03:59.164]:TextDriver PT:Merging eDirectory and application values.
[02/25/16 14:03:59.164]:TextDriver PT:
DirXML Log Event -------------------
Driver: \TC\services\idm\driverset\TextDriver
Channel: Publisher
Object: User#AA08 (data\User\AA08)
Status: Success

I would have expected a modify to be generated and command transform to be
applied to it before writing to Edir, actually. Never noticed this behaviour
before, bug or feature?

--
http://www.is4it.de/en/solution/identity-access-management/
  • Are the attribute values the same in both the <add> and in the IDV?
    What are the merge settings for the auxLocked attribute in the filter?

    My observation is that it will never enter command transformation unless
    it needs to, i.e at least one attribute value has changed.

    Another interesting thing is that if you set an attribute to "Optimize
    Modify=FALSE" to force it to go the command transformation then that
    setting is respected during normal operations but not when doing a
    match/merge, at least that is what I have noticed since 3.5

    On 2016-02-25 15:05, Lothar Haeger wrote:
    > I have a generic text driver that always produces ADD events, if the object
    > already exists and is associated in Edir, a merge happens but unlike a merge
    > after matching or from a sync event, publisher command transforms are not
    > processed:
    >
    > [02/25/16 14:03:59.143]:TextDriver PT:Policy returned:
    > [02/25/16 14:03:59.148]:TextDriver PT:
    > <nds dtdversion="3.0">
    > <source>
    > <product build="2014-11-06 19:23" instance="TextDriver"
    > version="0.9RC1">Generic File Driver</product>
    > <contact>VanCauwenberge.info</contact>
    > </source>
    > <input>
    > <add class-name="User" event-id="gfd-pub-236" src-dn="User#AA08">
    > <association>User#AA08</association>
    > <add-attr attr-name="recordNumber">
    > <value>1</value>
    > </add-attr>
    > <add-attr attr-name="username">
    > <value>AA08</value>
    > </add-attr>
    > <add-attr attr-name="isLastRecord">
    > <value>false</value>
    > </add-attr>
    > <add-attr attr-name="locked">
    > <value>1</value>
    > </add-attr>
    > </add>
    > </input>
    > </nds>
    > [02/25/16 14:03:59.149]:TextDriver PT:Applying schema mapping policies to input.
    > [02/25/16 14:03:59.149]:TextDriver PT:Applying policy:
    > % CCSM-300-TextDriver (Schema Mapping)%-C.
    > [02/25/16 14:03:59.149]:TextDriver PT: Mapping class-name 'User' to 'User'.
    > [02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'username' to
    > 'auxUsername'.
    > [02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'locked' to
    > 'auxLocked'.
    > [02/25/16 14:03:59.149]:TextDriver PT:Resolving association references.
    > [02/25/16 14:03:59.149]:TextDriver PT:No event transformation policies.
    > [02/25/16 14:03:59.164]:TextDriver PT:Applying publisher filter.
    > [02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
    > attr-name='recordNumber'>.
    > [02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
    > attr-name='isLastRecord'>.
    > [02/25/16 14:03:59.164]:TextDriver PT:Publisher processing add for User#AA08.
    > [02/25/16 14:03:59.164]:TextDriver PT:Found an associated object.
    > [02/25/16 14:03:59.164]:TextDriver PT:Merging eDirectory and application values.
    > [02/25/16 14:03:59.164]:TextDriver PT:
    > DirXML Log Event -------------------
    > Driver: \TC\services\idm\driverset\TextDriver
    > Channel: Publisher
    > Object: User#AA08 (data\User\AA08)
    > Status: Success
    >
    > I would have expected a modify to be generated and command transform to be
    > applied to it before writing to Edir, actually. Never noticed this behaviour
    > before, bug or feature?
    >

  • alekz wrote:

    > Are the attribute values the same in both the <add> and in the IDV?
    > What are the merge settings for the auxLocked attribute in the filter?
    >
    > My observation is that it will never enter command transformation
    > unless it needs to, i.e at least one attribute value has changed.


    I generally include a fake "notify-only" attribute that is
    authoratitive to the app to ensure that pub command transform is
    entered on merge regardless.

    > Another interesting thing is that if you set an attribute to "Optimize
    > Modify=FALSE" to force it to go the command transformation then that
    > setting is respected during normal operations but not when doing a
    > match/merge, at least that is what I have noticed since 3.5


    Yes that changed at some point, thought it was more recent than 3.5
    though.
  • Alex McHugh wrote:

    > > Are the attribute values the same in both the <add> and in the IDV?
    > > What are the merge settings for the auxLocked attribute in the filter?


    I expected values to be different, but only got the trace back from the
    customer, so I cannot be sure. Merge was set to None, so that might have led to
    IDM dropping the event after all. Anyway, since it's associated, merge should
    not kick in in the first place but a synthetic modify should be created and
    processed by command transforms.

    > > My observation is that it will never enter command transformation
    > > unless it needs to, i.e at least one attribute value has changed.


    That may have been the case here, waiting to see if it's reproducible...

    > I generally include a fake "notify-only" attribute that is
    > authoratitive to the app to ensure that pub command transform is
    > entered on merge regardless.


    Will have to do this here, too, I guess....

    --
    http://www.is4it.de/en/solution/identity-access-management/
  • alekz wrote:

    > Another interesting thing is that if you set an attribute to "Optimize
    > Modify=FALSE" to force it to go the command transformation then that
    > setting is respected during normal operations but not when doing a
    > match/merge, at least that is what I have noticed since 3.5


    Now that you mention it, I even opened a bug about that behavior back in 2012.
    I'm getting old...

    --
    http://www.is4it.de/en/solution/identity-access-management/