• Moving the EBA CA Role to a new server

    I have an eDirectory tree (IDM 4.8.4 with eDirectory 9.2.5) with EBA enabled. I've added new servers to the replica and am now looking into how to move the EBA CA role to decommission the old server. I've enabled EBA on the new servers, but haven't found…
  • How I can query attribute value from policy (Text Driver) to validate parent and child relationship

    I need to validate that an object (parent) exist in the eDir before create a new child object. Example: I create the parent, manually from Identity Console / Object Management. Parent Object: CN: 00001 Name: unit 1 ParentID: 0000 The…
  • -669 Error in ndsrepair

    When I run ndsrepair -E, I'm seeing multiple -699 Remote Errors. A total of 75 errors Running a trace on iMonitor Sync failed to communicate with server xxxxxxxxxxx , error failed authentication (-669). This has caused Stuck Obits on the servers…
  • User CN provisioned with underscore ie cn=1_5,ou=users

    We have experienced an issue in the last two weeks that we have never seen before a user is provisioned with two CN identifiers for example a user is created and the CN is 1_5 and also JDOE. This is causing issues with office 365. This behavior is new…
  • Implementing SSO to user app using AD Kerberos

    Hi All, I need some suggestions or help to implement the SSO to userapp using AD Kerberos. Current Scenario: SSO implemented to the userapp using OSP with Kerberos. OSP contacts for vault for the authorization. So, IDM act as IDP. Due to some remote…
  • Schema: Change syntax of existing attribute

    Hi! At some customer we store XML blob in an attribute. XML blob was small (few kb in size), so at that time attribute was defined as CI String (Single valued). Of course, by Murphy's law, that XML blob increased so much in size that we need to…
  • eDirectory 9.2.7 syncing with eDirectory 9.2.6

    We are testing upgrading to 9.2.7 and IDM 4.8.6. Our current server structure is RHEL 7 and MF says it needs to be RHEL8, so we're looking at a migration to new servers. We have two dev servers up and running with IMD 4.8.6 and eDir 9.2.7. The issue is…
  • Adding object in eDir using a query to REST EndPoint

    Hello, community! I'm working in a Rest Driver application that I have to fetch data from there twice a day. I've created a scheduled job to run an fetch the data. It's working fine and I'm able to retrieve users information that I need. I have created…
  • Deploying password from Designer for the Default Notification Collection doesn't work

    Hi, I have environment with eDirectory 9.2.7 and IDM 4.8.6 on Windows Server 2019. I can't deploy the password for the Default Notification Collection for authenticating the user to the SMTP server. I get the following error message from the Deployment…
  • Creating Objects in eDirectory in Newly Generated Container (Organization)

    I want to create objects in Organization class in eDirectory. For this, I have an mssql database in which I am storing values in Org table: I have defined a new container under TREE_NAME\data called Organizations: And in my placement policy I…
  • additional LDAP attribute mapping after IDM installation / update

    Hi, on a few (like 1 of 25) installations we have additional LDAP attribute mapping in eDirectory after IDM installation. The mappings are like "<word> <word>" (space between words) to "<word>-<word>" (dash between words) e.g.: "Given Name" to "Given…
  • stuck obit

    I have this stuck obits that cannot be processed. normally when we have Obits, we just make sure that all servers are in sync and All servers in the Tree are reachable, up and running, That normally works. I went though documentation and some TID, but…
  • Error while creating a new SAP Driver

    Hello, team. I'm creating a new SAP User driver(the first one) and I'm having the below error. </persistent-data> [08/17/22 17:24:02.509]:SAPECC :Found subscriber system\driverset\SAP-ECC\Subscriber. [08/17/22 17:24:02.522]:SAPECC :Found publisher…
  • IDM upgrade 4.7.2 to 4.8.3

    I have 2 servers for eDirectory. How can I plan to upgrade the servers with minimal disruption? Currently the driver set is running on primary server. Below is my approach: Upgrade the secondary server, copy the driver set from the primary server…
  • Remove Resources from User

    Hello, team. I have some resources created to grant a group entitlement to users. This entitlement will add the user to a AD group. I'm trying to remove users resources but I am getting a DAL error. It works when I do a "Clear Source Attribute"…
  • Need to append +91 in mobile number when it writes to Google Apps driver

    I have a Google Apps driver integrated with NetIQ IDM. I need +91 should be appended in the mobile field in the GSuite when it takes the value of Telephone number from eDirectory. Can someone help me with the output transformation policy here…
  • iMan 3.2.6.200 - Malformed Request on Other tab for custom attribute

    iMan 3.26 on a freshly installed IDM 4.8.5 server. Windows 2019 Was happening at 3.26 and patched to 3.26.200 and it got a bit worse. There was one, now after the .200 patch two attributes, that are basic Case Ignore strings, added to the User class…
  • Error installing edirectory

    Hi everyone I am installing eDirectory version 9.2.0 (From IDM 48 ISO), on an RHLE 8.5 server. When running the installer, I get the following error, after accept licence:: Reviewing the installer code I found the code snippet where the displayed…
  • Containerized Change-Log Module for eDirectory

    Hi, We're implementing containerized IDM and would also like to install a Change-Log Module in a container. Assuming we utilize the the images provided by Micro Focus, what would be the best way to add the change log module? Since the module exists…
  • Bi-directional eDirectory driver - Password sync failed on subscriber

    Hi Experts, I'm using the bi-directional eDirectory driver where I'm syncing the password from source to destination.. I'm getting the below error.. [10/14/21 13:13:54.068]:eDir3.log : LThe driver detected that the LDAP server supports the password…
  • Loopback Driver Not Writing data to eDir after ETP

    Attributes that are set in the ETP are not being written to eDIR. I can see in the trace, below, where the attributes are set, and the log says that the data is being merged into eDir... but the attributes are blank when I look at the ID (using apache…
  • IDM to AD drivers : User creation fail cause they are homonyms and CN and DN are the same in AD

    We are fine tunning ou IDM Active Directory driver and we just notice a serious problem. Our HR db is linked with an MSSQL IDM driver and with script we are validating before user creation that another user does't have the same loginname or cn in the…
  • Change on ACL made impossible to Grant or Edit Roles

    Hello, everyone. While doing some ACL configurations, we have changed by mistake the ACLs for RoleDefs( cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driverset,o=system) to the below ones: 1#subtree#cn=admin,ou=sa,o=system#[Entry…
  • Can I assign rights so a User can create a group, but not create it with or add members later (eDir REST API)

    Hello We want to let third parties create groups in our eDirectory, but we want to block them from adding members to the groups and prevent them from creating groups with members directly via eDir rest api. I am trying to configure a set of rights…
  • eDirectory driver fails to start Code(-9046) Invalid password

    I have a test environment where I have started seeing strange behaviour in an eDirectory to eDirectory driver. When I try to start my vault end of the driver I get a fatal error and the driver stops. The trace error is Message: Code(-9005) The driver…