Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
144 views

AD DirXML-Association with 42 caracters instead of 32


Hi,

Just did some research on my side to see if anyone could have seen this
kind of issue and did not find anything, so here is my "special'
case...

I have IDM 4.0.2 with two AD drivers (both 4.0.2) running on SLES 11.
Did a schema extension to be able to manage the ADContext and ADliasName
attributes for both drivers.
Everything is working as expected and getting synchronized.
The AD environment is setup up with a trust relationship (One forest is
win2k3 and the other 2k8)

Now, the issue I have is that from time to time I have user that get's
associated with an objectGUID that just doesn't make sens like the
following exemple: 24f6d6cf17a565408975cfa6424c7fc74294967294
where the association should be 24f6d6cf17a565408975cfa6424c7fc7
instead.

I am trying to find out how and why, so I did increase the log level on
both drivers and I am waiting for something to show-up to see what is
going on, but I thought it would be fun to see if it happen to anyone
else.

I will post the trace (event log) as soon as I have one 🙂

Thanks !


--
bic9286
------------------------------------------------------------------------
bic9286's Profile: https://forums.netiq.com/member.php?userid=1334
View this thread: https://forums.netiq.com/showthread.php?t=49964

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: AD DirXML-Association with 42 caracters instead of 32

Those last character, 4294967294, are quite close to the max of a 32-bit
unsigned integer. That, I would bet, is a clue, though it does not tell
me exactly what is up without more info.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: AD DirXML-Association with 42 caracters instead of 32

> I have IDM 4.0.2 with two AD drivers (both 4.0.2) running on SLES 11.
> Did a schema extension to be able to manage the ADContext and ADliasName
> attributes for both drivers.


So you made your custom acmeDirXML-ADContext1 and acmeDirXML-ADContext2
attributes in schema you mean?

> Everything is working as expected and getting synchronized.
> The AD environment is setup up with a trust relationship (One forest is
> win2k3 and the other 2k8)
>
> Now, the issue I have is that from time to time I have user that get's
> associated with an objectGUID that just doesn't make sens like the
> following exemple: 24f6d6cf17a565408975cfa6424c7fc74294967294
> where the association should be 24f6d6cf17a565408975cfa6424c7fc7
> instead.


As Aaron notes, the extra chars look a lot like a 32 bit int's max.
When I see two values strung together like that, I assume that a
Structured attribute was treated as a string, (Recall Facsimile
Telephone Number, getting an extra 0. If you do not understand that,
you should go check your tree to ensure you handle this correctly and why).

Trace would be interesting to see.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.