This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
fwitt
fwitt Frequent Contributor.
Frequent Contributor.
‎2019-03-06 14:03
441 views

AD Driver|Publisher search behaves different than subscriber

Hi guys,

has anybody ever come across this behavior:

When I run a search for an existing uPN in the Subscriber Command Transformation i can find an Object in AD. However when i run the same search on the Publisher side it doesnt find any objects.
Publisher:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.compan.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:40:06.112]:RBDOMNew PT:                        Remote Interface Driver: Document sent.
[03/06/19 14:40:06.116]:RBDOMNew :Remote Interface Driver: Received.
[03/06/19 14:40:06.116]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status level="success"/>
  </output>
</nds>


Subscriber:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.company.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:36:15.250]:AD ST:                        Remote Interface Driver: Document sent.
[03/06/19 14:36:15.257]:AD :Remote Interface Driver: Received.
[03/06/19 14:36:15.257]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX-D\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <instance class-name="user" event-id="0" src-dn="CN=xx,OU=Disabled,DC=xx-d,DC=xx-d,DC=net">
      <association>d9ab84429482e04594200a3a0778e9d4</association>
    </instance>
    <query-token event-id="0">S:4</query-token>
    <status event-id="0" level="success"/>
  </output>
</nds>
Labels (1)
0 Likes
Reply
Report Inappropriate Content
6 Replies
al_b
Knowledge Partner
Knowledge Partner
‎2019-03-07 17:25

Re: AD Driver|Publisher search behaves different than subscr

fwitt;2496405 wrote:
Hi guys,

has anybody ever come across this behavior:

When I run a search for an existing uPN in the Subscriber Command Transformation i can find an Object in AD. However when i run the same search on the Publisher side it doesnt find any objects.
Publisher:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.compan.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:40:06.112]:RBDOMNew PT:                        Remote Interface Driver: Document sent.
[03/06/19 14:40:06.116]:RBDOMNew :Remote Interface Driver: Received.
[03/06/19 14:40:06.116]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status level="success"/>
  </output>
</nds>


Subscriber:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.company.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:36:15.250]:AD ST:                        Remote Interface Driver: Document sent.
[03/06/19 14:36:15.257]:AD :Remote Interface Driver: Received.
[03/06/19 14:36:15.257]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX-D\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <instance class-name="user" event-id="0" src-dn="CN=xx,OU=Disabled,DC=xx-d,DC=xx-d,DC=net">
      <association>d9ab84429482e04594200a3a0778e9d4</association>
    </instance>
    <query-token event-id="0">S:4</query-token>
    <status event-id="0" level="success"/>
  </output>
</nds>


Do you have userPrincipalName in eDirectory schema? (no mapping to something else?)

My supicious that you doing query for attribute, that doen't exist in the system.
0 Likes
Reply
Report Inappropriate Content
dgersic
Knowledge Partner
Knowledge Partner
‎2019-03-07 22:34

Re: AD Driver|Publisher search behaves different than subscr

fwitt;2496405 wrote:
Hi guys,

has anybody ever come across this behavior:

When I run a search for an existing uPN in the Subscriber Command Transformation i can find an Object in AD. However when i run the same search on the Publisher side it doesnt find any objects.
Publisher:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.compan.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:40:06.112]:RBDOMNew PT:                        Remote Interface Driver: Document sent.
[03/06/19 14:40:06.116]:RBDOMNew :Remote Interface Driver: Received.
[03/06/19 14:40:06.116]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <status level="success"/>
  </output>
</nds>


Subscriber:

<nds dtdversion="4.0" ndsversion="8.x">
  <source>
    <product edition="Standard" version="4.0.2.7">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <query-ex class-name="user" event-id="0" max-result-count="1" scope="subtree">
      <search-class class-name="user"/>
      <search-attr attr-name="userPrincipalName">
        <value type="string">Testuser.Lastname@upn-d.company.com</value>
      </search-attr>
      <read-attr/>
    </query-ex>
  </input>
</nds>
[03/06/19 14:36:15.250]:AD ST:                        Remote Interface Driver: Document sent.
[03/06/19 14:36:15.257]:AD :Remote Interface Driver: Received.
[03/06/19 14:36:15.257]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
  <source>
    <product asn1id="" build="20171012_120000" instance="\XXX-D\Admin\IDM\Provisioning\AD-D" version="4.0.3.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <output>
    <instance class-name="user" event-id="0" src-dn="CN=xx,OU=Disabled,DC=xx-d,DC=xx-d,DC=net">
      <association>d9ab84429482e04594200a3a0778e9d4</association>
    </instance>
    <query-token event-id="0">S:4</query-token>
    <status event-id="0" level="success"/>
  </output>
</nds>


Can't say that I've tried it. Both searches look right, at least superficially. This is one of the few times when I'd be looking at a remote loader trace to see what it thinks it's doing and what the return was.
0 Likes
Reply
Report Inappropriate Content
fwitt
fwitt Frequent Contributor.
Frequent Contributor.
‎2019-03-08 15:19

Re: AD Driver|Publisher search behaves different than subscr

I have found a work around... When I remove the result count from the search, the publisher channel search works as well.
To me it looks like the publisher thread in the AD shim behaves differently than the subscriber thread...

This does however look like a bug to me.
0 Likes
Reply
Report Inappropriate Content
rrawson
rrawson Honored Contributor.
Honored Contributor.
‎2019-03-11 14:12

Re: AD Driver|Publisher search behaves different than subscr

The behavior of the publisher search is implemented within the IDM engine. The behavior of a subscriber search is implemented in a driver shim. In most cases they should be largely similar, but it's up to the specific capabilities of the connected system to determine which features are implemented, and how they are presented back to IDM. This is not a bug.
0 Likes
Reply
Report Inappropriate Content
Marcus Tornberg
Marcus Tornberg Honored Contributor.
Honored Contributor.
‎2019-03-12 15:50

Re: AD Driver|Publisher search behaves different than subscr

rrawson;2496602 wrote:
The behavior of the publisher search is implemented within the IDM engine. The behavior of a subscriber search is implemented in a driver shim. In most cases they should be largely similar, but it's up to the specific capabilities of the connected system to determine which features are implemented, and how they are presented back to IDM. This is not a bug.


Hi!

I think this post is around doing a query on subscriber to destination (AD) versus doing a query on publisher to source (AD). Thereby both queries are handled by the driver shim.

So I would say it is a bug.

Best regards
Marcus
0 Likes
Reply
Report Inappropriate Content
dgersic
Knowledge Partner
Knowledge Partner
‎2019-03-12 16:54

Re: AD Driver|Publisher search behaves different than subscr

fwitt;2496531 wrote:
I have found a work around... When I remove the result count from the search, the publisher channel search works as well.
To me it looks like the publisher thread in the AD shim behaves differently than the subscriber thread...

This does however look like a bug to me.


That's weird. Thanks for following up. I agree, sounds like a bug. Get an SR open and get it reported.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.