Anonymous_User Absent Member.
Absent Member.
179 views

Active Directory trace log


Hi~
The attachments is the trace log about I reset password from IDM sync to
Active Directory.
I am sure it success about reset password at line 48.
But, why dose the driver publish the modify password event from AD to
IDM after subscriber success?(line 53 - line 120)
Even, the driver publish the user add event from AD to IDM!!(line 121 -
line 296) I can't understand about this data flow...
anybody can help me?
thank you very much.


+----------------------------------------------------------------------+
|Filename: AD_trace_log.txt |
|Download: https://forums.netiq.com/attachment.php?attachmentid=156 |
+----------------------------------------------------------------------+

--
miller_chen
------------------------------------------------------------------------
miller_chen's Profile: https://forums.netiq.com/member.php?userid=4567
View this thread: https://forums.netiq.com/showthread.php?t=50315

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Active Directory trace log

Without looking at the trace (I know, what kind of person am I?) the
reason that events are picked up on the publisher channel depends on the
type of event.

1. The application (microsoft active directory (MAD)) has no way to
determine if an event came from the driver or from a regular
administrator. As a result, all regular (non-password) events that match
the driver filter on the Publisher channel are picked up, looped back, and
then eventually dealt-with by the IDM engine which then does NOT loopback
(unless you configure it to) because unlike MAD it can tell that an event
came from itself to avoid sending it back to the application.

2. Passwords are basically the same; password changes hit the filter and
the filter has no idea at all what sent it, and as a result the filter
sends the password change event back to the engine.

Neither of these usually matter much in a negative way. The engine is
smart enough to optimize out non-changes, and even if it does not nothing
will usually change when the engine gets back the same value that it sent
to the application.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.