Knowledge Partner
Knowledge Partner
229 views

Adding an Aux class in a ADAM/LDS driver?

We are trying to add a user in ADAM/LDS. When it is just an effective
class (not User/inetOrgperson) it works fine. But if we need to add
attrs that are in Aux classes, it looks like the way the <add> event
gets structured,

<add-attr attr-name="objectClass">
<value type="string">eduPerson</value>
</add-attr>
<add-attr attr-name="objectClass">
<value type="string">newPilotPerson</value>
</add-attr>

Seems like it is not adding a second value, rather it is overwriting
each time. So we always get an object class violation.

Tried reformatting the XML to look more like:

<add-attr attr-name="objectClass">
<value type="string">eduPerson</value>
<value type="string">newPilotPerson</value>
</add-attr>

But you can't, since the shim adds the @class-name as an add-value of
object class as the first attribute in the event. And it happens in the
shim, so you cannot apply policy to try and fix it.

Is it possible to add a user in LDS/ADAM and Aux classes and attrs from
the aux classes in the same event?

This is surprising behavior, and not what we expected, but seems to be
what is happening. Does not seem to happen in the AD Driver in my
experience.

IDM 4.5.02 with latest AD shim.
Labels (1)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

Geoffrey Carman wrote:

>
> Is it possible to add a user in LDS/ADAM and Aux classes and attrs from the aux classes in the same event?


Does it work if you add as a regular user and then do all the aux stuff on a modify?
I've done some ugly hacks in the past to get around stuff like this.

> This is surprising behavior, and not what we expected, but seems to be what is happening. Does not seem to happen in the AD Driver in my experience.


I agree, quite surprising, almost seems like a bug (at least in part)
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

On 5/12/2015 4:35 PM, Alex McHugh wrote:
> Geoffrey Carman wrote:
>
>>
>> Is it possible to add a user in LDS/ADAM and Aux classes and attrs from the aux classes in the same event?

>
> Does it work if you add as a regular user and then do all the aux stuff on a modify?
> I've done some ugly hacks in the past to get around stuff like this.


That is the plan I am voting for. Wondering if anyone else has tried it
with this shim this way before. Or if anyone knows that this is a
specific issue.

>> This is surprising behavior, and not what we expected, but seems to be what is happening. Does not seem to happen in the AD Driver in my experience.

>
> I agree, quite surprising, almost seems like a bug (at least in part)


It does. Not quite there yet, still trying to understand it.



0 Likes
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
> On 5/12/2015 4:35 PM, Alex McHugh wrote:
>> Geoffrey Carman wrote:
>>
>>>
>>> Is it possible to add a user in LDS/ADAM and Aux classes and attrs from
>>> the aux classes in the same event?

>>
>> Does it work if you add as a regular user and then do all the aux stuff on a modify?
>> I've done some ugly hacks in the past to get around stuff like this.

>
> That is the plan I am voting for. Wondering if anyone else has tried it
> with this shim this way before. Or if anyone knows that this is a specific issue.
>


Never worked with this driver before. Sorry.
Always assumed it was very similar to AD shim.


--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

On 5/13/2015 3:47 AM, Alex McHugh wrote:
> Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
>> On 5/12/2015 4:35 PM, Alex McHugh wrote:
>>> Geoffrey Carman wrote:
>>>
>>>>
>>>> Is it possible to add a user in LDS/ADAM and Aux classes and attrs from
>>>> the aux classes in the same event?
>>>
>>> Does it work if you add as a regular user and then do all the aux stuff on a modify?
>>> I've done some ugly hacks in the past to get around stuff like this.

>>
>> That is the plan I am voting for. Wondering if anyone else has tried it
>> with this shim this way before. Or if anyone knows that this is a specific issue.
>>

>
> Never worked with this driver before. Sorry.
> Always assumed it was very similar to AD shim.


It actually IS the AD Shim.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

Geoffrey Carman wrote:

> It actually IS the AD Shim.


So it is just different policies and driver properties that makes it ADAM/LDS??

Then again - I've never had to add object classes on add to the standard object class for the AD driver.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
TE Super Contributor.
Super Contributor.

Re: Adding an Aux class in a ADAM/LDS driver?


alexmchugh;257087 Wrote:
> Geoffrey Carman wrote:
>
> > It actually IS the AD Shim.

>
> So it is just different policies and driver properties that makes it
> ADAM/LDS??
>
> Then again - I've never had to add object classes on add to the standard
> object class for the AD driver.


That is one of those "who, in their right mind, would do that in AD"
sort of things. I never have either. But ADAM/LDS is "supposed" to be
more of a generic LDAP Directory. I wrote a work-around for this issue,
where the objectClass values and aux class attributes are added using a
when=after setting. The driver code appears to be a much older version
of the AD Driver, as there are no packages involved, just the old
fashioned XML import. Not sure if the disconnect is the NetIQ shim not
doing something different it should be doing for ADAM/LDS, or if
Microsoft still does not understand LDAP.


--
tse7147
------------------------------------------------------------------------
tse7147's Profile: https://forums.netiq.com/member.php?userid=466
View this thread: https://forums.netiq.com/showthread.php?t=53472

0 Likes
Knowledge Partner
Knowledge Partner

Re: Adding an Aux class in a ADAM/LDS driver?

tse7147 wrote:

> where the objectClass values and aux class attributes are added using a
> when=after setting


I prefer to tag with operation data and then act on the add-association as this is more reliable when the add fails.
However your approach works also.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.