Knowledge Partner
Knowledge Partner
1104 views

IDM no longer supports migrate by setting association state to 3?

Hello,

For as long as I remember I have been able to resync objects by setting
the association state to 3 or 4.

For example if the state was 4 you could change it to 3 and if it was 3
you could change it to 4 to trigger a sync.

It looks like that no longer works with IDM 4.5.3, can somebody test and
confirm my findings?

I get this in the driver trace when setting the state to 3:

[02/04/16 15:35:19.775]:Generic Null ST:Start transaction.
[02/04/16 15:35:19.776]:Generic Null ST:Discarding transaction because
of disabled association or optimization.

Funny thing is that iManager with the latest plugins changes the state
to 3 if it is 4 when doing a migrate.
NetIQ Identity Manager 10.7.20160113 NetIQ Identity Manager Plug-ins for
IDM 4.5.3.0

Thanks.
Labels (1)
0 Likes
12 Replies
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?

More info.

eDirectory is 20808.02
OS is SLES 12 SP1.
dxcmd reports 4.5.3.0

On 2016-02-04 15:40, alekz wrote:
> Hello,
>
> For as long as I remember I have been able to resync objects by setting
> the association state to 3 or 4.
>
> For example if the state was 4 you could change it to 3 and if it was 3
> you could change it to 4 to trigger a sync.
>
> It looks like that no longer works with IDM 4.5.3, can somebody test and
> confirm my findings?
>
> I get this in the driver trace when setting the state to 3:
>
> [02/04/16 15:35:19.775]:Generic Null ST:Start transaction.
> [02/04/16 15:35:19.776]:Generic Null ST:Discarding transaction because
> of disabled association or optimization.
>
> Funny thing is that iManager with the latest plugins changes the state
> to 3 if it is 4 when doing a migrate.
> NetIQ Identity Manager 10.7.20160113 NetIQ Identity Manager Plug-ins for
> IDM 4.5.3.0
>
> Thanks.
>

0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?


Does it work if you turn off the optimization in the filter?

Sounds like it is over-optimizing.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=55308

0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to3?

On Thu, 04 Feb 2016 14:40:41 +0000, alekz wrote:

> Hello,
>
> For as long as I remember I have been able to resync objects by setting
> the association state to 3 or 4.
>
> For example if the state was 4 you could change it to 3 and if it was 3
> you could change it to 4 to trigger a sync.


I don't recall off hand what '3' means. '4' definitely means 'migrate'.


> It looks like that no longer works with IDM 4.5.3, can somebody test and
> confirm my findings?
>
> I get this in the driver trace when setting the state to 3:
>
> [02/04/16 15:35:19.775]:Generic Null ST:Start transaction. [02/04/16
> 15:35:19.776]:Generic Null ST:Discarding transaction because of disabled
> association or optimization.
>
> Funny thing is that iManager with the latest plugins changes the state
> to 3 if it is 4 when doing a migrate. NetIQ Identity Manager
> 10.7.20160113 NetIQ Identity Manager Plug-ins for IDM 4.5.3.0


You don't already have an associated ('1') dirxml-associations for this
driver, do you?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?

On 02/04/2016 10:30 AM, David Gersic wrote:
> On Thu, 04 Feb 2016 14:40:41 +0000, alekz wrote:
>
>> Hello,
>>
>> For as long as I remember I have been able to resync objects by setting
>> the association state to 3 or 4.
>>
>> For example if the state was 4 you could change it to 3 and if it was 3
>> you could change it to 4 to trigger a sync.

>
> I don't recall off hand what '3' means. '4' definitely means 'migrate'.


Manual. It is (or was?) used interchangeably with Migrate, and I think
the IDM plugins even used it so a migrate after a failed migrate would
still work (changing 4 to 4 doesn't count as an event, but 4 to 3 or 3 to
4 does).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?

Exactly ab.

On 2016-02-04 19:08, ab wrote:
> On 02/04/2016 10:30 AM, David Gersic wrote:
>> On Thu, 04 Feb 2016 14:40:41 +0000, alekz wrote:
>>
>>> Hello,
>>>
>>> For as long as I remember I have been able to resync objects by setting
>>> the association state to 3 or 4.
>>>
>>> For example if the state was 4 you could change it to 3 and if it was 3
>>> you could change it to 4 to trigger a sync.

>>
>> I don't recall off hand what '3' means. '4' definitely means 'migrate'.

>
> Manual. It is (or was?) used interchangeably with Migrate, and I think
> the IDM plugins even used it so a migrate after a failed migrate would
> still work (changing 4 to 4 doesn't count as an event, but 4 to 3 or 3 to
> 4 does).
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: IDM no longer supports migrate by setting association state to 3?

alekz wrote:

> Exactly ab.
>


I usually go 4 to 0 and then back to 4 (two step dance) rather than
fiddle about with 3.
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to3?

On Fri, 05 Feb 2016 09:02:54 +0000, Alex McHugh wrote:

> alekz wrote:
>
>> Exactly ab.
>>
>>

> I usually go 4 to 0 and then back to 4 (two step dance) rather than
> fiddle about with 3.


I just delete the '4', then put it back again.



--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: IDM no longer supports migrate by setting association state to 3?

David Gersic wrote:

> On Thu, 04 Feb 2016 14:40:41 +0000, alekz wrote:
>
> > Hello,
> >
> > For as long as I remember I have been able to resync objects by
> > setting the association state to 3 or 4.
> >
> > For example if the state was 4 you could change it to 3 and if it
> > was 3 you could change it to 4 to trigger a sync.

>
> I don't recall off hand what '3' means. '4' definitely means
> 'migrate'.


3 means "Manual" associated it seems to behave like 1 "Processed" in
most contexts.

I've not determined the rhyme and reason for when the engine uses 3
instead of 1. This might have changed also at some point.

My best guess is for an implicit association on successful migration
where you haven't generated an add-association operation or used the
do-add-association token.
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?


As alekz wrote the migrate process goes between 3 and 4 if the previous
migrate was not successful.

If 3 is ignored this is a major problem.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=55308

0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?

joakim ganse wrote:

> If 3 is ignored this is a major problem.


And it seems to be ignored, at least in 4.5.3. Here's a trace of what happens
if an object with DirXML-Associations=<driverdn>#4# (as seen through LDAP) is
migrated with iManager:

[02/13/16 14:47:32.376]:Driver ST:Start transaction.
[02/13/16 14:47:32.376]:Driver ST:Discarding transaction because of disabled
association or optimization.

LDAP now shows DirXML-Associations=<driverdn>#3#

Only when I hit the "Migrate" button another time a sync event is generated as
expected:

[02/13/16 14:51:04.416]:Driver ST:Start transaction.
[02/13/16 14:51:04.416]:Driver ST:Processing events for transaction.
[02/13/16 14:51:04.417]:Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<sync cached-time="20160213135104.414Z" class-name="User" event-id="..."
qualified-src-dn="..." src-dn="..." src-entry-id="37046" timestamp="0#0">
<association state="migrate"></association>
</sync>
</input>
</nds>

LDAP now shows DirXML-Associations=<driverdn>#4#

(the driver did not find a match nor was it allowed to create an object in the
application)

I opened https://bugzilla.netiq.com/show_bug.cgi?id=966611 about this issue.

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM no longer supports migrate by setting association state to 3?

I have a SR open but so far they have not been able to reproduce.
I get this with 4.5.2.1 and 4.5.3.0 on x86_64 Linux.


On 2016-02-13 15:15, Lothar Haeger wrote:
> joakim ganse wrote:
>
>> If 3 is ignored this is a major problem.

>
> And it seems to be ignored, at least in 4.5.3. Here's a trace of what happens
> if an object with DirXML-Associations=<driverdn>#4# (as seen through LDAP) is
> migrated with iManager:
>
> [02/13/16 14:47:32.376]:Driver ST:Start transaction.
> [02/13/16 14:47:32.376]:Driver ST:Discarding transaction because of disabled
> association or optimization.
>
> LDAP now shows DirXML-Associations=<driverdn>#3#
>
> Only when I hit the "Migrate" button another time a sync event is generated as
> expected:
>
> [02/13/16 14:51:04.416]:Driver ST:Start transaction.
> [02/13/16 14:51:04.416]:Driver ST:Processing events for transaction.
> [02/13/16 14:51:04.417]:Driver ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.5.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <sync cached-time="20160213135104.414Z" class-name="User" event-id="..."
> qualified-src-dn="..." src-dn="..." src-entry-id="37046" timestamp="0#0">
> <association state="migrate"></association>
> </sync>
> </input>
> </nds>
>
> LDAP now shows DirXML-Associations=<driverdn>#4#
>
> (the driver did not find a match nor was it allowed to create an object in the
> application)
>
> I opened https://bugzilla.netiq.com/show_bug.cgi?id=966611 about this issue.
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: IDM no longer supports migrate by setting association state to 3?

Hi Alekz,

I can reproduce this on my 4.5.3 Linux installation - state 3 is discarded.

It seems to be causing my driver(s) to miss out on some objects during
a migrate (because they already had state 4).

/Mark



On 2016-02-15 11:41:36 +0000, alekz said:

> I have a SR open but so far they have not been able to reproduce.
> I get this with 4.5.2.1 and 4.5.3.0 on x86_64 Linux.
>
>
> On 2016-02-13 15:15, Lothar Haeger wrote:
>> joakim ganse wrote:
>>
>>> If 3 is ignored this is a major problem.

>>
>> And it seems to be ignored, at least in 4.5.3. Here's a trace of what happens
>> if an object with DirXML-Associations=<driverdn>#4# (as seen through LDAP) is
>> migrated with iManager:
>>
>> [02/13/16 14:47:32.376]:Driver ST:Start transaction.
>> [02/13/16 14:47:32.376]:Driver ST:Discarding transaction because of disabled
>> association or optimization.
>>
>> LDAP now shows DirXML-Associations=<driverdn>#3#
>>
>> Only when I hit the "Migrate" button another time a sync event is generated as
>> expected:
>>
>> [02/13/16 14:51:04.416]:Driver ST:Start transaction.
>> [02/13/16 14:51:04.416]:Driver ST:Processing events for transaction.
>> [02/13/16 14:51:04.417]:Driver ST:
>> <nds dtdversion="4.0" ndsversion="8.x">
>> <source>
>> <product edition="Advanced" version="4.5.3.0">DirXML</product>
>> <contact>NetIQ Corporation</contact>
>> </source>
>> <input>
>> <sync cached-time="20160213135104.414Z" class-name="User" event-id="..."
>> qualified-src-dn="..." src-dn="..." src-entry-id="37046" timestamp="0#0">
>> <association state="migrate"></association>
>> </sync>
>> </input>
>> </nds>
>>
>> LDAP now shows DirXML-Associations=<driverdn>#4#
>>
>> (the driver did not find a match nor was it allowed to create an object in the
>> application)
>>
>> I opened https://bugzilla.netiq.com/show_bug.cgi?id=966611 about this issue.



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.