Highlighted
Knowledge Partner
Knowledge Partner
531 views

Merge on associated ADD, no command transform processing?

I have a generic text driver that always produces ADD events, if the object
already exists and is associated in Edir, a merge happens but unlike a merge
after matching or from a sync event, publisher command transforms are not
processed:

[02/25/16 14:03:59.143]:TextDriver PT:Policy returned:
[02/25/16 14:03:59.148]:TextDriver PT:
<nds dtdversion="3.0">
<source>
<product build="2014-11-06 19:23" instance="TextDriver"
version="0.9RC1">Generic File Driver</product>
<contact>VanCauwenberge.info</contact>
</source>
<input>
<add class-name="User" event-id="gfd-pub-236" src-dn="User#AA08">
<association>User#AA08</association>
<add-attr attr-name="recordNumber">
<value>1</value>
</add-attr>
<add-attr attr-name="username">
<value>AA08</value>
</add-attr>
<add-attr attr-name="isLastRecord">
<value>false</value>
</add-attr>
<add-attr attr-name="locked">
<value>1</value>
</add-attr>
</add>
</input>
</nds>
[02/25/16 14:03:59.149]:TextDriver PT:Applying schema mapping policies to input.
[02/25/16 14:03:59.149]:TextDriver PT:Applying policy:
%+C%14CSM-300-TextDriver+%28Schema+Mapping%29%-C.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping class-name 'User' to 'User'.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'username' to
'auxUsername'.
[02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'locked' to
'auxLocked'.
[02/25/16 14:03:59.149]:TextDriver PT:Resolving association references.
[02/25/16 14:03:59.149]:TextDriver PT:No event transformation policies.
[02/25/16 14:03:59.164]:TextDriver PT:Applying publisher filter.
[02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
attr-name='recordNumber'>.
[02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
attr-name='isLastRecord'>.
[02/25/16 14:03:59.164]:TextDriver PT:Publisher processing add for User#AA08.
[02/25/16 14:03:59.164]:TextDriver PT:Found an associated object.
[02/25/16 14:03:59.164]:TextDriver PT:Merging eDirectory and application values.
[02/25/16 14:03:59.164]:TextDriver PT:
DirXML Log Event -------------------
Driver: \TC\services\idm\driverset\TextDriver
Channel: Publisher
Object: User#AA08 (data\User\AA08)
Status: Success

I would have expected a modify to be generated and command transform to be
applied to it before writing to Edir, actually. Never noticed this behaviour
before, bug or feature?

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
Labels (1)
4 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Merge on associated ADD, no command transform processing?

Are the attribute values the same in both the <add> and in the IDV?
What are the merge settings for the auxLocked attribute in the filter?

My observation is that it will never enter command transformation unless
it needs to, i.e at least one attribute value has changed.

Another interesting thing is that if you set an attribute to "Optimize
Modify=FALSE" to force it to go the command transformation then that
setting is respected during normal operations but not when doing a
match/merge, at least that is what I have noticed since 3.5

On 2016-02-25 15:05, Lothar Haeger wrote:
> I have a generic text driver that always produces ADD events, if the object
> already exists and is associated in Edir, a merge happens but unlike a merge
> after matching or from a sync event, publisher command transforms are not
> processed:
>
> [02/25/16 14:03:59.143]:TextDriver PT:Policy returned:
> [02/25/16 14:03:59.148]:TextDriver PT:
> <nds dtdversion="3.0">
> <source>
> <product build="2014-11-06 19:23" instance="TextDriver"
> version="0.9RC1">Generic File Driver</product>
> <contact>VanCauwenberge.info</contact>
> </source>
> <input>
> <add class-name="User" event-id="gfd-pub-236" src-dn="User#AA08">
> <association>User#AA08</association>
> <add-attr attr-name="recordNumber">
> <value>1</value>
> </add-attr>
> <add-attr attr-name="username">
> <value>AA08</value>
> </add-attr>
> <add-attr attr-name="isLastRecord">
> <value>false</value>
> </add-attr>
> <add-attr attr-name="locked">
> <value>1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [02/25/16 14:03:59.149]:TextDriver PT:Applying schema mapping policies to input.
> [02/25/16 14:03:59.149]:TextDriver PT:Applying policy:
> %+C%14CSM-300-TextDriver+%28Schema+Mapping%29%-C.
> [02/25/16 14:03:59.149]:TextDriver PT: Mapping class-name 'User' to 'User'.
> [02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'username' to
> 'auxUsername'.
> [02/25/16 14:03:59.149]:TextDriver PT: Mapping attr-name 'locked' to
> 'auxLocked'.
> [02/25/16 14:03:59.149]:TextDriver PT:Resolving association references.
> [02/25/16 14:03:59.149]:TextDriver PT:No event transformation policies.
> [02/25/16 14:03:59.164]:TextDriver PT:Applying publisher filter.
> [02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
> attr-name='recordNumber'>.
> [02/25/16 14:03:59.164]:TextDriver PT: Filtered out <add-attr
> attr-name='isLastRecord'>.
> [02/25/16 14:03:59.164]:TextDriver PT:Publisher processing add for User#AA08.
> [02/25/16 14:03:59.164]:TextDriver PT:Found an associated object.
> [02/25/16 14:03:59.164]:TextDriver PT:Merging eDirectory and application values.
> [02/25/16 14:03:59.164]:TextDriver PT:
> DirXML Log Event -------------------
> Driver: \TC\services\idm\driverset\TextDriver
> Channel: Publisher
> Object: User#AA08 (data\User\AA08)
> Status: Success
>
> I would have expected a modify to be generated and command transform to be
> applied to it before writing to Edir, actually. Never noticed this behaviour
> before, bug or feature?
>

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Merge on associated ADD, no command transform processing?

alekz wrote:

> Are the attribute values the same in both the <add> and in the IDV?
> What are the merge settings for the auxLocked attribute in the filter?
>
> My observation is that it will never enter command transformation
> unless it needs to, i.e at least one attribute value has changed.


I generally include a fake "notify-only" attribute that is
authoratitive to the app to ensure that pub command transform is
entered on merge regardless.

> Another interesting thing is that if you set an attribute to "Optimize
> Modify=FALSE" to force it to go the command transformation then that
> setting is respected during normal operations but not when doing a
> match/merge, at least that is what I have noticed since 3.5


Yes that changed at some point, thought it was more recent than 3.5
though.
Highlighted
Knowledge Partner
Knowledge Partner

Re: Merge on associated ADD, no command transform processing?

Alex McHugh wrote:

> > Are the attribute values the same in both the <add> and in the IDV?
> > What are the merge settings for the auxLocked attribute in the filter?


I expected values to be different, but only got the trace back from the
customer, so I cannot be sure. Merge was set to None, so that might have led to
IDM dropping the event after all. Anyway, since it's associated, merge should
not kick in in the first place but a synthetic modify should be created and
processed by command transforms.

> > My observation is that it will never enter command transformation
> > unless it needs to, i.e at least one attribute value has changed.


That may have been the case here, waiting to see if it's reproducible...

> I generally include a fake "notify-only" attribute that is
> authoratitive to the app to ensure that pub command transform is
> entered on merge regardless.


Will have to do this here, too, I guess....

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Merge on associated ADD, no command transform processing?

alekz wrote:

> Another interesting thing is that if you set an attribute to "Optimize
> Modify=FALSE" to force it to go the command transformation then that
> setting is respected during normal operations but not when doing a
> match/merge, at least that is what I have noticed since 3.5


Now that you mention it, I even opened a bug about that behavior back in 2012.
I'm getting old...

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.