Knowledge Partner
Knowledge Partner
229 views

Merge with no changes, how to catch such an event?

I had an AD driver, from eDir to AD where the users all existed in both.

Since they did not want to muck with the data we set Merge Auth to none
for all attributes.

On a migrate from eDir, we got a <sync> event for each user. Ok so far.

They matched, merged, nothing to do, event ends, right after the Match
policy set.

However, I need to add two attrs to each user as it matches.

Docs say there are two error cases and dest-dn is set to those cases
(Funky Unicode values that Shon posted about a while back, and I have
used. Matched user already associated to another object, and multiple
matches found) and if a match is found, the dest-dn is set.

In fact, this is how you chain the Find Matching Object rules.

However, when I did this event, I tried in the same policy object to
detect if dest-dn is available, and that failed to ever fire on a match.

Then I tried a second policy object, after the first one that succeeds
at matching, matches, and then test for if dest-dn available, and in
fact, the <add> event does NOT visibly get a dest-dn.

IDM 4.01, but not 4.0.1.1 engine patch. AD shim is 3.5.16.

Two questions: 1) This as it should be?
2) IF so, how do catch such an event to add stuff needed?
Labels (1)
0 Likes
4 Replies
mkreim Absent Member.
Absent Member.

Re: Merge with no changes, how to catch such an event?

The matching behaviour (error cases and dest-dn) you described works
only on the Publisher channel.
Add a policy as first policy in subscriber matching which does a query
with the query token and not with the find-matching-object token. You
can build a modify event if you have exactly one query result.

Greetings
Matthias

Am 27.03.2012 17:51, schrieb Geoffrey Carman:
> I had an AD driver, from eDir to AD where the users all existed in both.
>
> Since they did not want to muck with the data we set Merge Auth to none
> for all attributes.
>
> On a migrate from eDir, we got a <sync> event for each user. Ok so far.
>
> They matched, merged, nothing to do, event ends, right after the Match
> policy set.
>
> However, I need to add two attrs to each user as it matches.
>
> Docs say there are two error cases and dest-dn is set to those cases
> (Funky Unicode values that Shon posted about a while back, and I have
> used. Matched user already associated to another object, and multiple
> matches found) and if a match is found, the dest-dn is set.
>
> In fact, this is how you chain the Find Matching Object rules.
>
> However, when I did this event, I tried in the same policy object to
> detect if dest-dn is available, and that failed to ever fire on a match.
>
> Then I tried a second policy object, after the first one that succeeds
> at matching, matches, and then test for if dest-dn available, and in
> fact, the <add> event does NOT visibly get a dest-dn.
>
> IDM 4.01, but not 4.0.1.1 engine patch. AD shim is 3.5.16.
>
> Two questions: 1) This as it should be?
> 2) IF so, how do catch such an event to add stuff needed?


0 Likes
Knowledge Partner
Knowledge Partner

Re: Merge with no changes, how to catch such an event?

On 27.03.2012 19:37, Matthias Kreim wrote:
> The matching behaviour (error cases and dest-dn) you described works
> only on the Publisher channel.
> Add a policy as first policy in subscriber matching which does a query
> with the query token and not with the find-matching-object token. You
> can build a modify event if you have exactly one query result.


Also according to the docs, on the subscriber channel a match should add
an association to the current operation (rather than add a dest-dn), so
you should be able to detect/trigger on this.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Merge with no changes, how to catch such an event?

On 3/27/2012 1:53 PM, Alex McHugh wrote:
> On 27.03.2012 19:37, Matthias Kreim wrote:
>> The matching behaviour (error cases and dest-dn) you described works
>> only on the Publisher channel.
>> Add a policy as first policy in subscriber matching which does a query
>> with the query token and not with the find-matching-object token. You
>> can build a modify event if you have exactly one query result.

>
> Also according to the docs, on the subscriber channel a match should add
> an association to the current operation (rather than add a dest-dn), so
> you should be able to detect/trigger on this.


that is what I forgot! The association! Thank you. Will try that.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Merge with no changes, how to catch such an event?

On Tue, 27 Mar 2012 15:51:57 +0000, Geoffrey Carman wrote:

> Since they did not want to muck with the data we set Merge Auth to none
> for all attributes.


With no data changing, I don't think you're going to get much out after
the matching/merge logic fires. You should, I think, get an association,
though, so maybe you can trigger your changes off of that.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.