UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Vice Admiral
Vice Admiral
1002 views

Publisher add event converted to modify also updates app?

Hello,

We are pushing an nds add document to a SOAP driver listener (publisher channel). When these add events match an existing user in the vault and a converted to a modify, we are seeing an additional operation trying to update the application (subscriber). This operation doesn't seem necessary and is posting the data back to the SOAP driver listener instead of the subscriber channel url which is failing with a bad certificate error. I don't think it would work even if the certificate was ok.

Here is the start of the extra event.

[05/15/17 09:34:41.458]:WkDay Driver PT:Performing operation modify for data\users\Corporate\M50824.
[05/15/17 09:34:41.458]:WkDay Driver PT:--JCLNT-- \IDVDEV\system\driverset1\Workday SOAP - Publisher : Duplicating : context = 1614807306, tempContext = 1614807438
[05/15/17 09:34:41.459]:WkDay Driver PT:Modifying entry data\users\Corporate\M50824.
[05/15/17 09:34:41.461]:WkDay Driver PT:--JCLNT-- \IDVDEV\system\driverset1\Workday SOAP - Publisher : Calling free on tempContext = 1614807438
[05/15/17 09:34:41.461]:WkDay Driver PT:Scheduling update of application with eDirectory values.

Is this normal for add events that convert to modify? Is there a good way to stop it? Any idea why it is trying to use the Publisher listener URL? Normal modifies on the Subscriber channel work correctly and post to the correct soap url.

Here is the full trace: https://pastebin.com/HiS73GYJ

Thanks,
Jeremiah
Labels (1)
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

jrmhscht wrote:

> [05/15/17 09:34:41.461]:WkDay Driver PT:Scheduling update of application
> with eDirectory values.
>
> Is this normal for add events that convert to modify? Is there a good
> way to stop it?


This is a merge, as it occurs after successful matching when you have at least
one attribute in the filter that has merge-authority != none and
subscriber-sync="true". Check your filter...

If you want more detailed comments, we'll need to see a level 3 trace of driver
startup (as that shows the filter details) and an operation being processed
when the merge occurs.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
Vice Admiral
Vice Admiral

I was just reading through the merge authority section of https://www.netiq.com/communities/cool-solutions/common-mistakes-newcomers-idm-make-part-7/ The merge authority seems to always confuse...

It look like merge-authority = none took care of the issue.

Any idea why it was trying to post to the driver listener when updating the application?

Thanks for you help,
Jeremiah
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 5/15/2017 12:14 PM, jrmhscht wrote:
>
> I was just reading through the merge authority section of
> https://www.netiq.com/communities/cool-solutions/common-mistakes-newcomers-idm-make-part-7/
> The merge authority seems to always confuse...
>
> It look like merge-authority = none took care of the issue.
>
> Any idea why it was trying to post to the driver listener when updating
> the application?


Because of the merge. 🙂

Like on the Internet, someone is always wrong, soo you must stay up all
night correcting them, in an IDM merge, someone might be wrong, AND IT
MUST BE FIXED.

🙂

So Default merge auth means that if AppA Has a value. eDir has a
different value, both get updated to multivalued. (Supposed to know the
diff between a single valued and multivalued attr, butu I am not so sure).

If eDir is merge auth, the App always gets updated to match.
If App is merge auth, eDir always gets updated.
If none, no updates done at all.


Vice Admiral
Vice Admiral

Thanks, I think I have the merge authority figured out now. I probably want it to be set to eDir, not none. The problem is the event that says it is "Scheduling update of application with eDirectory values" is posting to https://idmserver:1900 instead of https://workday.service so it fails with a certificate error. A normal modify operation on the Subscriber channel posts to the workday url as expected.

I don't know what would happen if I imported the certificate, but it doesn't make sense to post the eDir value to the eDir Publisher listener does it? I exported the driver and searched for the URL it is trying to post to and could not find it anywhere other than where it is configured to listen.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.