Highlighted
Respected Contributor.
Respected Contributor.
495 views

Role not processing add/removes from assigned eDir Group

We are currently updating IDM and the User Application to 4.7.2 The role and resource driver is at 4.7.1.0 and the installed Role and Resource Service Base package is 4.7.0.20180213164852. The User Application driver is at 0.20180222.092342 with package 4.7.0.20180227204757 installed. IDM is at 4.7.2.

I started noticing that the role assignments are not working as expected anymore. I have an eDirectory group assigned to a role. When I add a user to this group the role should show up in the user's nrfMemberOf attribute and the user should be provisioned to the resources mapped to the role. This is no longer happening. The role no longer "sees" when a user is added or removed from the eDirectory group.

Adding a user directly to the role mentioned above works as expected. The role shows up in the user's nrfMemberOf attribute and the user provisioned to the mapped resources.

Any ideas?
Labels (1)
0 Likes
5 Replies
Highlighted
Absent Member.
Absent Member.

Re: Role not processing add/removes from assigned eDir Group

On 2019-03-19 22:56:02 +0000, joelburke said:

> We are currently updating IDM and the User Application to 4.7.2 The role
> and resource driver is at 4.7.1.0 and the installed Role and Resource
> Service Base package is 4.7.0.20180213164852. The User Application
> driver is at 0.20180222.092342 with package 4.7.0.20180227204757
> installed. IDM is at 4.7.2.
>
> I started noticing that the role assignments are not working as expected
> anymore. I have an eDirectory group assigned to a role. When I add a
> user to this group the role should show up in the user's nrfMemberOf
> attribute and the user should be provisioned to the resources mapped to
> the role. This is no longer happening. The role no longer "sees" when a
> user is added or removed from the eDirectory group.
>
> Adding a user directly to the role mentioned above works as expected.
> The role shows up in the user's nrfMemberOf attribute and the user
> provisioned to the mapped resources.
>
> Any ideas?


Hi Joel,

we have noticed this as well, it appears to be an issue with the 4.7.1
RRSD driver.
We are seeing Java errors processing group roles.

Currently we have an incident open with NTS and there is a remote
session scheduled for tomorrow.
Will keep you posted if anything develops.

/Mark

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: Role not processing add/removes from assigned eDir Group

Thanks for the response. I also opened an incident. Microfocus has acknowledged a bug I reported a couple months ago with the GetGroup SOAP service on IDM 4.7.2. I wonder if these are related? Both issues involve eDirectory groups.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Role not processing add/removes from assigned eDir Group

On 2019-03-20 14:26:01 +0000, joelburke said:

> Thanks for the response. I also opened an incident. Microfocus has
> acknowledged a bug I reported a couple months ago with the GetGroup SOAP
> service on IDM 4.7.2. I wonder if these are related? Both issues
> involve eDirectory groups.


We are getting Java NullPointerExceptions - sounds like it could
definitely be related to a bug in the SOAP service if it does not
return certain information that the driver expects it to.


0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: Role not processing add/removes from assigned eDir Group

Did anything come out of your remote session?
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Role not processing add/removes from assigned eDir Group

On 2019-03-21 14:04:03 +0000, joelburke said:

> Did anything come out of your remote session?


Hi Joel,

yes it is a bug in the 4.7.1 RRSD driver and a patch will be forthcoming.

The bug is in the handling of <add> events with the Group Membership
attribute present.

Cheers,

Mark

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.