Attribute modification Issue

This connector have a issue when is modifying attribute single-valued on OpenLDAP.

I have a lot of ExportErrorCustomContinueRun on my FIM Synchronization LDAP export.

I did a troubleshoot and identified the connector delete attribute and Add again. (On LDAP protocol we can modify attributes in one single call).

For some reason, the connector adds attribute first and then deletes.

Add one single-valued attribute that already exists, returns error 20 from Ldap Protocol.

I have some screenshoots of synchronization and Wireshark captures.

Sorry for english, my language is Portuguese.

Thanks


July 2nd, 2015 12:29pm

Gilberto,

Which MA has the higher precedence on those attributes that are added\deleted? Give us an attribute examples. Is if happening to all users or just one?

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2015 2:33pm

Nosh,

It's happens to all users with any attribute.

For mail attribute is checked the option "use equal precedence" on Metaverse

For Openldap MA i don't have Inbound attribute flow.

The mail attribute is imported from Active Directory MA.

July 2nd, 2015 2:47pm

1. Equal precedence is a very tricky one and not recommended.

2. Can you send the error, I see you are getting errors. Also, are these direct flows or advanced.

3. First screen shot you have inetOrgPerson and last one is person. Why is that?

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2015 2:52pm

Here is the detailed error:

Ps: Full Import and Full Sync on OpenLDAP doesn't solve this issue. It's done all night.

inetOrgPerson is a ObjectClass for person on OpenLDAP.

Attribute flow is not direct. it's done by Synchronization Rule from FimService.

July 2nd, 2015 3:42pm

1. You did not send me all the info.

"Also, are these direct flows or advanced.

 First screen shot you have inetOrgPerson and last one is person. Why is that?"

2. How is email being created in openLdap that you are trying to update?  What system creates email?  If openLdap owns the email it will override FIM Update. 

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2015 3:46pm

1. FIMService has MPRs to build users mail.

It's is a direct flow from FIM to OpenLDAP.

InetOrgPerson is objectclass for person on Openldap (person (Metaverse) and InetOrgPerson(OpenLdap) is the same thing).


2. FIM doesn't provisioning Users on OpenLDAP. It's done by other system.

That's correct. The mail will be override by FIM because FIM will send the correct mail.

Other Attributes are also corrected by FIM



July 2nd, 2015 4:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics