Environment
Situation
Sometimes policy based querieshave failed due to a source object having been renamed during the time an IDM driver isprocessing a different event on the renamed object. How can this be overcome. The query had both the dest-dn and the association. It failed using the DN. Why didn't it use the association?
Resolution
Even if you have both a dest-dn and the association in your query. The engine will use only one of the items based on the precedence. The precedence for operations is: dest-entry-id, dest-dn, association. That said, best practices recommendations are:
1. Use policy builder to query attributes using the current object. It will always pick the most specific way of identifying the target object that isavailable to it (which is almost always the entry-id when querying eDirectory). Ditto everything else the engine does.
There is never a reason to specify both because IDM will never use both, only the one it considers to be the most specific.
The above listed precedence are only for querying eDirectory. When querying the connected application, Association should have the highest precedence. The reason for the difference in precedence is that the Association is required to uniquely identify a single object in the connected application, but an eDirectory object can be associated with multiple objects in the connected application and multiple objects in eDirectory can be associated with a single object in the connected application.