Environment
Novell Identity Manager 3.5
LDAP Driver
Situation
When trying to sync objects over from an LDAP server to
eDirectory, objects were not syncing over and the following error
was seen in a trace (level 3) of the driver.
LDAP PT:LDAP: Skipping changelog entry because this change was
made by this driver's subscriber channel.
Root Cause: The ldap driver was authenticating as
Root to the LDAP server, and the changes are being made as root
(see below excerpts from the trace). So loopback was
detecting the change as coming from the driver (as Root) and
rejecting the change.
Change coming from the LDAP server and
error:
objectclass: top
objectclass: changelogentry
objectclass: ibm-changelog
ibm-changeInitiatorsName: CN=ROOT
changetime: 20071219075828
changenumber: 822154
targetdn: uid=bob,o=outside,dc=myco,dc=com
objectclass: changelogentry
objectclass: ibm-changelog
ibm-changeInitiatorsName: CN=ROOT
changetime: 20071219075828
changenumber: 822154
targetdn: uid=bob,o=outside,dc=myco,dc=com
LDAP PT:LDAP: Skipping changelog entry because this change was
made by this driver's subscriber channel.
LDAP PT:LDAP: Changelog:
dn: changenumber=822155,cn=changelog
changetype: modify
changes: replace: street
street: 453 Main Street.
LDAP PT:LDAP: Changelog:
dn: changenumber=822155,cn=changelog
changetype: modify
changes: replace: street
street: 453 Main Street.
Driver authetication information on the Driver
startup:
Resolution
1. Have the Driver Login as a different user so the
Driver authentication user and the user making the change in the
LDAP server are not the same.
2. Disable Loopback Detection. This should
ONLY be done if you are syncing one way or your changes could get
in a continuous loop. Edit the properties of the
driver and disable loopback detection on the driver (set it to
no).