Environment
Novell Identity Manager 3.6.1
Novell Identity Manager Driver - Active Directory
Situation
The "match users based on NT logon name" rule matches the DirXML-ADAliasName pseudo-attribute to a sAMAccountName-style value; however, the default Schema Mapping policy maps DirXML-ADAliasName to the userPrincipalName in Microsoft Active Directory (MAD) , which contains a value like user@long.nt.domain. As a result the matching never takes place properly and eventually an error is returned that the object being created already exists.
Resolution
The IDM 3.6.0 V5 driver preconfig for the Active Directory driver introduced a bug where the Schema Mapping policy incorrectly mapped DirXML-ADAliasName to userPrincipalName instead of sAMAccountName. To resolve this go to the Schema Mapping policy and change the mapping back to sAMAccountName which will cause the values sent through the channel to check that attribute instead of the incorrect attribute for valid matches.
This has been resolved in IDM v3.6.1 FP1
This has been resolved in IDM v3.6.1 FP1