Environment
Novell Identity Manager 3.6.1- Active Directory Driver
Situation
An attribute is changed in eDirectory and flows into Active Directory through the Active Directory Driver. The change is processed by Active Directory and the same event is sent back to eDirectory.
For example:
1) User Batman has his middle initial changed from "d" to "e" from iManager. The following event is created on the Subscriber Channel:
<input>
<modify cached-time="20100803190358.881Z" class-name="User" event-id="idv#20100803190358#1#1" qualified-src-dn="O=Idv\OU=Users\CN=Batman" src-dn="\IDVTREE\Idv\Users\Batman" src-entry-id="32992" timestamp="1280862238#2">
<association state="associated">d1a54ce4fd2dfe479f138e65031bbd3b</association>
<modify-attr attr-name="Initials">
<remove-value>
<value timestamp="1280862058#2" type="string">d</value>
</remove-value>
<add-value>
<value timestamp="1280862238#2" type="string">e</value>
</add-value>
</modify-attr>
</modify>
</input>
2) The event is successfully synchronized to Active Directory by the following status messages:
DirXML Log Event -------------------
Driver: \IDVTREE\Idv\Driver_Set\Active Directory
Channel: Subscriber
Object: \IDVTREE\Idv\Users\Batman
Status: Success
DirXML Log Event -------------------
Driver: \IDVTREE\Idv\Driver_Set\Active Directory
Channel: Publisher
Status: Success
3) Active Directory then sends the same event back to eDirectory
<input>
<modify class-name="user" event-id="Active Directory##12a3956dbf1##0" src-dn="CN=bat man,CN=Users,DC=labdomain,DC=local,DC=edu">
<association>d1a54ce4fd2dfe479f138e65031bbd3b</association>
<modify-attr attr-name="initials">
<remove-all-values/>
<add-value>
<value naming="false" type="string">e</value>
</add-value>
</modify-attr>
</modify>
</input>
For example:
1) User Batman has his middle initial changed from "d" to "e" from iManager. The following event is created on the Subscriber Channel:
<input>
<modify cached-time="20100803190358.881Z" class-name="User" event-id="idv#20100803190358#1#1" qualified-src-dn="O=Idv\OU=Users\CN=Batman" src-dn="\IDVTREE\Idv\Users\Batman" src-entry-id="32992" timestamp="1280862238#2">
<association state="associated">d1a54ce4fd2dfe479f138e65031bbd3b</association>
<modify-attr attr-name="Initials">
<remove-value>
<value timestamp="1280862058#2" type="string">d</value>
</remove-value>
<add-value>
<value timestamp="1280862238#2" type="string">e</value>
</add-value>
</modify-attr>
</modify>
</input>
2) The event is successfully synchronized to Active Directory by the following status messages:
DirXML Log Event -------------------
Driver: \IDVTREE\Idv\Driver_Set\Active Directory
Channel: Subscriber
Object: \IDVTREE\Idv\Users\Batman
Status: Success
DirXML Log Event -------------------
Driver: \IDVTREE\Idv\Driver_Set\Active Directory
Channel: Publisher
Status: Success
3) Active Directory then sends the same event back to eDirectory
<input>
<modify class-name="user" event-id="Active Directory##12a3956dbf1##0" src-dn="CN=bat man,CN=Users,DC=labdomain,DC=local,DC=edu">
<association>d1a54ce4fd2dfe479f138e65031bbd3b</association>
<modify-attr attr-name="initials">
<remove-all-values/>
<add-value>
<value naming="false" type="string">e</value>
</add-value>
</modify-attr>
</modify>
</input>
Resolution
Active Directory doesn't have a "modifier's name" equivalent. Any event that goes into Active Directory will come back from Active Directory as a new event. This cannot be avoided and is normal.