Object Inspector throws ATTRIBUTE_NOT_DEFINED error when attribute in filter is not in eDir schema

  • 7016230
  • 25-Feb-2015
  • 25-Feb-2015


NetIQ Identity Manager 4.0.x iManager Plug-ins
NetIQ Identity Manager 4.5 iManager Plug-ins


When the user has been synchronized through a driver that has an attribute which is in the filter, but not in the identity vault schema, if you run "read all attribute values from this server" in the object inspector on the user (image attached), an error:  "The following Namespace Exception occurred while trying to access the directory.  (ATTRIBUTE_NOT_DEFINED)"

Example:   In the LDAP driver default filter, it contains an contains an attribute "nsRoleDN" in the filter (nsRoleDN - Publisher:Notify, Subscriber:Ignore).   There are several policies which act upon that attribute in the driver, but the attribute is never sent to eDirectory, so there is no attribute defined in the Identity Vault Schema called nsRoleDN.

If you synchronize a user through a default LDAP driver, and then run the object inspector on the user, and select "read all attribute values from this server" on the LDAP Driver association, you will get a ATTRIBUTE_NOT_DEFINED error.  

This is true if you add any attribute in the filter that is not defined in the eDirectory Identity Vault schema.


Workaround:   Click the individual attributes to see their values in the Identity Vault and the connected application.

Engineering has been notified of issue with the plugin.


Because one or more values in the driver Filter is not defined in eDirectory schema, the plugin is throwing and ATTRIBUTE_NOT_DEFINED error.