Environment
NetIQ Identity Manager Driver - Bi-directional eDirectory 4.0.1.2
Situation
Bi-directional eDirectory driver is not processing any events from the remote side.
If you change an object in the Identity Vault, it does sync to the remote side.
If you change an object in the remote eDirectory tree, it does not sync to the identity vault.
If you view the .tao file for the driver in the eDirectory dib directory on the remote server, you can see the event sitting in the tao file. (strings XXXX.tao)
If you change an object in the Identity Vault, it does sync to the remote side.
If you change an object in the remote eDirectory tree, it does not sync to the identity vault.
If you view the .tao file for the driver in the eDirectory dib directory on the remote server, you can see the event sitting in the tao file. (strings XXXX.tao)
Resolution
1. Remove the LDAP mapping from eDirectory attribute: GUID, to the Primary LDAP attribute: guid, on the ldap group object assigned to the ldap server object in the remote side. (iManager, LDAP role, LDAP Options task, click on the ldap group object, attribute map tab, highlight the GUID guid line and click the - on the right, then save)
2. Refresh the LDAP server. (iManager, LDAP role, LDAP Options task, expand the ldap group, click on the ldap server, then click the refresh button)
3. Restart the Bi-directional eDirectory driver.
2. Refresh the LDAP server. (iManager, LDAP role, LDAP Options task, expand the ldap group, click on the ldap server, then click the refresh button)
3. Restart the Bi-directional eDirectory driver.
Cause
Customer had added an attribute mapping on the LDAP group object assigned to the LDAP server object on the remote side from the eDirectory attribute: GUID, to the Primary LDAP attribute: guid