Novell is now a part of Micro Focus

Driver Filter Reset for AD and IDM

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 5 Sep 2007


A Forum reader recently asked:

"I am trying to create an account on active directory and have it synchronized to IDM. The Driver filter has the surname, given name, and various other fields set to Publisher Reset and Subscriber Synchronize.

When the account is created in Active Directory, you can see in the trace that the values are there. Then, later in the trace, the values get reset before IDM gets to the placement policy. At that point, a MISSING MANDATORY error is generated. When I change the filter to Synchronize on both the Publisher and the Subscriber, the account is created in IDM.

How do I prevent users from chaining values in AD and synchronizing to IDM? I need those values to be reset in AD so that IDM is the "keeper" of information, and the values in AD always reflect those in IDM. This works with existing accounts but not with new accounts."

And here's the response from Father Ramon ...


Filters are somewhat of an all or nothing kind of thing. What you are trying to do is make AD (or your policies) authoritative on create, but not on modify. To get the behavior you want, you are basically left with two options:

  • Remove reset from the filter and implement it yourself in policy.
  • Leave reset in the filter, but bypass it for adds by forcing the operation to be direct instead of letting it go through the notify/reset filter.

I would think that the latter would be the easiest. What you probably want is something like the following rule, in the last policy of your publisher command transformation:

  <description>Perform adds directly to bypass the reset 
    <if-operation op="equal">add</if-operation>
   <do-set-xml-attr expression="." name="direct">

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates