-699 errors in replica synchronization on User App Admin object
This document (7009513) is provided subject to the disclaimer at the end of this document.
Environment
NetIQ Identity Manager 4.0
NetIQ Identity Manager 4.0.1
NetIQ Identity Manager Roles Based Provisioning Module
Situation
This particular user is key User Application administrator.
Removing the replica from Server1, rebacklinking Server and adding the replica back cleared the error for a few days, but the error came back on the same user object.
Partition: .[Root].
Replica on server: .Server2.services
Replica: .Server2.services 06-15-2012 13:26:16
Replica on server: .Server3.services
Replica: .Server3.services 06-15-2012 13:26:15
Replica on server: .Server4.services
Replica: .Server4.services 06-15-2012 13:26:14
Replica on server: .Server1.services
Replica: .Server1.services 06-15-2012 06:10:25
Server: CN=Server2.O=services 06-15-2012 13:26:10 -699 Local
Object: CN=JLee.OU=users.O=vault
Server: CN=Server3.O=services 06-15-2012 13:26:11 -699 Local
Object: CN=JLee.OU=users.O=vault
Server: CN=Server4.O=services 06-15-2012 13:26:12 -699 Local
Object: CN=JLee.OU=users.O=vault
All servers synchronized up to time: 06-15-2012 06:10:25
Resolution
Workaround:
Delete the srvprvUserPrefs attribute from the problem user with iManager. The attribute will be recreated when the user saves their preferences again in User Application.
Resolutions:
The srvprvUserPrefs attribute will be stored differently in eDirectory in the next release of IDM, and some additional cleanup of the attribute as it is being done as it is stored. The fix is in IDM 4.0.2 Advanced Edition or later.
Cause
IDM 4.0.2 moves that attribute to a stream file, which does not have a size limit on eDirectory replica synchronization, and does some cleanup on the attribute as it is being stored or updated.
Additional Information
---------------------------
srvprvUserPrefs attribute must be cleaned up manually
Values that are saved into the srvprvUserPrefs attribute are not fully removed when a user removes or change their filters or customization entries.
The attribute srvprvUserPrefs is a single values, synchronize immediately, string in eDirectory. It is limited to about 33,000 total characters. Once the attribute reaches the maximum size, users will not be able to save filter and customization entries into this attribute. To work around this issue, an Administrator would need to clean up the attribute manually with iManager or an LDAP Browser.
-----------------------------------
Search: 699 uaadmin userapp user app
Disclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7009513
- Creation Date:18-JUN-12
- Modified Date:18-JUN-12
- NetIQIdentity ManagerIdentity Manager Roles Based Provisioning Module
Did this document solve your problem? Provide Feedback