Hi all!

A kind of my migration project, here, is create a new AD driver. The
actual AD driver is very very old and the development is not good and
the driver uses some java class to do things that new version (3.5.8) of
AD driver allready do.

Ok, my problem is that today I have about 5000 users associated with
this actual driver that we will call AD1. My new driver is called AD2
and I will connect in the same AD but I don't change any attribute. I
just want to make association with new driver. My new driver, AD2, will
use entitlements to sync users and exchange 2007 accounts. So, my idea
to rollout AD2 driver is add UserAccount entitlement in groups of 1000
users and let driver sync and make association. Here is my problem. In
my test environment, that is production like, when I add the UserAccount
with an user that is associated with the actual driver (AD1), and
already has an AD account, I got this XML that remove all values from
attributes:

<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="user" event-id="idm03#20100709194503#1#1"
from-merge="true"
qualified-src-dn="O=mid\OU=ID\CN=7F3763C858BC4ABC93D8849CEB75891 8"
src-dn="\MID-QAS\mid\ID\7F3763C858BC4ABC93D8849CEB758918"
src-entry-id="35959">
<association>8be95bae3008614499d6454738640276</association>
<modify-attr attr-name="department">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Security Equals">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="sn">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="facsimileTelephoneNumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="telephoneNumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="employeeType">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="description">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="personalTitle">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="employeeNumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="company">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="cn">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="givenName">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="department">
<add-value>
<value timestamp="1210689735#12" type="string">FIT</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Security Equals">
<add-value>
<value timestamp="1274982611#17421"
type="dn">\MID-QAS\mid\SISTEMAS\INFRA-ESTRUTURA\REDE\ACESSO_REDE</value>
</add-value>
</modify-attr>
<modify-attr attr-name="facsimileTelephoneNumber">
<add-value>
<value timestamp="1155824356#13" type="structured">
<component name="faxNumber">+55 (99)9999-9999</component>
<component name="faxBitCount">0</component>
<component name="faxParameters"/>
</value>
</add-value>
</modify-attr>
<modify-attr attr-name="sn">
<add-value>
<value timestamp="1226507915#6" type="string">NUMBER
ONE</value>
</add-value>
</modify-attr>
<modify-attr attr-name="telephoneNumber">
<add-value>
<value timestamp="1213133344#4" type="teleNumber">+55
(99)9999-9999</value>
</add-value>
</modify-attr>
<modify-attr attr-name="title">
<add-value>
<value timestamp="1277247303#7" type="string">Sr</value>
</add-value>
</modify-attr>
<modify-attr attr-name="employeeType">
<add-value>
<value timestamp="1204725154#28" type="string">E</value>
</add-value>
</modify-attr>
<modify-attr attr-name="description">
<add-value>
<value timestamp="1189630460#6" type="string">User Test
Number One</value>
</add-value>
</modify-attr>
<modify-attr attr-name="personalTitle">
<add-value>
<value timestamp="1173928390#2" type="string">IT
Manager</value>
</add-value>
</modify-attr>
<modify-attr attr-name="employeeNumber">
<add-value>
<value timestamp="1203007021#2"
type="string">9999999</value>
</add-value>
</modify-attr>
<modify-attr attr-name="company">
<add-value>
<value timestamp="1274982611#17506" type="string">My
Company</value>
</add-value>
</modify-attr>
<modify-attr attr-name="cn">
<add-value>
<value timestamp="1147048288#28"
type="string">U99099</value>
</add-value>
</modify-attr>
<modify-attr attr-name="givenName">
<add-value>
<value timestamp="1226507915#5" type="string">USER
TEST</value>
</add-value>
</modify-attr>
<modify-attr attr-name="dirxml-uACAccountDisable">
<remove-all-values/>
<add-value>
<value type="state">false</value>
</add-value>
</modify-attr>
<operation-data attempt-to-match="true"
unmatched-src-dn="CN=7F3763C858BC4ABC93D8849CEB758918">
<entitlement-impl id="mid\service\idm\driverset_qas\Entitlement
Policies\LABIDM Policy" name="UserAccount"
qualified-src-dn="O=mid\OU=ID\CN=7F3763C858BC4ABC93D8849CEB75891 8"
src="RBE" src-dn="\MID-QAS\mid\ID\7F3763C858BC4ABC93D8849CEB758918"
src-entry-id="35959" state="1">DOM=labamnet.local</entitlement-impl>
</operation-data>
</modify>
<modify-password class-name="user" event-id="pwd-subscribe"
qualified-src-dn="O=mid\OU=ID\CN=7F3763C858BC4ABC93D8849CEB75891 8"
src-dn="\MID-QAS\mid\ID\7F3763C858BC4ABC93D8849CEB758918"
src-entry-id="35959">
<association>8be95bae3008614499d6454738640276</association>
<password><!-- content suppressed --></password>
<operation-data>
<password-subscribe-status>
<association>8be95bae3008614499d6454738640276</association>
</password-subscribe-status>
</operation-data>
</modify-password>
<rename class-name="user" event-id="idm03#20100709194503#1#1"
qualified-src-dn="O=mid\OU=ID\CN=7F3763C858BC4ABC93D8849CEB75891 8"
src-dn="\MID-QAS\mid\ID\7F3763C858BC4ABC93D8849CEB758918"
src-entry-id="35959">
<association>8be95bae3008614499d6454738640276</association>
<new-name>N02221</new-name>
</rename>
<modify class-name="user" event-id="idm03#20100709194503#1#1"
qualified-src-dn="O=mid\OU=ID\CN=7F3763C858BC4ABC93D8849CEB75891 8"
src-dn="\MID-QAS\mid\ID\7F3763C858BC4ABC93D8849CEB758918"
src-entry-id="35959">
<association>8be95bae3008614499d6454738640276</association>
<modify-attr attr-name="userPrincipalName">
<remove-all-values/>
<add-value>
<value type="string">U99099</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>

At XML beginning we can see the events:

<modify-attr attr-name="department">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Security Equals">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="sn">
<remove-all-values/>
</modify-attr>

I don't want to <remove-all-values/> to decrease the risk of change
anything in AD.

I know that I can transform or strip those attributes, but I would like
to know if is there any configuration in driver filter to compare the
attributes because the most sync attributes has the same value in IDM
and AD.

Thank you!


--
* Alan Cota | Open Consult | Brazil, Novell Platinum Partner.
CNE | ISM & Security Specialist.
http://www.alancota.net*
------------------------------------------------------------------------
AlanCota's Profile: http://forums.novell.com/member.php?userid=1961
View this thread: http://forums.novell.com/showthread.php?t=415321