Hi, how is everything?

I need some help here with my Active Directory driver. I know the
problem is in driver filter but I want to understand better how merge

My problem is when I create a user from IDM in Active Directory, the
update of DirXML-ADAlias attribute in IDM (sAMAccountName in AD)
generate a full merge event in identity vault. This event come back to
AD again via subscriber channel and the user is updated again and all of
my audit rules are generated again. I need to prevent the driver to
update all attributes in publisher. In filter just 04 attributes is
allowed to update information in identity vault but seems that filter is
totally ignored by driver.

Download the complete driver log and actual driver filter:

DRIVER LOG: 'MID2AD3-modificado.xml - DivShare'

This is the time events in the log to you understand what is happens:

[09/30/10 18:53:10.921]: user receives the UserAccount entitlement. The
process starts
[09/30/10 18:53:11.172]: no matches found. Transform <modify> to <add>
[09/30/10 18:53:12.552]: end the correct transaction in subscriber
[09/30/10 18:53:23.944]: return of sAMAccountName from AD to IDM
[09/30/10 18:53:23.985]: apply filter in publisher (start of my
[09/30/10 18:53:23.986]: merging on publisher (that's my problem!)
[09/30/10 18:53:23.986]: read relevant attributes (I don't want this!)

After this an update is processes in publisher channel and an event
return in subscriber channel because some attributes in sub filter was
wrongly updated in this merging on publisher. I need to prevent this.
Only publisher filter attributes are allowed to update from AD in
identity vault.

Any help is very welcome.

Thank you!

* Alan Cota | Open Consult | Brazil, Novell Platinum Partner.
CNE | ISM & Security Specialist.
AlanCota's Profile: http://forums.novell.com/member.php?userid=1961
View this thread: http://forums.novell.com/showthread.php?t=422341