All attributes being sync every time on Update

Tagged: 

This topic has 2 replies, 3 voices, and was last updated 1 month, 2 weeks ago by [email protected].

  • Author
    Posts
  • #28247
     aortiz
    Participant

    Hi All
    I have a very quick Question
    I setted up an IDM 6.5 environment with an Ldap Connector to an external OpenDJ server using the full stack sample, connection works good and i’m able to populate my OpenDJ with users created on IDM side.
    My problemn started when i wanted to update one attribute of those users, i tried to update givenName attribute using the IDM Web Console and got a password policy error in the log saying that i cannot use the same password i used before.
    When i dived into the issue i saw that with my update request, every single attribute was getting updated as well.
    This is an example of the operation i see in the logs(for that i had to enable logging inserting some groovy classes)

    IDM – onUpdate target = {telephoneNumber=234567890, employeeType=[], givenName=000 v3, kbaInfo=[], dn=uid=000consola,ou=people,ou=identities, aliasList=[], objectClass=[top, inetuser, person, inetOrgPerson, organizationalPerson, iplanet-am-user-service, kbaInfoContainer], sn=consola, ldapGroups=[], uid=000consola, cn=000consola, _id=992fbf12-465e-444c-9d51-5d69f3e57b0f, userPassword=password}

    As you can see the password attribute is present in the operation(amongst other attributes) but this behaviour is unexpected because we only need to modify one attribute.
    In order to stop getting the error i disabled the history count property in the password policy but this is something i cannot do in the productive environment.

    My Ldap Connector Version is 1.4.8

    Is there any configuration i might be ignoring?
    Any help will be appreciated

    #28250
     Jake Feasel
    Moderator

    If you are using IDM 6.5.0.4, you can take advantage of the work done for https://bugster.forgerock.org/jira/browse/OPENIDM-9962 . Basically, set the “excludeUnmodified” attribute in your provisioner configuration and you’ll get the behavior you describe.

    #28324

    Is there a document link for excludeUnmodified, the 6.5.0.4 integrators guide has no mention of this keyword.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?