Why does the LDAP/AD RA convert adds to modifies. How do I prevent this!

hellos.
I have noticed that if I attempt to add an LDAP entry which has the same DN as an existing entry, then the default Provisioning workflow SILENTLY converts this add to a modify.
template: cn=$fullname$,ou=people,dc=company1,dc=com
so if 2 different persons with same first and lastnames are entered into IdM first one gets added Ok but then gets hijacked by the second 'addition'.
ok. I understand that I have to cater for this eventuality, but isnt the whole point of using an intelligent system like IdM to trap these events automatically.
I would rather see an error message like "error code 68: object already exists" on the screen after screen entry + save than end up with 2 different Idm entities pointing to the same LDAP entry!!
Is it possible to set a switch (waveset property?) allowing/denying the convert add to modify when the target already exists?
Must I have to either rewrite the provisioning workflow or plug in some fullname validation on the form?

It does not matter what you intend to do or not: the identity template is there to tell IDM how the resource account should be identified. The software has no "knowledge" of your intentions. It uses the configuration you gave it to create the account you are requesting. If that should not happen in all cases then you will have to handle that.
The fact that you provision to the resource also shows that you do not see the resource as the authoritive source of data.
IDM does not assume or preempt that the account already exists on the resource. If it finds that the account already exists when it checks the resource it has to follow what you have configured it to do. In this case that is create the account you wanted it to create. To make sure that the account contains the information you want it to contain it will modify/add the values which are missing and or different.
The fact that the resource account is already there is not an error situation and will never be one. It is considered as being a normal case with a normal solution: IDM takes hold of the account. If it would be an error case there would be no need for reconciliation or active sync. You can even go a step further and state that the account on LDAP should not have existed if you try to create the user this way, reconcile or active sync should take care of these kinds of accounts.
For the sharing part: IDM understands that resources can contain shared accounts, it even has a state for them in the reconciliation. But when you create an user in IDM and assign resources the accounts on the resources automatically belong to the user in IDM. This has to be enforced otherwise there would never be a guarantee that an user whom has a resource assigned also really has the account.
If you want IDM to fail in situations like this then you have to code that yourself and customise the workflow or forms used for the provisioning process. By doing that you will create a huge amount of manual intervention to create the accounts in a later stage unless you can make the work flow smart enough to cycle through a number of possible resource account Id values if the account already exists on the resource.
This will almost certainly also kill any possibilities to run a reconcile against that resource because you can not catch this in correlation rules or confirmation rules.
Then a user form does not go out and see if the account already exists. The form provides logic and a display template for information. The provisioner and the userviewer will do al the processing.
If you really want to leave the existing account alone then there are two options you can set as form properties, only one can be used at anytime:
"NoLinking"
"InteractiveLinking"
like this:
<Form .....>
<Properties>
<Property name='InteractiveLinking' value='true'/>
</Properties>
If you specify "NoLinking" the provisioning will go ahead and the user will get accounts on all resources where there were no conflicts, no intercation possible.
If you specify "InteractiveLinking" your checkin of the userview will fail and you will be returned to the GUI. At that point you will have to fix the issues that were found before any provisioning will take place. This requires custom forms and all handling needs to be done by the user. Have a look for DiscoveredAccountFields in the libraries
This was build into the product after a push from one customer and has never been documented outside of one release note. It will become part of the standard docs from version 7 onwards. However it is still considered as a bad solution but if you want it you can use it.
WilfredS

Similar Messages

  • HT2491 Why does the Dock go into a darker mode?  How do I prevent this from happening?

    Following installation of MacOSX Snow Leopard, the application icons on the Dock started out as being brightly illuminated. After using a few they have now reverted to a darker image.  I am able to get the application I wish to use to light-up brightly when I am using it but all of the others remain darker.
    Cannot find any references to adjusting the brightness of the Dock.
    Any suggestions as to how I can make all of the applications in the Dock remain bright?
    Thanks.

    Hmmm, I've not seen this!???
    Long shot, but...
    Go to System Preferences > Universal Access and down in the Display: section make sure that the Enhance contrast: slider is all the way to left to Normal, or more to the right for less Contrast.

  • Why does a form automatically close? Is there a way I can prevent this from happening?

    Why does a form automatically close? Is there a way I can prevent this from happening and keep it 'Open'?

    The form will close automatically when you do changes that can affect the form fillers. Sorry there is nothing you can do beside explicitly open the form after your changes.
    Gen

  • Just purchased an Iphone and downloaded Itunes on my desktop...now no matter what i am doing the Itunes stores keeps opening up, anyone know how I can fix this

    I just purchased an Iphone 4S and downloaded Itunes on my desktop.  Now no matter what i am doing the Itunes keeps opening open.  Anyone know how to make this stop?

    actually nevermind, it's working now. I closed iTunes, then waited a little, then double clicked one of my iTunes video files from my documents, which opened up iTunes again and the video started playing. I tried restarting iTunes before and that didn't work, so maybe for those who have similar problems, just try clicking on the video file in your documents/desktop of your computer, rather than directly from iTunes.

  • TS3899 My old iPad let me have 1000 emails, why does my new iPad Air only allow 200?  How do I change this?

    I want the 1K emails I could have on my iPad 2. Can't figure out how to do this on my new Air.

    I had an iPad 2 with iOS 5.1.1.  In the Mail, Contacts, Calendars selection and within it a Mail section.  Within the Mail section i could choose to show anywhere from 50 - 1!000 messages.  In my new iPad Air with iOS 7.1 i have no such option and it seems to max out at 240 meassages.
    I have 1,209 earhlink emails on my old iPad dating back to Novemeber, on my new iPad i have 250 going back through March.
    Is ther a setting i can chane to got the others?   Do they live in the cloud somewhere and i just dont know how to use it?
    Thank you for you reply and your hekp. 
    rho

  • Why does the music i want to add end up i "not added folder"

    Can anyone help me ? i've been trying to add some music files to my iPod 32gb 3rd Gen running i05 I'm on my home PC running windows xp home all up to date
    ive converted the files to AAC when I try to send them to iPod i put the music in "auto add to I tunes" folder it fails to send and ends up "not added folder"
    i must have tried this a dozen times ive also tried restarting iTunes.
    any help would be great
    thanks for in advance
    Neil

    Perhaps the program that you've used to convert to AAC hasn't done a very good job. The "Not Added" folder is where iTunes moves things that it cannot recognise as being valid files of the types that it can manage.
    tt2

  • Why does my phone keep trying to re-start and how do i resolve this issue? Without a system restore as I have not backed it up.

    It happened about 20 minutes ago. It keeps on coming up with the revolving circle which it does when it shuts down from loss of battery but then keeps trying to re-start itself by displaying the apple icon. Help please.

    Hello AshleyJacobs1,
    Thanks for using Apple Support Communities.
    For more information on this, take a look at:
    iOS: Not responding or does not turn on
    http://support.apple.com/kb/ts3281
    Best of luck,
    Mario

  • When I view application windows, but then cancel from this view I am moved to another open window from the application on a different desktop space. How can I prevent this from happening?

    Hi Everyone!
    I'm new to Mac, and I'm a bit unsure of how to handle a problem I'm having with application windows.
    Here's the scenario:
    On one space I have a bunch of PDF's open in Preview next to the document I am working on. On another space, I might have an unrelated PDF open and an image, also open in Preview. Now, say I use the Application Windows button to view all my open PDF's on the first space, but then discover I haven't got the PDF open, so I need to open in in finder. The moment I quit out of the Application Windows view I am transported to another desktop containing an open Preview window! This happens with other applications too, like if I trigger application windows on pages instead of preview and need to cancel, I get transported off to some other open pages document.
    This is insanely infuriating, how can I stop it!
    Thanks for your time.

    See Recover your iTunes library from your iPod or iOS device.
    tt2

  • When I change the row heights in a spreadsheet, then save, close, and open it, the row heights are back to default. How can I prevent this?

    One of our reports has lots of text in some rows. I import the data, adjust the row width and ask the text to wrap, which automatically sets the row height appropriately. When I save, close, and open that spreadsheet, the width is still the same and Wrap is still selected, but the rows are only one line high, which means that the report is unreadable and a serious pain to make readable.
    I can save it as a PDF, but I'd rather be able to use the Numbers format or Excel and be confident that my recipients can read it.

    Hi k,
    I'm unable to reproduce the described behaviour.
    The document containing the table below has a combination of row heights set manually using teh stepper in the Table Inspector (both 0.76" labeled rows), set manually by dragging the row boundary between row reference tabs (labeled 1/13"), and set automatically by Numbers to fit the content of the remaining cells.
    Content in the rows with names beginning E, F, G or H wraps automatically to form two rows in the cell. The rest are forced into two lines using a carriage return character.
    All maiintained their row heights through two Saves and reopenings.
    Regards,
    Barry

  • Why Does the iPhone not send/receive MMS?

    Why Does the iPhone not send/receive MMS? this in the works?

    "Why Does the iPhone not send/receive MMS?"
    Apple chose not to offer this as a feature of iphone. E-mail can accomplish the same thing.
    "is in the works?"
    This has been asked and answered countless times. The forum search bar is on the right side of this page.
    Apple has announced that MMS will be included in the 3.0 software due out this summer. Before you ask, all that has been announced is in this link:
    http://www.apple.com/iphone/preview-iphone-os/
    Apples developer conference begins tomorrow.

  • Why does the export to word from adobe conversion tel me everytime their is a problem when I attempt

    Why does the new export from PDF to Word programme tell me evrytime that thier is a problem with the export?

    Hi Tony,
    Have you tried submitting your documents via the ExportPDF web interface: http://exportpdf.acrobat.com/signin.html ?
    Could you also open one of these files in Adobe Reader and choose File > Properties.  What does it say next to 'Application' and 'PDF Producer'?
    -David

  • Why does the iPhone convert animated .GIF images?

    I saved a bunch of animated .GIF files on my iPhone.
    When I imported them onto my computer, they were all single framed .JPG files.
    Why does the iPhone convert the images, and is there any way to prevent this?
    Thanks!

    you can play gif in webView ,just the same way you load a jpeg or png..
    NSString *path = [[NSBundle mainBundle] pathForResource:@"santa" ofType:@"gif"];
    NSURL *url = [NSURL fileURLWithPath:path isDirectory:NO];
    /* Load the request. */
    [myWebView loadRequest:[NSURLRequest requestWithURL:url]];
    the gif that is locally saved will be loaded.

  • Why does the pen tool remove previous line when I add new anchor points??

    Why does the pen tool remove previous lines??
    Video here:  http://youtu.be/8AmPUkD88h0 
    It removes the hairline on the face, when I add more anchor points. Why? And how do I correct it?

    The ins and outs of the new and changed behaviors in the re-engineered pen tool have been disussed here on this forum and I'm sure a little detour to the help files will also shed some light on this...
    Mylenium

  • Texting on iPhone 5.  When texting to multiple people why does the contact list return to the "A"s after you select a contact and try to add the next one in order?

    Texting on iPhone 5.  When texting to multiple people why does the contact list return to the "A"s after you select a contact and try to add the next one in order?  This really slows you down when trying to contact 50 people with information.  iPhone 4 worked just fine.  Any suggestions on how to fix this?

    None of my pictures that I uploaded into iPhoto are in my Finder under Pictures.  Should I copy and paste my folders from iPhoto into here, in case something happens to my iPhoto program (in addition to backing them up onto an external hard drive like I already do)?
    No, that's just wasting space.  A back up needs to be on a different disk.
    Your photos are within the iPhoto Library.

  • Why does the i5 add a contact to my contacts list for every person I have ever emailed?  My 4 didn't.

    Why does the i5 add a contact to my contacts list for every person I have ever emailed using Outlook and Gmail?  The i4 didn't have this issue.

    Hi drewskiiiiiiiii,
    If you are having issues with your iPhone's Contacts application acting oddly, you may want to try some things to troubleshoot.
    First, quit all running applications and test again -
    Force an app to close in iOS
    Next, I would try restarting and if needed resetting the iPhone -
    Restart or reset your iPhone, iPad, or iPod touch
    If the issue is still present, you may want to restore the iPhone as a new device -
    How to erase your iOS device and then set it up as a new device or restore it from backups
    Thanks for using Apple Support Communities.
    Best,
    Brett L  

Maybe you are looking for

  • Unable to Deploy Par  File in the Portal

    Hi Experts, When i'm trying to deploy the par file to the portal after Configuring the server settings it's giving me an error. "Operation Failed: Please make sure the server 'DEV' (hostname:port) is running or check the log (sap-plugin.log) for more

  • Read data from an Infocube

    Hi, I'm writing a program to read data from an infocube, usfin FM RSDPL_CUBE_DATA_READ, but I can't get a result. This are the parameters I'm using: I_INFOCUBE                                = 'ZGE_CUB10' I_REFERENCE_DATE                  = sy-datum

  • Closed Captions don't appear when I play my video exported with Premiere Pro CC

    So, I've spent some time researching this, but can't seem to get anywhere.  I'm fairly new to Premiere Pro and I've created a sequence with closed captions.  I've tried exporting several different ways (Quicktime, H264, etc.).  I've also been careful

  • Can't access router configuration

    I have a wireless router WRT54GC.  It worked fine until I got a new linker.  Now I can neither connect wirelessly from my laptop (although the laptop says the connection is fine).  Nor can I access the router configuration; the URL for the configurat

  • BAPI for line items.

    Hey, is there a BAPI that returns the line items of a given account and a time frame?