DN Rename events in OpenLDAP RRS feed

  • Question

  • Hi all

    I have been working with FIM/MIM for three years and am quite comfortable with interactions with Active Directory, however recently in a test lab I have been trying to get MIM to communicate with OpenLDAP in the same manner.  I have successfully got it creating users, but when it comes to modifying a cn/dn (due to a name change for example) I get no end in issues. 

    I am using MIM 2016 SP1: Sync Service 4.4.1302.0 and the Generic LDAP (Microsoft) downloadable connector/MA.

    Here are my OpenLDAP sync rules:

    The initial export to OpenLDAP looks fine and there were no MA errors:

    The import and sync back from the OpenLDAP MA was also fine.

    I am using a MySQL connector for the data source.  I go into the database and modify the first name from James to Jim for our actor.  When I go to perform an Import and then a Sync from this MySQL connector I get this error:

    Is it simply that the way I have my sync rules set up does not allow the MA to modify the dn?  I have tried a range of different sync rule configurations with no success.

    The RFC 4511 documentation specifies that to modify a DN you need to issue the following command.  It could be that the connector is not issuing/cannot issue this?

            ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {

                 entry           LDAPDN,

                 newrdn          RelativeLDAPDN,

                 deleteoldrdn    BOOLEAN,

                 newSuperior     [0] LDAPDN OPTIONAL }

    Thanks for looking and please let me know if there is specific config that you need to see.


    Friday, March 31, 2017 1:29 AM