This content has been marked as final. Show 4 replies
You can prove the issue by looking at one of the actual user objects from the debug URL. List objects of type user. You'll see in the object that the resource account still points to the old DN in LDAP. I think there are a few ways this can be remedied but it will depend on what works best for you.
Thanks for your reply.
Yes, it still pints to the old DN value. Is there any way to correct that value for all the users? All suggestions are welcome.
One way I think is to use the rename view to point to the new DN. But running the workflow for all the users is pretty complex. Is there any way like bulk action to achieve this? Anything at the backend also can be done. Thanks
How about deleting only the waveset accounts in IDM and then performing a full reconciliation with the resource in question. I think that will rebuild the account index and the users should then have the correct information. Obviously you'll want to test this out thoroughly.
Thanks again. I am trying a similar one as below
- Disabled all the operations on the resource (the requirement is to keep the resource in readOnly mode only after chaning the identity template).
- Thorugh bulk action deleted all the accounts in SIM. Since the resource operations are disabled it deleted only from the SIM
- Updated the user again and it assigns the account again with the correct DN based on the new identity template (because the account was assigned through a role).
As you are also suggesting a similar one I presume that I am going in the right way :-)
Please let me know if any other better ways.
Edited by: 907551 on Jan 12, 2012 9:32 PM
Edited by: 907551 on Jan 12, 2012 9:35 PM