cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Triggers not getting executed

Go to solution
jaisuryan
Active Contributor

on ‎07-07-2016 5:28 AM

0 Kudos

Hello Experts,

Version: 7.2 SP10

I have an AD system connected. When I assign role (which has AD privs) to the user, user creation is triggered. Then I reset the password using UI, password reset task was triggered. Then I tried attribute modification in UI, modify ADS user task was triggered as well.

After sometime, if I try any of the above action for the same user, none of the task is triggered. Can someone point me where and what could have changed?

This is very random. For some users, modify, password reset tasks are executed. For some its not getting triggered. For some its getting triggered for few times correctly then its stops triggered. Since its triggered for some, I believe modify attributes are fine.

All users have PRIV:ADS:ONLY and PRIV:SYSTEM:ADS in OK status in UI. Please give a insight while I get my database access sorted. Thanks.

Kind regards,

Jai

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Chenyang
Contributor
‎07-07-2016 5:39 AM
0 Kudos

Hi Jai

I had similar (but not same) issue as you have previously.

Are you using SAP provisioning framework 2 on top of IdM 7.2 sp10?

Under the event task [modify]  before [split on Entry Type Operation], you can insert a new task just to confirm it is executed every time you want to change AD attribute.

My observation is that the modify task is executed every time, but on the conditional task [split on Entry Type Operation], MX_PERSON branch is not executed in some cases. you may investigate further from there.


Cheers

Chenyang

Show replies
Show replies
jaisuryan
Active Contributor
‎07-07-2016 6:20 AM
0 Kudos

Hi Chenyang,

That's a good idea. This is happening only in prod. Dev, QAS and Pre-prod all have same config and version level. It works fine there. So I'm not yet allowed to make changes in prod yet. But I will try once I get a go ahead. What was your issue and how did you solve?

Kind regards,

Jai

Chenyang
Contributor
‎07-08-2016 12:35 AM
0 Kudos

I was trying to assign/remove AD user to/from AD groups, but without AD master privilege. because I don't want to update AD user account.

My test shows the provision works without priv:ad:only, but deprovision fails if the user does not have this master privilege. I have no clue why it is like that?

I added the master privilege back to the user and it solves the problem in the end.

Cheers

Chenyang

Answers (1)

Answers (1)

jaisuryan
Active Contributor
‎07-07-2016 10:29 AM
0 Kudos

I have raised a high priority incident to SAP

217872 / 2016 Modify Event not getting triggered

Show replies
Show replies
Ask a Question