In SCIM connector pointing to Api Gateway created via ConnectorXpress.
Account Template pointing to two different Provisioning Roles.
When the account template is changed when removing one Role from Account Template this yet keeps in place.
But when removing everything is working fine.
Release : 14.4
Component : IDGMR
1.Looking in the Provisioning Server log in a previous operation can see that eTDYN-str-multi-c-01(Rol): when receiving operation for multiple vales to remove is not doing the operation:
28506 20220628:133212:TID=ffcb40:Modify :S065:C063:S: Connector Server Modify (eTDYNAccountName=accountname) Requested by User etaadmin -
528507 20220628:133212:TID=ffcb40:Modify :S065:C063:S:+TenantNotSet
528508 20220628:133212:TID=ffcb40:Modify :S065:C063:P: URL: ldaps://<ip>:20411
528509 20220628:133212:TID=ffcb40:Modify :S065:C063:P: Class Name: User Account
528510 20220628:133212:TID=ffcb40:Modify :S065:C063:P: dn: eTDYNAccountName=accountname,eTDYNContainer001Name=Accounts,eTDYNDirectoryNa
528511 20220628:133212:TID=ffcb40:Modify :S065:C063:P:+ me=core-policy,eTNamespaceName=CORE TEST,dc=im
528512 20220628:133212:TID=ffcb40:Modify :S065:C063:P: eTDYN-str-multi-c-01(Rol): <no values> [REPLACE]
528513 20220628:133214:TID=ffcb40:Modify :S065:C063:F: SUCCESS: Connector Server Modify (eTDYNAccountName=accountname)
2. Same problem reproduced using the following etautil command:
etautil -u USER -p PWD -DYN update 'eTDYNContainer001Name=Accounts,eTDYNDirectoryName=corp-biling,eTNamespaceName=TEST' eTDYNAccount eTDYNAccountName='accountname' to eTDYN-str-multi-c-01=''
This sends a request to replace the eTDYN-str-multi-c-01 of the account with no values which should clear out all the values.
3. Please, need to check API Gateway policy to see what it does with this type of request.
Observed that if the modify is to DELETE specific value it works but with a REPLACE to replace all values with empty is not doing any change and just reporting success.
4. One example to DELETE specific value and is working fine:
etautil -u USER -p PWD -DYN update 'eTDYNContainer001Name=Accounts,eTDYNDirectoryName=corp-biling,eTNamespaceName=TEST' eTDYNAccount eTDYNAccountName='accountname' to -eTDYN-str-multi-c-01='eTDYNObject001Name=XXX,eTDYNContainer002Name=Roless'
Please work with the API Gateway Team in the Api Gateway Policy how is behaving when trying try modify and compare with when doing with one delete and see with them if need adjusts in the Api Gateway Policy.