Short Summary: We migrated data to the virtual appliance recently. We have about 12 custom attributes we were required to keep. The directory xml was updated with these attributes as was the schema for CA Directory. We placed all the custom attributes under a custom object class in im_user_aux.dxc.
The problem is, when the directory xml for the user store is updated as below, we cannot login to the IDM user console.
<ImsManagedObject name="User" description="My Users" objectclass="imUser,imUserAux" pagesize="0" maxrows="0" objecttype="USER">
The issue is with the search being sent out, to be exact, the filter. This is the search being sent in the server.log while in debug mode:
2020-01-21 16:57:13,094 DEBUG [ims.llsdk.directory.jndi] (default task-69) findObjectByFriendlyName using filter: (&(uid=imadmin)(&(objectclass=imUser)(objectclass=imUserAux))) and base DN ou=im,ou=ca,o=com
This is the search that comes in on the directory:
[8] 20200121.142542.583 144.2 SEARCH dn="ou=im,ou=ca,o=com" scope=subtree filter=(&(imLoginId=imadmin)(&(1.1=^E\00)(objectClass=imUserAux))) eis=imLoginId uid imPasswordData imEnabledState source="client"
[5] 20200121.142542.583 144.2 RESULT success 0 entries 0 msecs
Of course there is no match for the filter as the imUser object class filter is all garbled.
I can send the search from the command line with no issue:
-bash-3.2$ ldapsearch -T1 -h ec24az4532-91 -p 19289 -D "cn=dsaadmin,ou=im,ou=ca,o=com" -b "ou=im,ou=ca,o=com" "(&(imLoginId=imadmin)(&(objectClass=imUser)(objectClass=imUserAux)))" dn
Enter bind password:
dn: cn=imadmin,ou=people,ou=im,ou=ca,o=com
If we remove the imUserAux object class from the directory xml, the issue is resolved but now user objects get created with only the imUser object class and as a result, we cannot add custom attributes.
Has anyone seen this issue before? Is this a known bug?