The IDM Notes driver always publishes association values.

For example, my configured driver for Lotus Notes is trying to publish objects from the Notes Address Book (NAB) that have never been associated in the IDM Identity Vault. An input document is published by the Notes driver with an association, but there is not – and never has been – a corresponding object in the IDM Identity Vault (eDirectory). Why is the driver publishing these objects? What is the association value for objects in Notes, and where is it stored?


All objects in an IDM-connected application can have an association key – regardless of whether the objects are actually associated within the IDM Identity Vault. In fact, the application and driver shim don’t care whether or not an object is associated. To better understand the purpose of the IDM association value follow this link:

The Notes Driver’s publisher does not know (or attempt to know) if an object originated from the Identity Vault and has an association there. The Notes Driver simply detects changes within the synchronized Notes database, passes them through the publication (class and attribute) filter and loopback detection check, and publishes the results to the Identity Vault with a valid association value. For the Notes Driver, this association value is always the UNID value of the corresponding Notes database document. The Notes Driver publisher assumes the Identity Vault will always need this association value. From the perspective of the Identity Vault (IDM engine), sometimes a driver may publish an event that has an association that cannot be found in the Identity Vault; when this happens, the IDM engine reports the inconsistency and throws away the command.

What’s a UNID, and where is it stored? A Notes document UNID value is the ‘Universal Note ID’ for the record (document) stored in the Notes database. Each Notes document (record) within a Notes database contains a UNID, which is a composite value of other identifying data within the document. For more information, the Notes API documentation describes it well:

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: pnuffer
Sep 12, 2007
3:56 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow