When the com.ibm.lconn.profiles.config.see.draft.values.immediate property is set to true, draft table values are written back to both the main employee and draft employee tables, and the information in the Profiles database and the LDAP directory can become unsynchronized. To fix the problem, you must run the sync_all_dns task.
About this task
The com.ibm.lconn.profiles.config.see.draft.values.immediate property in the profiles-config.xml
file controls whether profile changes display immediately in the user interface. This property is disabled by default. However, if the property is set to true, when users update their profile, the updated draft table values are written to both the main employee and the draft employee tables, and the information in the LDAP directory and the Profiles database might conflict. To resolve this issue, when setting draft values to display immediately, you must also run the sync_all_dns task.
When the com.ibm.lconn.profiles.config.see.draft.values.immediate property is set to true, and you do not run the sync_all_dns script, you risk making the database out of synchronization with the LDAP directory due to the following sequence of events.
- The user updates a draft attribute.
- The user's action in the previous step creates a draft record and updates the employee table.
- The synchronization record is pushed to the LDAP directory.
- The LDAP directory rejects the change.
- The employee record is not corrected.
Change events are only displayed when the changes are accepted and, if the LDAP directory or the administrator rejects the user's change, there is no way to detect that the user value needs to be reverted to the original value.
The sync_all_dns task performs a brute force synchronization of all the LDAP directory and database records and detects if any changes have taken place. By running this task, you can correct any inconsistencies between the Profiles database and the LDAP directory.
For information about how to run the sync_all_dns script, see Synchronizing LDAP directory changes with Profiles
Parent topic: Synchronizing user data between Profiles and the LDAP directory
Synchronizing LDAP directory changes with Profiles