I have a unique issue with a reconciliation for the TAM Combo Adapter, and it's only happening in one of our four environments (that I'm aware of).
On rare occasions, the reconciliation will delete the TAM account from the ITIM registry, and only for a very small subset of users (<1%). I found it as a known issue in the 5.1.14 Combo Adapter release notes:
85051 When using the TAM API method of reconciliation to reconcile TAM
accounts, if a TAM account already in the TIM registry becomes a
malformed TAM account then TIM will identify this malformed TAM account
as no longer existing, and delete it from the TIM registry. If the
malformed TAM account does not already exist within TIM's known TAM
accounts, the account will not be added. This behavior does not provide
any warning or failure message by TIM.
See Installation guide for how to change configuration regarding this
So IBM is aware of the issue, but the resolution offered here of "See Installation guide" is no help, this error isn't referenced anywhere in there. Are they referring to using the LDAP method of reconciliation as opposed to the TAM API method?
It most recently happened to me, and the only thing that has happened to me over the past two weeks is being provisioned access to this environment, and being added to two groups (one through a TIM provisioning policy, and manually assigning iv-admin via WPM). I can't see anything on any angle of my account that would register it as malformed, and it still exists just fine in TAM. I'm able to get through WebSEAL to the ITIM console without issue.
Pinned topic ITIM 5.1 / ITAM 6.1.1 - TAM Combo Adapter Recon killing ITIM account
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-26T16:23:18Z at 2013-01-26T16:23:18Z by SystemAdmin
SystemAdmin 110000D4XK9855 Posts
Re: ITIM 5.1 / ITAM 6.1.1 - TAM Combo Adapter Recon killing ITIM account2013-01-26T16:23:18ZThis is the accepted answer. This is the accepted answer.Hi,
Even I am facing the same issue. Reconciliation using LDAP method goes into success, and moves the TAM account to recycle bin in ITIM LDAP for few and for others recon shows as success but it is not pulled into ITIM.
ITIM 5.1 - ITAM 6.1.1
TAM Combo Adapter - 5.1.14
I have also tried using TAM API method of reconciliation. No luck.
Could you please share if you got a solution for this?
Thanks in advance.