How FIM2010 CM & CLM 2007 search for users
- User with FIM2010/CLM/ILM management permissions logs on to the CM website, accesses one of the search pages and clicks Search
- The CLM Auth Agent service account makes an LDAP query to a DC and retrieves the names of all users matching the search criteria
- The FIM code steps through the list that it has obtained from AD and checks if the logged on user has read permissions to each - if so then it is added to the list
- Once all users in the list have been checked the filtered list is displayed to the logged on user.
Two things have to be in place for a user to be displayed on the Search Results page when the search operation is performed:
- the logged on user (i.e. FIM Admin) must have Read Properties permissions on the account(s) being searched for in order for them to be displayed in the search results
- the CLMAuthAgent account must have sufficient AD permissions and user rights as defined on http://technet.microsoft.com/en-us/library/cc708677(WS.10).aspx
If either of these is missing or incomplete then the list of returned users will be filtered accordingly or an error message returned.
Installing and Configuring CLM 2007 on a Server
http://technet.microsoft.com/en-us/library/cc708677(WS.10).aspx
A hotfix rollup package (build 3.3.1118.02) is available for Identity Lifecycle Manager 2007 Feature Pack 1
http://support.microsoft.com/kb/969742