Moving Users Between Containers on both eDirectory and AD
Novell Cool Solutions: Tip
By David Gersic
|
Digg This -
Slashdot This
Posted: 29 Aug 2007 |
* NOTE * This article has been MOVED to http://www.novell.com/coolsolutions/tip/19579.html ------------------------
Problem
A Forum reader recently asked:
"We have an IDM 3.5 IDVault with a flat tree, and it is connected to another IDVault with an eDirectory tree with many OUs. Off of the flat tree vault, we have a remote loader connection to an Active Directory that is a mirror of the EDir tree with many OUs in organizational structure. When we move a user to a new container on either system, the eDirectory or Active directory, we want the user to move to the new container on the other system."
And here's the response from David Gersic ...
Solution
That's doable, but not directly. You have to have some way of passing this information through the vault. I'm doing something along these lines here, so I know it can be done. You just have to do your own work, rather than allowing the engine to do the work for you.
For example, on my eDir to eDir driver between the hierarchical tree and the vault tree, I have a policy like this on the Publisher Event Transform (vault tree):
if class = group and if operation = move set destination attr value (niuGroupDN), when=after, source-dn veto()
The niuGroupDN attribute is then updated with the (new) DN of the moved object. Then, on my eDir to MAD driver, I have something like this on the Subscriber Event Transform:
if operation = modify and if class = group and if attribute niuGroupDN is changing set operation dest DN(dn(transform(niuGroupDN)) rename destination object when=after Destiation Name() set destination attr value (niuMoveTargetDN) = transform(niuGroupDN) veto()
The transform step here maps the eDir DN format to the MAD DN format, and it is specific to our trees. Later, on the Subscriber Output Transform, there is this:
if operation = modify and if operation attribute niuMoveTargetDN is changing move destination object dn(operation attribute(niuMoveTargetDN)) strip operation attribute niuMoveTargetDN
This should be enough to get you going - it's working for me here.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com