I've been fighting a bit with initial password replication in an eDir -
Vault -AD configuration. I am trying to limit the scope of the
deployment based on eDir group membership. I have pre-populated the
vault with a migrate from AD.

The vault is receiving copies of password data from AD. I want
password synchronization to occur bidrectionally form eDir-AD. When I
add a user to the eDir group for inclusion in IDM, the eDir object is
receiving all attributes on sync from the vault. This unfortunately
includes the password from AD, causing endless confusion for our users.

I would like the eDir side to only receive password changes from AD
once the DirXML association has been stamped on the object, and not
apply the existing password from AD until the next password change

I guess I am unclear if this can be handled with changing the merge
settings, or if I will need to setup a command transform or the like?
Any pointers are greatly appreciated!

krondor's Profile: http://forums.novell.com/member.php?userid=5235
View this thread: http://forums.novell.com/showthread.php?t=395536