I am interested in synchronizing passwords on first association, or on a
triggered migrate operation, but am only interested in this behavior for
objects in a specific container in eDirectory.

The environment is IDM 3.5.1 and we are syncing eDir - IDM Vault - MAD.
eDir is subordinate and MAD is authoritative (but password changes are
bidirectional). This is working great, but now I have a class of users
who would like their eDirectory passwords to synchronize to MAD on first
association. I need this to only apply to users in a specific OU;

OU=Users,OU=SpecialCase,O=PRODUCTION. All other users should not
synchronize passwords until a change is issued from eDir or AD (the
present configuration).

To accomplish this will it be necessary for me to create a new driver
with distribution password merge authority set to something other then
NONE? Can I accomplish this in some transform rule instead? I would
like this to occur on first association, but don't mind if it has to be
done on migrate (if it keeps me from making another driver).

Thanks for any guidance.


krondor's Profile: http://forums.novell.com/member.php?userid=5235
View this thread: http://forums.novell.com/showthread.php?t=397610