We have a geographically structured tree, where to avoid tree walking a
group will exist with the same name at various sites. I'm looking at
creating a loopback driver in IDM 4.01 that will, when it detects a user
move, change group membership to the local copy:
user fred.sitea.org is a member of group group.sitea.org.
Fred moves to dn fred.sitez.org
the membership of group.sitea.org is removed and replaced with
membership of group.sitez.org.
Avoids treewalking etc.
What I'm struggling with is the src dn. I now understand that when my
loopback driver is running on the master replica a move comes in as a
move event, with src dn of fred.sitea.org and destdn of fred.sitez.org.
However if the driver is running on a RW replica then the move comes in
as a sync event with from-move=true, a src dn of fred.sitez.org and no
dest dn. The trouble with that is that I can think of nothing in that
event which tells me where the src dn of fred was. Is there any way
round this? I am really uncomfortable with the thought of mandating that
all master replicas must be on the IDM server: I've too often found it
useful to move the master about to deal with obituary problems in the
past and it would be completely impractical to run a loopback driver on
every one of 119 servers...

