When we synch or create a new group, I need to auto add an account that
eDirectory doesn't know about.
The reason is complicated, and somewhat difficult to cover in writting.
A group is created / modified in eDirectory. When it get sent to AD I
want to add a user that is in AD, but not in eDirectory to this group -
always. In this situation, the driver between eDir and AD is a two way
sync, so when a change to the group happens in AD, and is synced back to
eDir, I need to ignore this one account, but allow all others to come through.
I noticed that in IDM 3.0 the Subscriber channel sends over the
\tree\ou\ou\cn to the AD driver, and not the converted syntax that I would
expect (cn=user,ou=dept,dc=myd,dc=rootd. So, if it does this, how can I
send over an account in the form that AD driver will accept and act on.
I tried to add cn=x,ou=y,.... to the output transform of the subscriber
channel, but it doesn't seem to work. The driver for AD accepts this
value, claims success, but does not add the user. I thought in IDM 2.0 it
would at least raise an error that I could use to determine what went wrong.
Any insight would be greatly appreciated.