following scenario: eDir2eDir driver. I have to sync groups (create and modify)
and Users (only modify) into the IDVault. IDVault is subordinate! There are
some groups, which contains users, which are not in the IDVault. So far so
good, they are filtered out. But, there are also users, which are created
in the IDVault by a different mechanism and also exists in the Prod-tree,
but they are not associated.
I already have a rule, which parses the member attribute and checks, if the
user in the IDVault exists. If not it is filtered out by my rule. If yes,
it will by filtered by the sync filter, because the references cannot be
resolved. :-( (I can overcome this problem, by doing a migrate of users
and establish an association, but this sin't an option for many reasons).
So now I am thinking, to establish an association in my rule synthetically
by using add-association. But this seems not to work, because the eDir2eDir
driver requires the GUID of the initiating object as an association on both
object. But i cannot determine on which object I will set the association,
because there is not "set source or destinatin association" (quite logically).
Another idea was to establish an synthetic sync of the source object to get
the association in the real way, which DN I have. But I have no idea how
to do this.
Any ideas from your side?