On Mon, 09 Jun 2014 14:04:01 +0000, EvilDobe wrote:

> dgersic;245322 Wrote:
>> On Fri, 06 Jun 2014 16:24:01 +0000, EvilDobe wrote:
>>
>> > I am currently running IDM 4.0.2 adv & attempting to link two

>> accounts
>> > together so they share a single password.

>>
>> A Loopback driver with a working Matching Rule (to find and associate
>> the
>> two accounts) should do this.
>>
>>
>> > I created a rule to create an
>> > association between the two accounts but it doesn't actually link the
>> > two together for password change purposes,

>>
>> So what happens (level 3 trace) when a password is changed on one of
>> the
>> objects?


> Using my association way the password is changed & an association is
> created. On a second password change, after the association, there is
> no sync. As though the association is not there.


You seem to be under the impression that an association "does" something.
It doesn't. It's simply the way the engine determines what object to
modify, and whether or not it needs to run the event through the Match/
Create/Placement rules after the Event Transform, or if it can jump
straight to the Command Transform.

You might start reading here:

https://www.netiq.com/communities/co...d-tour-novell-
identity-manager-2/

for the basics. Then move on to:

https://www.netiq.com/communities/co...d-tour-novell-
identity-manager-2/

and:

https://www.netiq.com/communities/co...d-tour-novell-
identity-manager-2/

To sync passwords from the Subscriber to the Publisher should be no big
deal with the loopback driver. Put the password (nspmDistbutionPassword)
in the Filter and set it to Subscriber Notify, assuming you have the
standard Password Synchronization policies installed on the driver.

You should then see:

With an unassociated object, the <modify> event gets converted to an
<add> event, which goes through the Subscriber Matching Rule (first).
This (or you could do this on the Publisher Matching Rule, if you prefer)
should find the "other object". This will then convert the <add> to a
<modify> with a merge of values, and will set the object association.

With an associated object, the <modify> event should go down the
Subcriber, hit the loopback, and come back down the Publisher, updating
the other object directly.

If you have trouble, please get a level 3 trace (see reference, above),
put it on pastebin.org and post the URL to it here so that we can see
what's going on.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.