I've got some questions about Identity Manager that I hope you can answer. I
wanted to see if what I want to do is possible before setting up a test and
trying for hours only to come up short. I work at a small college. For a
while now the administration has wanted alumni to be able to maintain their
college email address so they can stay in contact with them. In order to
make that work we're going to have to migrate the student body off of
Groupwise and onto a different email platform, one that most likely has an
OpenLDAP directory service. Current students will need to maintain their
eDirectory user account, which will need to be synced to OpenLDAP, but
alumni will need to be removed from eDirectory after they graduate due to
licensing but remain in OpenLDAP.

Is it possible to do this with IDM? Right now I'm just looking at the
eDirectory and OpenLDAP user accounts, not other IDM features such as
account provisioning. My thought would be to make eDirectory the
authoritative tree and have IDM do a sync of the student OU. But how do we
handle alumni? One idea is to create an alumni OU in eDirectory, move the
alumni in eDirectory into that OU, have it sync with OpenLDAP, remove the
IDM syncing of the alumni OU, and then delete the alumni users from
eDirectory. Would that work? Is there a better way to do it? I know IDM3
can sync based on OU but is it recursive? Would I have problems if I
created the alumni OU within the student OU?