this is surely not the right forum for that question, but it touches
thematically more than one and i just could not think of a better place
to get in-depth-technical as well as reality-proven advice
these are first thoughts on how to get more out of it and certainly to
get more concrete weīd rely on novell resp. partners of novell, justīd
be interested in your opinions:


we are in the process of thinking about our existing edir/idm
infrastructure and how to leverage our implementation with regard to
move more into lifecycle-mgmt, compliance, ...

sso 6.0.5, edir 8.8.2, idm 3.5.1
function to date:
syncronizing user-objects from AD to eDir (including passwords) and
propagation to
- Notes (only attrib-modifications directly written, add/delete/rename
through "passthrough"-db which sends the event to defined admins and
performs those tasks after admin-approval).
- via textdrivers to centrally hosted applications:
sap,tivoli,top-secret (very basic: user-rename,disable,enable)
drivers decide via AD-groupmembership if the user-event is to be
user-authentication via ldap for sap-web-portal
sso (ad-based)

two major drawbacks:
1. mandator-based-structure
- ~80 AD-Drivers (every mandator has itīs own AD) docked to one
- a few less notes-drivers (~60) doing the same
- a handful of "central" textdrivers

all that goes in a flat Tree ou=mandatorxxx,o=arz

2. edir-servers all runing on ms-windows, we do not have novell-clients
installed anywhere

can in such a infrastructure at all be thought of improving functional
levels significantly (e.g. in lifecycle-management, each mandator needs
to define itīs own processes for the may vary though not too
significantly - all mandators in finances.; .......)

does this infrastructure in your opinion have the prospect to come
close to a completeness (of vision in managing users from "the cradle
to the grave", resources, audit that, .... what might be subsumed User

florianz's Profile:
View this thread: