Offline David Gersic and I have been discussing a topic that many people
may eventually get too...
IDM is a FIFO stack, first in, first out, in the TAO file queue.
So how do you keep IDM responsive to what the user cares about (password
changes) when it is getting backed up with say a resync (Or in David's
case, a silly query that is taking 12 hours (I know he used a Loopback
for it, but imagine if he had not))
The concept that has come up a couple of times is for each system that
has these issues, set up two drivers.
1) Sync everything but passwords, (maybe on Add's sync the password, so
that you can create them properly)
2) Sync just passwords.
This sounds pretty straightforward, but the devil is in the details.
So anyone done this yet? I was thinking that anyone who has done the
SAP UM driver against CUA (Central User Admin) should have done this
with additional SAP UM drivers against the indvidual SAP modules. (CUA
is SAP's notion of handling Identity, sort of. It pushes accounts out
to other modules, yay, but it does not sync passwords, boo!)
Therefore they must have handled it?
So what are the issues? Here is my list so far: (Nothing hard yet, just
details so far)
1) Associations, for AD driver for example, should probably copy the
assoc from the main driver and add it to the Password driver. (This
should be pretty easy). Store the other driver in a GCV, or else, stick
on the string _password to the current driver name and mess with the
value in the dirxml.auto.drivername GCV. Easy enough with XPATH.
2) Adds should probably include the original password only on that
event, in the main driver, so that creates work better in the connected
3) What else?