This is probably very trivial, but I can't work out how to do it...

We have a SAP user driver that takes creations in the SAP user database
and adds the users to a specified OU in the ID vault. These users are
created by external bodies, and we have no control over naming
conventions. All well and good. However I'm now tasked with modifying
the driver so that users already in the ID vault, in a different OU, are
populated in the SAP system. This is just at the paper stage at the
moment. I've got this in another driver, so the basics are
However... Its going to be possible, even likely to have duplicate user
names, because entirely different entities (external bodies and
internal) are creating users. I can match on multiple attributes to stop
the matching rule matching up a new internal user to an existing
external user, but then the creation rule will get the creation event
and presumably fail because the cn already exists. So I want to test for
the creation failure, and create an alert of some kind. Should I be
testing in an input transform policy for an error message coming back
from SAP, or is there a more elegant way to approach the problem?

Only a very small subset of internal users will be using this new
system, so I don't really want to prevent duplicate cns existing in
different OUs the ID vault, only alert when it will cause issues with
this particular system.

jimc's Profile:
View this thread: