Policy Design feedback - IDM to AD
I’m currently using IDM 3.51 on SLES 9 and were running the normal Novell eDir to eDir drivers plus Active Directory, Exchange and soon to be Peoplesoft. I would like some feedback on the best approach to have this policy change happen in our AD Driver set.
The schema configuration is straight forward from our mapping in the identity vault to active directory. Given name to givenName, Surname to sn and Full Name to displayName. I also capture an attribute called “preferredName” in the identity vault from the PS application if it’s supplied by the user during the enrollment process. Normally this happens after the user wishes to show a preferred name in an HR controlled application like a time keeping system.
Users are requesting the displayName in active directory to show the “preferredName” attribute instead of there legal first name. Example display Wilson, William as the display name, but requesting to show Wilson, Bill. This stems from the address book and other applications that pull information from AD.
We could change the identity vault first name to show the preferred name, but if the PS record is updated this will overwrite the identity vault. I don’t want to modify the standard convention in our mapping, but build a policy if preferredName is populated in IDM display the preferred name in “displayName”.
Any ideas or thoughts?
|
Threaded Mode
