Novell IDM, how I covet thee.

Instead, I'm stuck with Microsoft ILM because of the extreme price
difference. Those of you who've listened to me before have heard this
before. Due to how costs are allocated around here and the relative ease
with which money moves from place to place, $1 cash dollar is worth about
$5 salary dollars when it comes to evaluating if we can afford a new

The fact that we can't move money from the salary pool to the new toy pool
also plays a big role in this. Or, put another way, big salary savings does
not free up money for a new big toy. It just means the salary budget has a
surplus at the end of the year, that's it.

This is why we've ended up with Microsoft ILM over Novell IDM. We knew it'd
take more effort to get going, but we we can afford effort. We can't afford
cash-money. I just found one of the areas where some of that effort will be

If I'm reading the help files and manuals right, it seems that ILM doesn't
handle provision/deprovision. Neither does Novell unless you buy the right
drivers, but ILM defines provision/deprovision a bit differently. In ILM
land "provisioning" means the act of creating an object in the target
directory that exists in the source directory. Deprovisioning means
deleting an object in a target directory when it goes away in the source

So if I have a user in AD, and want to create an eDir user, it won't do
that for me. Even though the thing has the schema for both LDAP directories
locally and could pretty simply (or so I think) figure out what details are
needed to create it. No, that'd be too easy.

Instead, we, the customer, have to write "provisioning rules." Unlike IDM,
this isn't a simple map of which attributes flow to which attributes, some
placement rules, and some custom logical rules. It's a full out FUNCTION

It may be that the logic we have to embed in the DLL is very simple, and
easily comprehended by anyone with a basic understanding of modern
programming languages. Not that I could tell, since I DON'T HAVE VISUAL
STUDIO INSTALLED ON MY DESKTOP. So, I can't prototype the
provision/deprovision process. I've figured out how to get attributes to
flow between two directories the way I want, but I can't CREATE the ruby
crested things.

Another thing that makes me pine for IDM? IDM has the concept of in-bound
and out-bound sync rules that are different. ILM conflates the two, which
makes it harder to understand which rules get applied where in the sync


--Borg Consulate--
Tape backup, the bane of my existence
vicofborg's Profile: