How does IDM deal with Alias objects in the eDir to eDir driver? From
an LDAP point of view, the alias object has the same object class, etc.
as the real object.

Here's why I ask:

IDM eDir to eDir is setup to sync groups from Hierarchical tree to Flat
Vault, but then the Vault does NOT sync those to AD.
We need to sync a particular set of groups to AD

So I changed the driver so that if the groups were in a particular eDir
container (in Hiearchical tree), they get put into a particular
container in the Vault, and then THAT container groups/membership only
get synced to AD.

all works well (tested all my use cases, etc.)

However, the Windows folks have requested to see if I can use an ALIAS
on the original container that held the groups because our Citrix stuff
has published applications to those groups (ie: cn=group1,o=ABC ->
original container) and if we move them, Citrix breaks (you have to go
into Citrix and re-publish the apps which is very time consuming).

My concern is if I use the alias objects, the existing eDir to eDir
driver may get confused and try to sync both the Alias and the "real"
object to the Vault, and that'll cause all sorts of issues.

OR is the driver "smart" enough to know that they're really just one
thing and handle that?

I cannot find anything in the docs regarding Alias objects other than
for a Fan out driver.

kjhurni's Profile:
View this thread: