I've done that in a number of places. While you have to add the data end to end (generally) you
might also consider making an external LDAP call to update the data. If your needs are simple that
might keep the implementation simple without having to stand up another driver.

You might also be able to inject the modify from one driver to the other. There are several
articles on doing that.

Simplest way though is to put the data end to end.

On 7/25/2012 7:26 AM, jimc wrote:
> My current IDM Infrastructure has
> SAp HR connecting to a flat eDirectory in an ID vault used mainly for
> Edir to Edir between the flat ID vault and a deeply tree structured
> tree used for File and Print across multiple sites
> Edir to MsAD from the F&P tree to an AD domain.
> Basically users are created in the tree structured F&P Tree and then
> match to pre existing records in the SAP HR DB.
> All well and good, but there are a bunch of attributes in HR/ID Vault I
> need to populate in the MAD domain that don't need to be in the File and
> print Tree.
> I was mulling over the possibility of running a second driver from the
> IS vault direct to the AD tree with suitable logic in to keep the extras
> out of the F&P schema.
> The code and logic is simple enough, and reasonable checking in
> Designer plus IDMs own functions ought to prevent attribute changes
> going round in circles or anything untoward like that, but I still feel
> a bit nervous about the idea. Are there numbers of IDS solutions out
> there that are satisfactory in a mesh config, or does the panel think I
> would be better off sticking to a simple hub and spoke architecture
> which would probably be easier for others to understand.