All our groups are presently kept in synch.
eDir <-> IDVault <-> AD
Changes sourced from eDir or AD work well to replicate memberships
across directories.

We have a requirement to keep a couple groups in synch but to NOT allow
membership changes sourced from eDir or AD.
Membership to these two groups is done via another driver (Oracle) which
updates specific attributes in the IDVault. Those changes are picked up
by a Null Driver and group membership Add/Delete are done this way.

For this reason, these two groups should no longer be modified by
administrators of eDir or AD. I'd like to essentially do the same as a
filter "Reset" if a membership change is being Published.

Can someone please point me in the right direction for the policy/rules
I might need in eDir and AD drivers?
I've searched and haven't found any posts that might help me.

Thanks for any help,

ohico's Profile:
View this thread: