Here's the scenario.

Objects of a type (group) are syncing between IDM and connected system
(in both directions)

Depending on an identifying factor (CN prefix, OU placement, mapping
table etc) for some of these objects I want to use the filter to
implement different logic.

For example

Objects in category A - simply sync group membership from connected
system to IDV

Objects in category B - reset any group membership changes from
connected system and sync changes from IDV.

There are several of these attributes that differ in behaviour (and not
all are "reset")

I thought I could get smart and use some custom schema mapping to
convert objects from category B to a "virtual/aux object class" that
had the same attributes configured but different filter values. The
object class used is a valid aux class and set on the object in

Via schema mapping, I sucessfully change the object class on an event
from the connected system to my "virtual/aux object class"

However, the merge process sees through my trickery. Somehow it
realises this object is primarily a group in the IDV and reverts to
using the group attributes specified in the driver filter to perform
the merge.

I really don't want to code specific logic (for example reset) for all
the attributes that fit in category B. That way means a lot of testing
and special case logic.

Another option is to sync these objects via a second driver - but as
they include group membership that means I need to also sync user
objects from both drivers - which is far from an ideal solution.

Anyone got any ideas or do I have to go with the "code exceptions for
each attribute" approach?

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...