OK,

Here's the scenario.

Objects of a type (group) are syncing between IDM and connected system
(in both directions)

Depending on an identifying factor (CN prefix, OU placement, mapping
table etc) for some of these objects I want to use the filter to
implement different logic.

For example

Objects in category A - simply sync group membership from connected
system to IDV

Objects in category B - reset any group membership changes from
connected system and sync changes from IDV.

There are several of these attributes that differ in behaviour (and not
all are "reset")


I thought I could get smart and use some custom schema mapping to
convert objects from category B to a "virtual/aux object class" that
had the same attributes configured but different filter values. The
object class used is a valid aux class and set on the object in
question.

Via schema mapping, I sucessfully change the object class on an event
from the connected system to my "virtual/aux object class"

However, the merge process sees through my trickery. Somehow it
realises this object is primarily a group in the IDV and reverts to
using the group attributes specified in the driver filter to perform
the merge.

I really don't want to code specific logic (for example reset) for all
the attributes that fit in category B. That way means a lot of testing
and special case logic.

Another option is to sync these objects via a second driver - but as
they include group membership that means I need to also sync user
objects from both drivers - which is far from an ideal solution.

Anyone got any ideas or do I have to go with the "code exceptions for
each attribute" approach?

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...