I have a setup where NAM acts as SP, so all authentication is done at
external IdP.

External IdP sends two attributes (Username and mail) which are mapped
to eDirectory Attributes (cn and mail).

Matching is done using cn only but if user does not exists it is
created/provisioned. When user is provisioned NAM also correctly writes
mail address to eDirectory.

Sometimes mail changes so external IdP sends new mail address. But then
NAM does not write new mail to eDirectory.

Is it possible to achieve that NAM would write received mail attribute
to eDirectory on each successful authentication?

Regs Sebastijan

sebastijan's Profile: https://forums.netiq.com/member.php?userid=271
View this thread: https://forums.netiq.com/showthread.php?t=51730