Hi everyone!

Long story short, we're using IDM 4.0.2 on OES11 SP2 with the JDBC, AD,
and GW drivers. Our data flows one direction - from Banner (JDBC) to
eDir (IDV), and then from eDir to AD and GW. At this point, I've got
account creation set up successfully so that accounts can be created in
the tables in Banner, and then will replicate out to eDir and AD without
an issue. What I'm trying to work on now is the auto-provisioning of
accounts to GW.

Here's our post office setup:

8 student post offices:
STU01 - usernames starting with the letters A and B
STU02 - C and D
STU03 - E through I
STU04 - J
STU05 - K and L
STU06 - M
STU07 - N through R
STU08 - S through Z

a special IT post office for IT folks


Typical administrators

"Special" administrators (no quotas, caps, limits, etc.)

Student orgs, generic departmental accounts, etc.

Other folks (volunteers, etc.)

Currently, the core eDir/AD accounts are created by the IDM processes
automatically, and then we use JRB Utilities scripts to create GW
accounts and home directories for the accounts after the fact (we have a
veto policy on the GW driver.)

I'm currently calculating a "postoffice" attribute that's stored in the
JDBC driver source depending on what post office the user should be
placed in, but right now that doesn't really go anywhere at this point.

What I'm hoping to do is to use a mapping table to be able to translate
that post office attribute value into the post office DN for the GW
account creation process (following David's excellent 'article'
(http://tinyurl.com/ofhhv5c).) Since I don't need to use that generic
attribute value anywhere but for setting the location of the GW account
when it's created, I thought about using a notify attribute. But, in
trying to get that set up, it looks like you have to set up an actual
attribute mapping to do this?

My question is if that is indeed the case? If so, since it'll be a
notify attribute, does it matter what attribute I use in the vault? Or
should I create a new one specifically for that process?

If it makes any difference, we don't have a separate eDir instance for
our IDV; when things were set up back in the DirXML days, they
configured it to use our regular production eDir instance as the IDV.

Thanks for any advice you can provide!

smily_03's Profile: https://forums.netiq.com/member.php?userid=1191
View this thread: https://forums.netiq.com/showthread.php?t=54612