We are configuring an IDM LDAP driver to integrate with an openldap directory. We are using the ldapsearch method as the directory does not support changelog.
I believe because of the nature of the polling, move events in openldap are being seen by the driver as 'add' events followed by 'delete' events(or vice-versa - I don't know if we can reliably predict the order).
Has anyone come across this behaviour while integrating with LDAP directories that do not support changelog? What is the best way to manage this? particularly in the case where we cannot reliably determine if a delete operation is an actual delete operation or whether the object has simply been moved.
FYI - our primary use case concerning moves is that if a user moves in openldap between two particular containers we also wish to move the user in the IDVault. Currently, with the driver interpreting this as an add then a delete, I fail to see how we achieve this?