I'm working on implementing Bi-directional Password sync from Activedirectory to eDirectory but I only want it to work for one set of users. these users are in their own OU and have their own password policy assigned.
From reading the docs I know i have to turn on the sync globally for the driver. So I'm looking at setting a condition in the Publisher that will block all password changes except ones for this OU.
Am I on the write track with something like this.
modifying the existing NOVLPWDSYNC-pub-ctp-PublishNDSPwd
currently it vetos any change via an or on GCV for publish-password-to-nds, password not available, password not-match ".+"
I'm adding a second condition group and adding:
if destination DN not in container "path\to\ou"
inside that if then veto() block.
that seems to be what i want but i'm not 100% sure that's enough