limit password sync to one set of users


I'm working on implementing Bi-directional Password sync from Activedirectory to eDirectory but I only want it to work for one set of users. these users are in their own OU and have their own password policy assigned.

From reading the docs I know i have to turn on the sync globally for the driver. So I'm looking at setting a condition in the Publisher that will block all password changes except ones for this OU.

Am I on the write track with something like this.

modifying the existing NOVLPWDSYNC-pub-ctp-PublishNDSPwd

currently it vetos any change via an or on GCV for publish-password-to-nds, password not available, password not-match ".+"

I'm adding a second condition group and adding:


if destination DN not in container "path\to\ou"

inside that if then veto() block.

that seems to be what i want but i'm not 100% sure that's enough

Top Replies