wferguson1 Absent Member.
Absent Member.
221 views

eDir drivers & wanting sub change to sync on pub channel


I have an eDir to eDir driver connecting my Vault edir and my Tree edir
instances. Changes made to my student accounts, passing from the vault
to the tree, are adding group memberships to the accounts in the tree.
This leaves my groups and members in the tree correct and like I want
them, but then those group memberships do not get synce'd/updated back
in the vault. Hanging off of my vault is my AD driver to my exchange
environment in which I sync those group memberships as well which they
are used for email distribution groups.

So what I am left with is when accounts get updated in the vault, the
member is added to the group in the Tree as it syncs to the Tree, but
those group memberships are not synced back to the vault and obviously
not to exchange as well.......I am guessing that the edir driver in the
Tree is not going to send group membership changes out the publisher
channel that it received on the subscriber channel......I guess it would
see that as a loop if it were to actually do so.

How would one suggest handling this. Our IDM infrastructure is setup so
that the Vault handles users and the Tree handles groups...so just
adding the users directly to a/the group in the vault is not a solution
I can put in place. Thank you in advance for your suggestions.


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54074

Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: eDir drivers & wanting sub change to sync on pub channel


Hi wferguson,
I tried to read your question number of times, but still confused with
your problem explanation.
I will try to repeat how I understood the issue.
1. You have "classic" eDir driver between myVault and myTree edir
2. Student account changed (by external process) on myVault and this
change trigger event (for eDir driver) that will add student account to
the group in MyTree.
3. AD driver (on myVailt) wait for similar group change to start own
action

> group memberships are not synced back to the vault and obviously not to
> exchange as well

No reason to pass event (created by same driver) back (loopback
protection).

You can do it yourself: Just add policy, that will not only add user to
the group in MyDir tree (add destination attribute), but also add it to
the group in MyVault tree (add source attribute)


--
If you find this post helpful, please show your appreciation by clicking
on the star below :cool:
------------------------------------------------------------------------
al_b's Profile: https://forums.netiq.com/member.php?userid=209
View this thread: https://forums.netiq.com/showthread.php?t=54074

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: eDir drivers & wanting sub change to sync on pub channel


Hi,

could you post the important parts from both of your filters.
Are you syncing the "groupMembership" attribute on the users or the
"member" attribute on the group?


--
fwitt
------------------------------------------------------------------------
fwitt's Profile: https://forums.netiq.com/member.php?userid=8759
View this thread: https://forums.netiq.com/showthread.php?t=54074

0 Likes
wferguson1 Absent Member.
Absent Member.

Re: eDir drivers & wanting sub change to sync on pub channel


al_b......that is a simple yet brilliant approach. In the rule I am
definitely setting the destination attribute.....I will add in their to
add source attribute as you suggested and will update the post
afterwards. Thank you!


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54074

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.