This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Requirement for Account Definition for Syncing to LDAP Directory

I'm a little hazy on the exact purpose of an account definition. I'm looking at provisioning to an LDAP directory. Can't I just set up a synchronisation that syncs directly from the Person object out to the LDAP directory? Do I really need an account definition? Won't an account definition just add the Person objects to the LDAPAccount table and then sync from there to the LDAP directory? Isn't this just adding unneeded complexity? I can see a lot of documentation about account definitions and how to configure them but I haven't been able to find a more functional overview of why and when they're neccessary? Is it a simple rule like all downstream systems require account definitions?

Thanks if you can clear this up for me.

0 Markus Weiss-Ehlers over 7 years ago

If your objects in the LDAP directory are identities (or persons if you like), like something that is coming from an HR system, than you do not need an account definition. As the name implies, they are used for accounts in the identity management concept of OneIM.

You can directly sync from the person table to your LDAP directory if you like. You just have to configure the sync project accordingly.

Note: If you want t use the ad-hoc provisioning of changes from the person table to your LDAP directory, you need to create your own processes and sync operations to do so.
Cancel
Up 0 Down

Cancel