How to synchronize attributes from auxiliary classes via Identity Manager.

When schema is extended in eDirectory for a class and Novell Identity Manager (IDM) is synchronizing objects from one tree to another environment it can sometimes be useful to synchronize the attributes associated to the class via an auxiliary class. The IDM filter specifies some classes by default which is how IDM knows to let certain events into the channel for synchronization.

When an Auxiliary Class is added to schema and certain objects are extended with the attributes associated to the new class there is no need to add additional classes to the IDM driver's filter. The filter works based on the base/effective class which is, for default User objects, always 'User'. The administrator needs to add the new attributes under the existing class(es) so that IDM will watch for those specifically on those classes but otherwise there should almost never be an Auxiliary Class in a driver filter. The IDM tools will let you choose any object class to be in the filter but only objects with a base class of the class chosen will actually be identified by IDM for synchronization.

As an example of where this happens already consider that the User class is inheriting attributes from several other classes (Top, Organizational Person, and Person) and one non-Effective class (ndsLoginProperties). While these are all part of what makes up the User object only the base class (User) is referenced in the filter directly.