Environment
Filr 1.0
Novell eDirectory
Microsoft Active Directory
Novell eDirectory
Microsoft Active Directory
Situation
- Have more then one eDirectory Tree.
- Have more then one Active Directory data store.
- Have multiple LDAP sources
- Some users exist in both trees or data stores.
- Which users, from which Tree, are syncing?
- Migrating from a old tree to a new tree, how to help users stay sync'd.
- A type of IDentity Management (IDM) solution may be used.
Resolution
These are very good questions as any of these scenarios may happen to admins. Unfortunately, there's currently not a very good answer to all these questions.
The solution depends on the scenario, but the main solution will be that users need to have unique identifiers to allow sync to take place as well as logins. Filr does not have the ability to differentiate between the same user in both trees, as it uses the uid for logins and syncing. Using a IDM solution and creating a new unique identifier would be needed, then it would have to be populated to both trees, and Filr could sync and allow users to login based off of that. Novell is currently pursuing other avenues in which to allow the same uid to be sync'd from both trees, but currently doesn't have a solution for this.
There's no way to really tell which user from which tree got sync'd, except by which LDAP source sync'd first or by going into the database and looking for the GUID and comparing it to the user's GUID in the Tree.
It is hopeful that towards the end of year, that Filr will be able to support customer who are migrating from one Tree to another to help reduce conflicts and problems.
The solution depends on the scenario, but the main solution will be that users need to have unique identifiers to allow sync to take place as well as logins. Filr does not have the ability to differentiate between the same user in both trees, as it uses the uid for logins and syncing. Using a IDM solution and creating a new unique identifier would be needed, then it would have to be populated to both trees, and Filr could sync and allow users to login based off of that. Novell is currently pursuing other avenues in which to allow the same uid to be sync'd from both trees, but currently doesn't have a solution for this.
There's no way to really tell which user from which tree got sync'd, except by which LDAP source sync'd first or by going into the database and looking for the GUID and comparing it to the user's GUID in the Tree.
It is hopeful that towards the end of year, that Filr will be able to support customer who are migrating from one Tree to another to help reduce conflicts and problems.
Status
Reported to EngineeringAdditional Information
An enhancement request has been submitted along with some possible scenarios to consider and ideas on how to work around them. If additional ideas or suggestions to be included in a future release on how to improve this, feel free to provide feedback or open up a Service Request, that would be refunded, for ideas of what would work in the admins unique environment.