Programatic Resync of objects

Does anyone know how, or if it is possible to resync users (or any object really) programatically, I know you can update the DirXML-Asscoiations attribute to the resync value, however this does not seem to force a resync the same as the Merge from NDS button in the Driverset.

OK I tell a lie, modifying the DirXml association and setting the state to 4 (Migrate) works fine with a script updateing via LDAP.



IDM Driver 1.0 for SOAP

Does anyone know when the driver for SOAP is coming out.

In a presentation at brainshare it said [Excpected availability is may 2005] but I cannot find any other reference to it.

It's out now! Download here:

and look at the docs here:

Where are the Connector files stored on a IDM installation for windows

Entitlement and DirXML Script- Enhancement idea

As we constantly move towards 'heavier use' of Entitlements, we keep looking for ways to optimize the load on the IdM server.

One idea that came to mind is having a DirXML script command to enable limit the entitlement changes a driver can "see", so each driver "sees" only his own.

As things are running now, if a condition changes so that a user is given an entitlement for driver "A", all other drivers (that rely on entitlements) are also "alerted", which causes unecessary processing on the engine side.



Contents of an Identity Vault \ Person Registry

I'm curious as to what schemas people are using for their Identity Vaults. How do you prefer to store attribute values to maintain their affiliation information? Do you use standard schema, completely custom, or a hybrid?


I know the Higher Ed have a custom schema they use (see EduPerson, it has an eduPersonAffiliation attribute for related affiliations like Student Staff etc). This also allows their directories to be easily coupled with Shibboleth for federated Identity Management. I beleive normally this is just an auxiliary class and other standard attributes are still used. (So I guess this would be a hybrid).