June 27, 2016 at 8:37 pm #11607anrParticipant
I am using OpenIDM for Self Service Password Reset. We have a bunch of properties defined as part of managed user object in OpenIDM((eg: FName, LName, Password, Email, Employee ID etc)). Every time when either one of the properties is updated, the record is sync’d to my target mapping (AD in my case) right away. I want to trigger implicit sync only when Password property of the managed object is updated and not the rest. Any pointers or sample that I could follow would be greatly appreciated?
June 27, 2016 at 9:10 pm #11609ssripathyParticipant
- This topic was modified 6 years, 3 months ago by anr.
I am not aware of anything out-of-box. Depending on how granular you want the sync to be, you could setup a “profileUpdate” flag vs “pwdChange” flag. You patch these flags depending on whether you just changed password vs name. You can then control the sync conditionally based on flag statuses. After the sync you need to remember to set the flag status.
HTHJune 28, 2016 at 12:26 am #11611Jake FeaselModerator
You could create a mapping from managed/user to AD that only sets the password field. If you have another mapping from managed/user to AD, you could set enableSync off for that one, and (presumably) only use it with recon.June 28, 2016 at 2:18 am #11613anrParticipant
I am sync’ing only the password in my mapping. The issue is that, any changes to any of the other properties of managed user, the password is getting sync’ed. I just wanted to know if there is a way to invoke the password sync mapping only if password is updated.June 28, 2016 at 8:25 pm #11695Jake FeaselModerator
Given the very narrow change you want to provision, you could actually achieve this without using a mapping. Instead, you could use an onUpdate script on managed/user, which compares the oldObject and newObject for password and directly updates the linked AD account if the password changes. In order to do this, you’ll still need a mapping from managed/user to AD to establish links, and you’ll need to query the links table to find the associated account.
- This reply was modified 6 years, 3 months ago by Jake Feasel.
You must be logged in to reply to this topic.