Implicit Sync only on one property update

This topic has 4 replies, 3 voices, and was last updated 6 years, 3 months ago by Jake Feasel.

  • Author
  • #11607

    Hi all,
    I am using OpenIDM for Self Service Password Reset. We have a bunch of properties defined as part of managed user object in OpenIDM((eg: FName, LName, Password, Email, Employee ID etc)). Every time when either one of the properties is updated, the record is sync’d to my target mapping (AD in my case) right away. I want to trigger implicit sync only when Password property of the managed object is updated and not the rest. Any pointers or sample that I could follow would be greatly appreciated?


    • This topic was modified 6 years, 3 months ago by anr.

    I am not aware of anything out-of-box. Depending on how granular you want the sync to be, you could setup a “profileUpdate” flag vs “pwdChange” flag. You patch these flags depending on whether you just changed password vs name. You can then control the sync conditionally based on flag statuses. After the sync you need to remember to set the flag status.

     Jake Feasel

    You could create a mapping from managed/user to AD that only sets the password field. If you have another mapping from managed/user to AD, you could set enableSync off for that one, and (presumably) only use it with recon.


    I am sync’ing only the password in my mapping. The issue is that, any changes to any of the other properties of managed user, the password is getting sync’ed. I just wanted to know if there is a way to invoke the password sync mapping only if password is updated.

     Jake Feasel

    Given the very narrow change you want to provision, you could actually achieve this without using a mapping. Instead, you could use an onUpdate script on managed/user, which compares the oldObject and newObject for password and directly updates the linked AD account if the password changes. In order to do this, you’ll still need a mapping from managed/user to AD to establish links, and you’ll need to query the links table to find the associated account.

    • This reply was modified 6 years, 3 months ago by Jake Feasel.
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?