2 Replies Latest reply: Jan 3, 2013 7:00 AM by adr RSS

    Why would you use the LDAP Sync instead of the OID Connector?

    adr
      Hello All,

      I've used OIM 9 with the OID Connector for a quite a few projects.
      It worked very well and it allowed us to create/modify the provisioning tasks of the "OID User" Provisioning Process to quickly push values to OID attributes base on customers business rules with all the IFs and ELSEs you can imagine.
      Also, if some tasks ended up failing they remained in pending state and an administrator would take a close look and eventually take care of the situation either by resubmitting the pending tasks or enhancing the integration.

      Now I see that in the 11g there is the "possibility" of using the LDAP Sync.

      But I don't see the real value of LDAP Sync yet.
      IMHO

      OID Connector

      Pros
      1. Easily allow to push data to OID based in specific business rules
      2. Allow administrator to identify failed tasks that need attention
      3. The connector installation is easy and straightforward

      Cons
      ?

      LDAP Sync

      Pros
      ?

      Cons
      1. Cumbersome to install if done after OIM Installation
      2. Hide failed synchronizations (please let me know if I'm wrong here)
      3. Do not allow customization, since its based on synchronization you cant add your own conditions

      So, the question is : why would you use LDAP Sync instead of the OID Connector?
      I would be happy to see if some of you could extend the list pros and cons

      Thanks,
      Adriano.
        • 1. Re: Why would you use the LDAP Sync instead of the OID Connector?
          duncan_db
          Firstly whether you want to use LDAP Sync or OID connector needs to be decided based on your requirements. Specifically LDAP sync is not intended for a resource provisioned to some users, but where you need an LDAP replica of the entire OIM user base. I am not going to advocate one over the other, but from a different perspective to yours:

          1) LDAP Sync is required for supported OAM integration.

          2) LDAP Sync gives an LDAP replica of the entire OIM user base without requirement to install a connector, set up rules or access policies, manage resources for users, manage provisioning tasks etc.

          3) You say the OID connector is simpler, but I guess that is a question of what you are used to. There are complexities in LDAP Sync set-up, but once set-up it can be just as easy or even easier to manage than an OID connector, e.g. I would argue the additon of new attributes can be easier in LDAP sync than in the connector, where you have to manage form versions, process tasks, reconciliation profiles etc. If anything I have found it easier.

          4) You mention in the OID connector you can see failed tasks that need attention. In LDAP Sync you don't have this as this synchronisation is synchronous, not ayscnhronous as the OID connector, so a failure is immediately apparent to the end user with the change being rejected (even if the message may not be helpful!).
          • 2. Re: Why would you use the LDAP Sync instead of the OID Connector?
            adr
            Hello duncan_db,

            Thank you for your opinion and the information.

            Adr