This content has been marked as final. Show 2 replies
Firstly whether you want to use LDAP Sync or OID connector needs to be decided based on your requirements. Specifically LDAP sync is not intended for a resource provisioned to some users, but where you need an LDAP replica of the entire OIM user base. I am not going to advocate one over the other, but from a different perspective to yours:
1) LDAP Sync is required for supported OAM integration.
2) LDAP Sync gives an LDAP replica of the entire OIM user base without requirement to install a connector, set up rules or access policies, manage resources for users, manage provisioning tasks etc.
3) You say the OID connector is simpler, but I guess that is a question of what you are used to. There are complexities in LDAP Sync set-up, but once set-up it can be just as easy or even easier to manage than an OID connector, e.g. I would argue the additon of new attributes can be easier in LDAP sync than in the connector, where you have to manage form versions, process tasks, reconciliation profiles etc. If anything I have found it easier.
4) You mention in the OID connector you can see failed tasks that need attention. In LDAP Sync you don't have this as this synchronisation is synchronous, not ayscnhronous as the OID connector, so a failure is immediately apparent to the end user with the change being rejected (even if the message may not be helpful!).