3 Replies Latest reply: Apr 6, 2013 12:26 AM by idamGod RSS

    OIM11gR2 and iPlanet 9.0.4 - Trusted and Target at the same time?

    adr
      Hello,

      I have a setup where a SunOne directory server is our trusted identity source.
      We set up iPlanet connector and run the iPlanet User Trusted Recon Task.
      OIM users are created and all works as expected.

      BUT, I have to "write" one information back to SunOne.

      I was wondering if I could do the following:

      1 - Run the iPlanet User Target Recon Task
      2 - OIM Users will receive an iPlanet User resource
      3 - I will write on the user's iPlanet User resource corresponding Form
      4 - The iPlanet connector will then take care of writing to the actual SunOne directory server

      My big concern is: can the iPlanet connector be as a trusted and target at the same time?

      IMPORTANT: obviously, I won't write to the same attributes I'm reading when I run the trusted reconciliation (no loop concern)

      Thanks for an insight!
      Adr.
        • 1. Re: OIM11gR2 and iPlanet 9.0.4 - Trusted and Target at the same time?
          idamGod
          BUT, I have to "write" one information back to SunOne.
          In order to send some update back to sun one, you do not need target recon. You just need to develop "Updated" task in the process definition.
          • 2. Re: OIM11gR2 and iPlanet 9.0.4 - Trusted and Target at the same time?
            adr
            Hello Srini,

            Yes, and it is what I intend to do.
            But before I try to deal with the update task, the user must have the iPlanet User resource "provisioned". My guess is that the best way to give an iPlanet User resource to the user is by launching the "target" recon, instead of trying to provision it, because it will end up in error anyway, since the account already exist in the target.

            My uncertainty is whether I have to tweak the iPlanet connector in any special way for it to work properly as a trusted "and" target source at the same time.

            Adr
            • 3. Re: OIM11gR2 and iPlanet 9.0.4 - Trusted and Target at the same time?
              idamGod
              If I understood your requirement correctly, your thinking is not correct.

              In your case, Sun LDAP is he trus ted source. When you run the trusted recon, it will bring account from target to oim and it will create user in oim and also it will link account in target system with oim. You dont have to run target recon. If you run target recon, again, it will try to bring updated information (if any) from target system to oim.

              Since, your goal is to bring all target accounts into oim and do some update after that, just run the trusted recon to bring the users and their accounts into oim and then do the required update. No need of target recon in this use case.