Novell Identity Manager to Deltek Vision via Active Directory Subscriber Channel

I’ve gotten the proof of concept working for pushing eDirectory user IDs into Deltek Vision (essentially a table in Microsoft SQL Server 2005) without using Novell’s Identity Manager Integration Module for Databases. As I wrote about before, we were confused about the licensing for the database integration module for Identity Manager 3, and when we found out what it would cost, we choked on it a bit. We decided to try to work with the Identity Manager components we already owned, namely eDirectory, Active Directory and GroupWise, and figure out a way to get credentials into Vision using one of those pieces.

We have a new Active Directory deployment that we just built, and we wanted to synchronize eDirectory credentials into it anyways, so we decided to start with that. Based on our past experience with Identity Manager, we realized it would be possible to intercept user adds and modifies on the subscriber channel between eDirectory and Active Directory. We can use data from those events kicked out of Identity Manager with custom java inside policies in the subscriber channel to populate the user table in SQL Server for Deltek Vision.

We were still running DirXML 1.1a in some of our sites, and we didn’t have Universal Password enabled in eDirectory. To get what we need working, we would have to upgrade to IDM3, and enable Universal Password. Fortunately, all our servers and eDirectory instances are at versions and patch levels sufficient to allow IDM3 to be installed and Universal Password to be enabled. I upgraded our enterprise tree yesterday to IDM3, and Universal Password, and started the process of updating the 10 DirXML drivers to IDM3 format with Password Synchronization 2.0. I also updated our corporate office production tree. I got the Universal Password synchronizing via the Distribution Password from our corporate office tree to our enterprise tree to our new IDM3 idvault tree, to Active Directory last night. I tested skimming off add and modify events and outputting them to files using java in the AD subscriber channel. That all works, so now our database administrator can take the data and stuff it into Vision’s SQL 2005 database.

I’ll finish the rest of the DirXML 1.1a to IDM 3 upgrades tonight, and by the weekend we should have all our credentials ready for synchronization into Vision.