Home > Identity Management > Identity Manager Reset

Identity Manager Reset

I have been working on getting synchronization between eDirectory and SQL server working for our Deltek Vision rollout. I was under the mistaken impression that the jdbc driver for DirXML was included in the base product package. Yesterday I decided to activate our new IDM 3 server and I noticed that the jdbc driver didn’t activate when I installed the activation credential. I checked the licensing to find out that I was mistaken, and then checked the purchase prices for the Novell IDM 3 Integration Module for Database (the official name for the jdbc driver). I subsequently coughed up my skull over what seems like a very high list price of about $25,000 USD for the server instance, plus $6 US per user, plus maintenance. I checked the Sun Identity Manager product and confirmed that there is no licensing cost for their jdbc driver, and maintenance is optional. After a little thought it was not possible to justify an expenditure of over $30,000 plus maintenance just to get user synchronization to Deltek Vision.

I really didn’t want to have to manually manage users in Vision though. An initial bulk import would be easy enough, but ongoing maintenance of the users would be a pain in the backside. After discussing it with my boss and with our database / java programming expert Bart, we decided that the requirements of user synchronization for Vision were simple enough (User ID constructed from some attributes we keep in eDirectory plus the sha1 hashed password) that we could use some custom java classes within the subscriber channel between our Identity Manager identity vault and our AD domain controller to siphon off sufficient credential information to populate the user account table of Vision. Thus my last 10 days of work or so were reset and yesterday I started working on getting Active Directory synchronized with our eDirectory identity vault. Tonight I’m working late to get the universal password enabled on some of our offices so I can verify that we will be able to steal the password out of the eDirectory to Active Directory identity management datastream and hash it. So far everything is working as expected, and no need to buy the jdbc driver for IDM3, because the AD driver is included in the base price, so we already own it.

There’s nothing like a 90 degree direction change at the 11th hour.

Categories: Identity Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: