CA Identity Manager: How to Approach Authoritative Sources

On a recent project our team was charging full steam ahead with creating a custom JNDI connector with Connector Xpress to use an existing LDAP as an authoritative source for CA IdM. We encountered a few complexities using Explore Correlate as an all in one synchronization tool that I ‘d like to share.

Simple Answer: Very Carefully!

On a recent project our team was charging full steam ahead with creating a custom JNDI connector with Connector Xpress to use an existing LDAP as an authoritative source for CA IdM. We encountered a few complexities using Explore Correlate as an all in one synchronization tool that I ‘d like to share.

Explore Correlate

When using Connector Xpress you will most likely be using Explore Correlate to create/update IdM users.It can get cumbersome to set up as Explore Correlate is not meant to maintain IdM users. The team started down this path but our complex Org structure made it near impossible to both determine and set the Org.  As a rule, Explore Correlate places all new users into the default Org.

The solution we found was to 1) catch each create event and 2) use Policy Express to set the Org on the fly.

Reverse Attribute Mapping

Any information you want to pull back from the Connector must be mapped to a Global (Provisioning Directory) attribute, then to a User Directory attribute (assuming you are following the CA recommended architecture of separate user and provisioning directories).  In the end, we would recommend a well thought out flat file feed or setting up TEWS (Task Execution Web Services CA’s web services core) to accomplish this.

As always if you have any questions, comments or concerns, feel free to reach out to us at IDMWorks.