This content has been marked as final. Show 3 replies
Use a "default" group, for when no matches are found.
Another option is to use a virtual directory, custom directory proxy rewrites, or metadirectory engine to build the data you need into your LDAP repository. You could then lookup a custom attribute, like "sbgroup", which could be dynamically populated as part of a nightly script.
The only note on this is, that users do not get new settings if the Connector Manager moves them from one group to another. You would have to force the system to re-apply group configs to all users through a nightly or weekly scheduled task.
I kind of use "Create a new group with .... from attribute xyz..". So, I was hoping I can do a group mapping. i.e. The group name might change due to some reason regularly.
I will check this with our AD support.
in the end, I might just use default group but using a script as second stage update to change the group name...
By Virtual Directory, I don't mean folder, share point, or DFS. I mean a Virtual Directory services engine, which creates a real-time representation of information from various systems and presents it as a single entity. This technology normally even allows for data rewrites (like breaking first/last name into separate fields) and data hierarchy (like AD is a better resource for getting e-mail address, than HR database; while the PBX is more accurate for phone numbers than AD).
Another technology you may want to look at, instead of a MetaDirectory service, you could look at products for Data Aggregation or Aggregation Engines.
Hope that helps.