We paid for a custom program from IBM, LDAP SYNC (Rob Russell developed this program), that allowed the synchronization of users to CMOD 9.5. Upon upgrading to 10.1 this program ceased to work and we were told to switch to ARSLSYNC. However, ARSLSYNC forces the synchronization of groups and has a low limit for group exceptions. This is incompatible with our current installation.
We think it would be beneficial to our organization and other organizations to have the ability to turn off group synchronization and only synchronize users.
Why is it useful?
|Who would benefit from this IDEA?||Our organization (HCA) and any other organization that uses CMOD and synchronizes with AD. I think in a large organization with a large AD structure forcing group synchronization is not a good idea.|
How should it work?
ARSLSYNC would have a switch/argument to only sync groups, only sync users, or to sync both.
Default behavior can remain both, users perhaps -u and groups perhaps -g.
For instance, to synchronize groups with the existing -s for synchronize it would be -gs or for users it would be -us.
|Priority Justification||We have a support contract for both CMOD and the LDAP SYNC program. We are being told to migrate to the ARSLSYNC solution because LDAP SYNC will be discontinued/unsupported. ARSLSYNC is not usable in our current installation without a major project being implemented or a large amount of AD licenses being used to synchronize groups. We believe this is an undue burden on our part and prior functionality should be preserved.|
|Customer Name||Nathan Neely, HCA Inc,|