Re: IdM Suites

[Rob Whalen <rwhalen () STMARYS-CA EDU>]

Bret R Blackman wrote:

> Greetings,
>
> We are considering several different Identity Management (IdM) Suites
> (LDAP directory + mgt tools) to help with our
> provisioning/de-provision of accounts and general identity management
> tasks.  One that we are currently testing is Sun Java Identity
> Management Suite that can be found here:
>
> http://www.sun.com/software/javaenterprisesystem/identity_mgmt_suite/index.xml
>
>
> Does anyone have any experience with this suite, or others from IBM,
> Oracle or Novell that they would like to share?
>
> Thanks,
>
> Bret R. Blackman
> University of Nebraska at Omaha
> Director of Administrative Information Services
> Information Technology Services, EAB 110
> bblackma () mail unomaha edu

Bret,
I am about 75% done with preparing a roll out of Novell's IDM 3. One of
the gotchas was the fact that eDirectory can't read openLDAP passwords
unless it sets the password from the eDirectory side. The work around
for that is performing a password reset using the web password reset
function in IDM 3. We will be setting up a separate "identity vault"
which will then be used to synchronize openLDAP and eDirectory, and
eventually our main database on AIX will become the definitive source.
The logistics of the transfer have proven to be the biggest hurdle-
keeping the old system going while implementing the new. Also, it has
forced a huge amount of cleanup in our data systems which previously did
not connect with each other. Just getting everyone to agree on dept
names across departments was a nine month process. I've received
consulting support from Novacoast on IDM 3, and am very glad I did. My
best advice is to spend the time to produce a thorough plan. I'd be
happy to talk to you offline.
Rob