Mass Modifications on Directories Using the IDM Toolbox

In the previous issue of Open Horizons Magazine we introduced the IDM Toolbox which offers a powerful set of functions for all system integrators, consultants, project managers and customers dealing with NetIQ Identity Manager or large directory trees. To briefly recap, it is a Java application that consists of a rich set of functions covering the following tasks:

  • Specify, generate and document drivers
  • Design workflow forms and mail templates
  • Analyze LOG files
  • Data Migration & Modification on directory objects
  • Document workflows, directory abstraction layer (DAL) and schema
  • Workflow Translation
  • Create Acceptance Documents for projects, drivers and workflows
  • Collaboration with versioning and data exchange

The NetIQ Identity Manager is a very powerful solution. It offers an incredible set of functionality for user provisioning, role based access control, segregation of duties, approval and re-certification processes. eDirectory is the heart of the system that makes it so powerful, flexible and reliable.

We can store users and groups, servers and workstations, organisational units, roles and resources, and many more different object types in eDirectory. Whatever you want to save in eDirectory you can do it. If it does not support the type of object you want to store in eDirectory you can just create a new object class from scratch or build a new one based on an existing object class.

So it happens frequently in an Identity Management project, that you have to deal with thousands, tens of thousands or even millions of objects. The previous article discussed the mass migration of objects between directory trees (directory cloning). This article will review how to make mass modifications to objects within an edirectory tree.

Object Modification

In huge IDM environments where you have to deal with thousands of objects it happens over and over that you have to perform mass modification on attributes. Perhaps your company is going to be reorganised and you have to change all the department names. Again, how would you solve this task? Write an LDIF script? However the IDM Toolbox has a very powerful, flexible and easy to use module to do mass modification on LDAP directories such as eDirectory or Active Directory.

(This article was first published in OHM29, p17-19, June 2015).  Please SUBSCRIBE if you wish to view the complete article.

Leave a Reply