What criteria is used for the Symantec Validation and ID Protection Service (VIP) EG LDAPSync to determine update, modify, and delete?
In LDAP Directory Sync, we provided 3 operations: add, update and delete.
If the user selects all 3 options, then the LDAP Directory Sync Service takes care of all these 3 operations performed on the LDAP Server and Syncs the data with the VIP User Services.
Our LDAP Directory Sync Service keeps a local database of the LDAP Records which are already present in the VIP User Services.
In the local database, we keep the unique id’s of the LDAP Records, which is different for different LDAP Server, e.g. for AD, GUID (Globally unique identifiers) is the unique key which remain constant for a particular record in the LDAP Server.
When a new record gets added in the AD, a new GUID is assigned to the record which will not be present in local database until the sync operation, our LDAP Directory Sync Server will know that a new record was added in the AD which needs to be added in the VIP User Service as well during the sync operation and add that record in the VIP User Services.
But when a record is modified, the GUID does not get changed, only the sAMAccountName which needs to be present in the VIP User Service changes and hence we trigger the modify operation in the VIP User Service instead of deleting a record with old name and adding a new record with the new name (which can lead to loss of credential mapping). During modify operation, the credential bindings remain intact.
So along with the sAMAccountName, we look for the GUID entries to uniquely identify a particular record in case of AD Server. For different LDAP Server, this unique identifier is different, and we have an array of the unique identifiers which we look for in the LDAP Server to uniquely identify a particular record.
Also we are updating the records based on the modify time stamp in the VIP User Services, for this, we are looking for an additional attribute modify time stamp to figure out the time at which any record is modified while updating it in the VIP User Services.
In summary, we are looking for the Unique ID (e.g. sAMAccountName for AD Server) which needs to be present in the VIP User Services, the LDAP unique identifier (e.g. GUID for AD Server) which uniquely identifies a particular record present in LDAP Server and the modify time stamp to sort the modified data based on the time stamp before updating the records in the VIP User Services in LDAP Directory Sync Service LDAP Search criteria.
Imported Document ID: SO17704
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.