This script counts the seconds it takes until a modification of attributes and the password on a reference object is synchronized.

How to install and configure

  1. Make sure your perl installation has the Net::LDAP and Term::ANSIColor Modules available.
  2. Create a reference user object. Make sure it is synchronizable within your IDM Installation – this means it resides on an eDirectory partition that is local to the IDM Server.
  3. Create a LDAP Proxy User that is used to modify the reference object. Make sure it has the rights to edit the following attributes:
    • mobile
    • facsimileTelephoneNumber
    • ability to change the password (Password Management)
  4. Configure the script. Enter the server information following this example:
  5. # Index for LDAP Host configurations
    # 0 = IP-Address
    # 1 = Proxy User with supervisory rights to the synctest object/1
    # 2 = Password of this proxy user
    # 3 = DN of synctest user (FDN: cn=test,ou=test,o=test)
    # eDirectory/LDAP Host 1
    @host1 = ("","cn=proxyuser,o=novell","password","cn=synctest,ou=test1,o=novell");
    # eDirectory/LDAP Host 2
    @host2 = ("","cn=proxyuser,ou=check,o=novell","password","cn=synctest,ou=test2,o=novell");
  6. By default, the sync-check has a timeout after 1200 seconds (20 minutes) – really a long time. You can change it to any other value in seconds.
  7. The check is bi-directional. After a successful sync from Server 1 to Server 2, it checks the sync from Server 2 to Server 1. This can be turned off by setting the variable $twoWay to 0.
  8. After modifying the object on Server 1, the script queries for the value on server 2. This is done once per second by default. This can also be changed by setting the variable $readPause to the desired value in seconds.
  9. Run

    Now you can run the script – after setting the right permissions – and see how long it really takes to sync modifications and passwords between two trees.

    ui@hobbes:~/bin>chmod u+x

    checkIDMSync Screenshot

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: ui
Jan 2, 2008
11:39 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow