About 2 months ago, we started working on this new "Provisioning Solution". We had the full court press from the vendor, out of country contractors, VP's of Application, PM's of Doom and the Salesman. Our current provisioning is a rather ingenious in house system that was cooked up using Access and a good deal knowledge. Having been working on Novell IDM for the last 3 years I have a pretty good idea of what it can and can't do.....
This new solution? Can't rename attributes down stream? Can't edit the XML directly, can't reconfigure on the fly or move drivers from one device to another rapidly. No IDE, no easy command line access,. It's all "web" 2.0'd to death, and it's sluggish. IDM routinely parses over 12,000 records in an hour, this one? (and this is from their developer) would take "20 hours" to parse the same amount of records. To support this super duper solution we need to spin up a "DEV" environment, which means that I needed to produce a separate but identical eDir, IDM and AD. The eDir? simple, spin up a SLES 11Sp1 box, load in eDir, load in IDM. Do the connector magic in Designer. LDAP export PROD into the new DEV for the O's and OU's. Deploy, get the Certs right and start. Minor tweaking ensues and in 5 hours I have a duplicate environment with all the users and groups. The IDM and the AD won't take even close to that long.
That new fangled one? yeah.... 8 weeks, and it doesn't do anything yet. It could provision eDir and AD sure, but it has this bug....
If you use the new tool to change your password, it sets it in eDir, it sets it in AD, but......
it locks you out of the new solution.......
Because it can't change the password there......
Ease Of Use, Helps get IT done......