Hi, everyone!
We're performing linux authentication via our Active Directory domain. To achieve this , we're using Microsoft Unix for Services, which extend the AD schema with the msSFU type attributes, such as NIS Group, shell, home directory, etc...
We would like to know which could be the best approach to provide provision/update/deprovision of accounts with One Identity. Target will always be Active Directory.
The easiest way: Extend Adsaccount with the attrs. I need. But I do already have a table to handle these attributes: UnixAccount. My idea is to create a system role that involves both the Unix and the AD accounts. However, I cannot figure out how to "join" both tables so I could fill the corresponding Unix attributes from the UnixAccount into the msSFU ones in Active Directory. And then, provision/update the AD account using an active directory sync project.
Now that I've written it all with my poor english I'm starting to like the "easiest way". But I'd love to have your opinions first :)
Regards!