LDAP/AD Sync Module

We have started to plan out an LDAP/AD sync module for MIQ and are wondering what features/functionality others would find useful in the module. Here are the high-level features that we have currently defined.

  • LDAP/S connection to a source directory
  • Configure multiple target DNs for search/import against Example OU=Users,OU=Production,DC=prod,DC=foo,DC=com and OU=Users,OU=Test,DC=Prod,DC=foo,DC=com)
  • Scheduled synchronization
  • Run on demand synchronization
  • Perform delta changes for users already in the system (Example first name changes it would update in MIQ)

This capability will allow us to provision resources via the APIs and allow the provisioned resources to be tagged to the user without the user ever logging in to the MIQ environment.

We aren’t sure how to handle terminations and the deletion of accounts in the source AD/LDAP directory. Any thoughts or ideas around this would be helpful. If anyone has any other features for this module as well we are interested in feedback.