IdStory Identity Manager

In synchronization settings, we can define custom filtering of accounts on the end system - creating custom IcFilter (let's call this "end-system filtering").
We already met situations (on two projects) where we would need a bit more freedom, specifically:

• Filtering search results using regex.
• Permanently hiding some accounts on end system from IdM. Those accounts could not be filtered out in other way (e.g. by specifying additional LDAP filter).
• Filtering during reconciliation.

This is a feature request/proposal for a "IdM-side filtering" hook to a Groovy script / form-based filter. Supposed function (but this is free for discussion, if we find another way, we do not need to implement a hook):

1. IdM performs listAll() as it does now.
2. Each record of the listAll operation (=each listed account) is passed to hook as a Map<K,V>, where K is attribute name and V is its value. Processing the Map<K,V> is up to hook (that's why I propose it to be a Groovy script).
   • Hook returns "true" -> IdM will process the account in a synchronization/reconciliation.
   • Hook returns "false" -> IdM will not process the account. It would look like the account was not part of the listAll() result at all.