I am trying to establish IDvault authority over Deny Access group, I
mean that if LoginDisabled=false and user has been put in Deny Access
group manually so I must catch this event and remove the user from Deny
Access group as LoginDisabled=false

and if LoginDisabled=true and the user is removed from Deny Access
group manually, I must as well react and get the user back into Deny
Access group

I set the filter in the publisher to sync 'Group' class and notify
'members' attribute

I am getting the follwing document on the publisher


<nds dtdversion="2.0" ndsversion="8.x">
<product build="20110525_152103" instance="LotusNotes" version="3.5.7">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
<modify class-name="Group" event-id="EE7AF6BC9518E73EC125798B0033FD52 - 1328720003337">
<association state="associated">EE7AF6BC9518E73EC125798B0033FD5 2</association>
<modify-attr attr-name="Members">
<value>CN=Zachai LEVI/OU=EXT/OU=FR/O=Vuitton</value>
<value association-ref="DCEAB9158B88DCC2C12579990049E63D" type="dn">CN=Fanny BACLET LEJEUNE/OU=FR/O=Vuitton</value>
<value association-ref="7589F8F12F10DBC9C125799C004A6DDA" type="dn">CN=Salman ROCHDI/OU=FR/O=Vuitton</value>
<value association-ref="51E5707C5170A547C125799E00535909" type="dn">CN=Paul LIVRE/OU=FR/O=Vuitton</value>


Dont ask me to post the whole trace, no thing interesting and the
document is the same all over the publisher

When a user is added to the group, I had no issue to know that because
he will be contained in <add-value>...</add-value>

But when the user is removed , he does not appear in some
<remove-value> element, its always <remove-all-values/>, no history for
the removed member

Could any one tell me if there is a trick to watch Deny Access group
for removed members, or if there is a better way to keep IDVault
Authority over Deny Access Group

Thanks in advance.

iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=452003