When a new account is created in the vault, I want to populate a
multi-valued attribute (gfsmemberof) in the destination account of the
corporate LDAP directory. I understand the timing issue with the
create, so I have the input transform on the LDAP driver taking care of
business for the group membership adds. My goal is to also populate the
connected user accounts gfsmemberof attribute with the same list of
entitlements (groups). Below is the rule (also in the Input transform)
that I created to do this function. When run, it gets the job done, but
I also get an error in the LDAP drivers log file. Maybe someone can
help me understand why this error is occuring? Thanks.

ERROR:
DirXML Log Event -------------------
Driver: \GFSIDVSIT\SERVICES\DriverSet1\DSEE
Channel: Subscriber
Object: \GFSIDVSIT\VAULT\ACTIVE\EMPLOYEES\e0sft
Status: Error
Message: Code(-9145) Error in
vnd.nds.stream://GFSIDVSIT/SERVICES/DriverSet1/DSEE/itp-AddGroupMembershipEntitlements#XmlData:110
: Unable to determine target object for action
'do-add-src-attr-value("gfsmemberof",class-name="User",token-local-variable("current-node"))'.

CODE:

<rule>
<description>Check target of add-association and add group to
gfsmemberof of user</description>
<conditions>
<and>
<if-operation op="equal">add-association</if-operation>
<if-op-property name="check-group-entitlements"
op="equal">true</if-op-property>
<if-entitlement name="Group" op="available"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-entitlement name="Group"/>
</arg-node-set>
<arg-actions>
<do-add-src-attr-value class-name="User" name="gfsmemberof">
<arg-value type="counter">
<token-local-variable name="current-node"/>
</arg-value>
</do-add-src-attr-value>
<do-set-xml-attr
expression="../modify[last()]/modify-attr[last()]/add-value[last()]/value[last()]"
name="association-ref">
<arg-string>
<token-xpath expression="./text()"/>
</arg-string>
</do-set-xml-attr>
</arg-actions>
</do-for-each>
</actions>
</rule>


--
johnbirkmeier
------------------------------------------------------------------------
johnbirkmeier's Profile: https://forums.netiq.com/member.php?userid=860
View this thread: https://forums.netiq.com/showthread.php?t=42706