Hi,

I have a situation where I am trying to watch for a select number of
groups. If the user is added to one of these groups an attribute is set
to true in the Vault.

e.g User1 is added to group XXX in Active Directory.
What I would like to do is see the event and then write to an attribute
XXX on User1 account "string" TRUE

I kind of have this working, accept every user that is member of that
group is getting re-stamped each time one person is addeded. (we are
going to have 10,000 + users in the groups in Active Directory)

Any help would be appreciated.

Thanks

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd" "C:\Program Files
(x86)\Novell\Designer\eclipse\plugins\com.novell.i dm.policybuilder_3.0.1.200901050958\DTD\dirxmlscri pt3.6.dtd"><policy>
<rule>
<description>Group Check and Set LVR of SRC DN</description>
<comment xml:space="preserve">This will create a local Variable</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
</and>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-src-dn op="in-subtree">~stafflinkLHDgroups~</if-src-dn>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="lvr-groupcheck" scope="policy">
<arg-string>
<token-src-dn/>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">LHD Group - Success - LVR SET
with </token-text>
<token-local-variable name="lvr-groupcheck"/>
</arg-string>
</do-trace-message>
</arg-actions>
<arg-actions>
<do-veto/>
</arg-actions>
</do-if>
</actions>
</rule>
<rule>
<description>NBM Group Check - Hard Code per group</description>
<comment xml:space="preserve">This will determine if the group is
required. This is a simple check and should allow simple
administration</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
<if-local-variable mode="nocase" name="lvr-groupcheck"
op="equal">cn=NSW Health Service - Nepean Blue Mountains Local Health
District,~GVCSpecialgroups~</if-local-variable>
</and>
</conditions>
<actions>
<do-set-local-variable name="lv.member" scope="policy">
<arg-node-set>
<token-op-attr name="member"/>
</arg-node-set>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">TEST - SHOW The local variables
lv.member</token-text>
<token-local-variable name="lv.member"/>
</arg-string>
</do-trace-message>
<do-for-each>
<arg-node-set>
<token-local-variable name="lv.member"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lv.assocRef" scope="policy">
<arg-string>
<token-xpath expression="$current-node/@association-ref"/>
</arg-string>
</do-set-local-variable>
<do-set-dest-attr-value direct="true" name="SWISNBM">
<arg-association>
<token-local-variable name="lv.assocRef"/>
</arg-association>
<arg-value>
<token-text xml:space="preserve">FALSE</token-text>
</arg-value>
</do-set-dest-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>