I've been running into this problem and I'm a little baffled by it. Has
anyone run into this situation before?

Environment:
IDM 4.0.2
Two eDirectory trees (Connected with bi-directional eDirectory driver)
One Active Directory environment (Connected with stock AD driver)
One Role-Based Entitlements Service Driver (RBE)

Our IDM environment is designed as 'hub and spoke' with the Identity
Vault as the hub.
We only sync user objects, not group objects

Situation:
I've created an entitlement policy which states that if you are in a
specific group in the Identity Vault that you are granted an account
entitlement in AD. However, when I add a user to that group in the vault
the RBE driver doesn't trigger, there is nothing at all in the trace
from this driver. Using iManager in the vault I can go to Features -->
Role-Based Entitlements --> Reevaluate Membership and select my driver
set. From there if I reevaluate my entitlement policy the RBE driver
triggers and the account is created in AD.

Am I correct in thinking that adding a user to group in the vault should
cause the RBE driver to fire? If so, what could be causing it to not
trigger?


--
pkoochin
------------------------------------------------------------------------
pkoochin's Profile: https://forums.netiq.com/member.php?userid=169
View this thread: https://forums.netiq.com/showthread.php?t=47378