I've been running into this problem and I'm a little baffled by it. Has
anyone run into this situation before?

IDM 4.0.2
Two eDirectory trees (Connected with bi-directional eDirectory driver)
One Active Directory environment (Connected with stock AD driver)
One Role-Based Entitlements Service Driver (RBE)

Our IDM environment is designed as 'hub and spoke' with the Identity
Vault as the hub.
We only sync user objects, not group objects

I've created an entitlement policy which states that if you are in a
specific group in the Identity Vault that you are granted an account
entitlement in AD. However, when I add a user to that group in the vault
the RBE driver doesn't trigger, there is nothing at all in the trace
from this driver. Using iManager in the vault I can go to Features -->
Role-Based Entitlements --> Reevaluate Membership and select my driver
set. From there if I reevaluate my entitlement policy the RBE driver
triggers and the account is created in AD.

Am I correct in thinking that adding a user to group in the vault should
cause the RBE driver to fire? If so, what could be causing it to not

pkoochin's Profile: https://forums.netiq.com/member.php?userid=169
View this thread: https://forums.netiq.com/showthread.php?t=47378