I'd like to achieve te following:
When a user account is getting disabled in the Vault, the association to
the SQL database (by JDBC driver) should be removed.
So I created a command policy which triggers on the disabled event, and
then removes the association (direct) and then do a veto,

<do-remove-association direct="true">
<arg-association>
<token-association/>
</arg-association>
</do-remove-association>
<do-veto/>

So far so good, but the in case of the event, the association is not
being removed.
The logs shows:

[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: (if-op-attr 'Login
Disabled' changing-to "True") = TRUE.
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Rule selected.
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Applying rule 'Verwijder
assocatie'.
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Action:
do-remove-association(direct="true",arg-association(token-association())).
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST:
arg-association(token-association())
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: token-association()
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Token Value:
"PK_EMPLOYEE_RIVM=5BEB450D-EBC1-9c40-95C8-C105718EB7A7,table=PERS_VIEW,schema=DBO".
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Arg Value:
"PK_EMPLOYEE_RIVM=5BEB450D-EBC1-9c40-95C8-C105718EB7A7,table=PERS_VIEW,schema=DBO".
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Action: do-veto().
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Direct command from policy
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<remove-association
event-id="Saptekst-v2#Publisher#1366896201000:0d2a45c6-0964-4163-8224-99058ae40c0e">PK_EMPLOYEE_RIVM=5BEB450D-EBC1-9c40-95C8-C105718EB7A7,table=PERS_VIEW,schema=DBO</remove-association>
</input>
</nds>
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Pumping XDS to eDirectory.
[04/25/13 15:23:21.625]:MSSQL-Rijkspas ST: Performing operation
remove-association for .
[04/25/13 15:23:23.078]:MSSQL-Rijkspas ST: Processing returned
document.
[04/25/13 15:23:23.078]:MSSQL-Rijkspas ST: Processing operation
<status> for .
[04/25/13 15:23:23.078]:MSSQL-Rijkspas


and futher:

[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:No input transformation
policies.
[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:Applying schema mapping
policies to input.
[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:Applying policy:
%+C%14CSchemaMapping%-C.
[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:Resolving association
references.
[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:Processing returned document.
[04/25/13 15:23:23.125]:MSSQL-Rijkspas ST:End transaction.
[04/25/13 15:23:23.156]:MSSQL-Rijkspas ST:Start transaction.
[04/25/13 15:23:23.156]:MSSQL-Rijkspas
ST:type(resync-entry)entry-id(41329)
dn(\T=IDM-TEST\O=rivm\OU=Users\OU=Intern\CN=istamtot) class-id(-1)
class-name(null)
[04/25/13 15:23:23.156]:MSSQL-Rijkspas STiscarding transaction because
entry was deleted.
[04/25/13 15:23:23.218]:MSSQL-Rijkspas ST:Start transaction.
[04/25/13 15:23:23.218]:MSSQL-Rijkspas
ST:type(move-entry)entry-id(41287)
dn(\T=IDM-TEST\O=rivm\OU=Inactive\OU=Intern\CN=istamtot) class-id(435)
class-name(User)
[04/25/13 15:23:23.218]:MSSQL-Rijkspas ST:Processing events for
transaction.
[04/25/13 15:23:23.218]:MSSQL-Rijkspas ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<sync cached-time="20130425132323.062Z" class-name="User"
event-id="Saptekst-v2#Publisher#1366896201312:0d2a45c6-0964-4163-8224-99058ae40c0e"
from-move="true"
qualified-src-dn="O=rivm\OU=Inactive\OU=Intern\CN=istamtot"
src-dn="\IDM-TEST\rivm\Inactive\Intern\istamtot" src-entry-id="41287"
timestamp="0#0">
<association
state="associated">PK_EMPLOYEE_RIVM=5BEB450D-EBC1-9c40-95C8-C105718EB7A7,table=PERS_VIEW,schema=DBO</association>
</sync>
<move cached-time="20130425132323.062Z" class-name="User"
event-id="Saptekst-v2#Publisher#1366896201312:0d2a45c6-0964-4163-8224-99058ae40c0e"
old-src-dn="\IDM-TEST\rivm\Users\Intern\istamtot"
qualified-old-src-dn="O=rivm\OU=Users\OU=Intern\CN=istamtot"
qualified-src-dn="O=rivm\OU=Inactive\OU=Intern\CN=istamtot"
src-dn="\IDM-TEST\rivm\Inactive\Intern\istamtot" src-entry-id="41287"
timestamp="1366896157#36">
<association
state="associated">PK_EMPLOYEE_RIVM=5BEB450D-EBC1-9c40-95C8-C105718EB7A7,table=PERS_VIEW,schema=DBO</association>
<parent qualified-src-dn="O=rivm\OU=Inactive\OU=Intern"
src-dn="\IDM-TEST\rivm\Inactive\Intern" src-entry-id="32900"/>
</move>
</input>
</nds>
[04/25/13


and then it's starting to go again, through all the policies. It looks
likes that the account is being resynced.
Note: After the disbled, the account in the Vault is also being moved to
a inactive container. For that i created a event policy to ignored that
type of events.

So what do I mis?

G. Schouten


--
gschouten32
------------------------------------------------------------------------
gschouten32's Profile: https://forums.netiq.com/member.php?userid=2546
View this thread: https://forums.netiq.com/showthread.php?t=47621