Hello !

I got two eDirectory. Both with an IDvault running.
These two eDirectory are connected using two eDirectory drivers (and not
an eDir2eDir).

The first eDir is the master, the second one is used for groupwise
mailbox.
Accounts are created in the master, an entitlement is given for the
second one, and the accound is then created there.

I made some changes and account aren't removed anymore when I delete the
account located into the master eDir. I'm trying to figure out why.

To test, I create a fake account with required attributes in order him
to receive his "second eDir" entitlement. Then I delete it in the
"master eDir".

Here are the logs (from the eDirectory driver of the master eDir) :

Connector wake-up on account deletion :

Code:
--------------------
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<delete cached-time="20140626081856.396Z" class-name="User" event-id="removed_from_log" qualified-src-dn="O=data\OU=Users\OU=BL\uniqueID=BL77665" src-dn="\removed_from_log\data\Users\BL\BL77665" src-entry-id="44141" timestamp="1403768061#1">
<association state="associated">removed_from_log</association>
</delete>
</input>
</nds>
--------------------


Weird part :

Code:
--------------------
[06/26/14 10:18:56.819]:Company eDirectory Driver ST: Evaluating selection criteria for rule 'Check NDS User Account entitlement'.
[06/26/14 10:18:56.819]:Company eDirectory Driver ST: Query from policy
[06/26/14 10:18:56.820]:Company eDirectory Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="\removed_from_log\data\Users\BL\BL77665" dest-entry-id="44141" scope="entry">
<read-attr attr-name="blgNDSPlacement"/>
<read-attr attr-name="DirXML-EntitlementRef"/>
</query>
</input>
</nds>
[06/26/14 10:18:56.820]:Company eDirectory Driver ST: Pumping XDS to eDirectory.
[06/26/14 10:18:56.820]:Company eDirectory Driver ST: Performing operation query for \removed_from_log\data\Users\BL\BL77665.
[06/26/14 10:18:56.821]:Company eDirectory Driver ST: --JCLNT-- \removed_from_log\system\DriverSet\Company eDirectory Driver : Duplicating : context = 1505820869, tempContext = 1505820898
[06/26/14 10:18:56.821]:Company eDirectory Driver ST: --JCLNT-- \removed_from_log\system\DriverSet\Company eDirectory Driver : Calling free on tempContext = 1505820898
[06/26/14 10:18:56.821]:Company eDirectory Driver ST: Query from policy result
[06/26/14 10:18:56.822]:Company eDirectory Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"></status>
</output>
</nds>
[06/26/14 10:18:56.822]:Company eDirectory Driver ST: (if-entitlement 'UserAccount' not-available) = TRUE.
[06/26/14 10:18:56.822]:Company eDirectory Driver ST: Rule selected.
[06/26/14 10:18:56.822]:Company eDirectory Driver ST: Applying rule 'Check NDS User Account entitlement'.
[06/26/14 10:18:56.823]:Company eDirectory Driver ST: Action: do-veto().
[06/26/14 10:18:56.823]:Company eDirectory Driver ST:Policy returned:
[06/26/14 10:18:56.823]:Company eDirectory Driver ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input/>
</nds>
[06/26/14 10:18:56.823]:Company eDirectory Driver ST:End transaction.
--------------------


The "Check NDS User Account entitlement" avoid account to be created
into second eDir if account doesn't have the required entitlement.

Before I removed the account, I checked and the account does have the
required entitlement.

Do you have any idea ?
Thanks !

Arnaud


--
francoisarnaud
------------------------------------------------------------------------
francoisarnaud's Profile: https://forums.netiq.com/member.php?userid=6144
View this thread: https://forums.netiq.com/showthread.php?t=51186