Hello,

IDM 3.6.1, I have a very simple driver that looks at an oracle database
and sets some attributes for users. Dependent on these attributes I
would like to add them to different groups in the IDM tree as these are
then sync'd to AD and eDir, but for some reason the users are not being
added to the groups. I would also like to remove them from the group
when the attribute says x - when I was testing this I ended up deleting
a few users...

Here is the snippet of code I am trying, its running under publisher
command.

<rule>
<description>Add to Group</description>
<conditions>
<and>
<if-op-attr mode="regex" name="costCenter"
op="changing-to">ADD</if-op-attr>
<if-class-name op="equal">user</if-class-name>
</and>
</conditions>
<actions>
<do-set-dest-attr-value name="Group Membership">
<arg-value type="string">
<token-attr name="CN"/>
<token-text
xml:space="preserve">idm-tree\groups\groupname</token-text>
</arg-value>
</do-set-dest-attr-value>
<do-clone-op-attr dest-name="Security Equals" src-name="Group
Membership"/>
</actions>
</rule>
<rule>
<description>Remove From Group</description>
<conditions>
<and>
<if-op-attr mode="regex" name="costCenter"
op="changing-to">x</if-op-attr>
<if-class-name op="equal">user</if-class-name>
</and>
</conditions>
<actions>
<do-remove-dest-attr-value name="Group Membership">
<arg-value type="string">
<token-attr name="CN"/>
<token-text
xml:space="preserve">idm-tree\groups\groupname</token-text>
</arg-value>
</do-remove-dest-attr-value>
<do-clone-op-attr dest-name="Security Equals" src-name="Group
Membership"/>
</actions>
</rule>

I have used a few attributes that are not needed - hence costCenter. I
have looked everywhere and no matter which I try it doesn't seem to
work...any help gratefully appreciated

Thanks

Jeff


--
Stonej
------------------------------------------------------------------------
Stonej's Profile: https://forums.netiq.com/member.php?userid=4156
View this thread: https://forums.netiq.com/showthread.php?t=51732