Hi to all,

I've got a custom rule in a unix driver, that associates users to
"d1gmadixd" group depending on the value of a variable. This is the
traze of the rule.

LinuxUnix ST:Applying policy: %+C%14CDB2%-C.
LinuxUnix ST: Applying to modify #1.
LinuxUnix ST: Evaluating selection criteria for rule 'DB2'.
LinuxUnix ST: (if-op-attr 'DB2' changing) = TRUE.
LinuxUnix ST: Rule selected.
LinuxUnix ST: Applying rule 'DB2'.
LinuxUnix ST: Action: do-if().
LinuxUnix ST: Evaluating conditions.
LinuxUnix ST: (if-op-attr 'DB2' equal "A") = TRUE.
LinuxUnix ST: Performing if actions.
LinuxUnix ST: Action: do-add-src-attr-value("Member",class-name="Group",arg-dn("\T=TREE\O=desxxx\OU=groups\CN=d1gmadixd"),toke n-src-dn()).
LinuxUnix ST: arg-dn("\T=TREE\O=desxxx\OU=groups\CN=d1gmadixd")
LinuxUnix ST: token-text("\T=TREE\O=desxxx\OU=groups\CN=d1gmadixd")
LinuxUnix ST: Arg Value: "\T=TREE\O=desxxx\OU=groups\CN=d1gmadixd".
LinuxUnix ST: arg-string(token-src-dn())
LinuxUnix ST: token-src-dn()
LinuxUnix ST: Token Value: "\TREE\desxxx\BAJARSI\u02prue2".
LinuxUnix ST: Arg Value: "\TREE\desxxx\BAJARSI\u02prue2".
LinuxUnix ST: Direct command from policy
LinuxUnix ST:
<nds dtdvexxxon="4.0" ndsvexxxon="8.x">
<product edition="Advanced" vexxxon="">DirXML</product>
<contact>Novell, Inc.</contact>
<modify class-name="Group" dest-dn="\T=TREE\O=desxxx\OU=groups\CN=d1gmadixd" event-id="lnxidm03#20140206200031#1#1:4c22d40a-4e22-4a7e-22a2-0ad4224c224e">
<modify-attr attr-name="Member">
<value type="dn">\TREE\desxxx\BAJAxxx\u02prue2</value>
LinuxUnix ST: Pumping XDS to eDirectory.
LinuxUnix ST: Performing operation modify for \T=TREE\O=desxxx\OU=groups\CN=d1gmadixd.
LinuxUnix ST: --JCLNT-- \TREE\desrsi\services\Driverset\LinuxUnix : Duplicating : context = 1416757358, tempContext = 1416757366
LinuxUnix ST: Modifying entry \T=TREE\O=desxxx\OU=groups\CN=d1gmadixd.
LinuxUnix ST: Fixing up reciprocal link from \T=TREE\O=desxxx\OU=groups\CN=d1gmadixd#Member.
LinuxUnix ST: Reciprocal link: \TREE\desrsi\BAJARSI\u02prue2#Group Membership.
LinuxUnix ST: --JCLNT-- \TREE\desrsi\services\Driverset\LinuxUnix : Calling free on tempContext = 1416757366
LinuxUnix ST: Processing returned document.
LinuxUnix ST: Processing operation <status> for .
LinuxUnix ST:
DirXML Log Event -------------------
Driver: \TREE\desrsi\services\Driverset\LinuxUnix
Channel: Subscriber
Object: \TREE\desrsi\BAJARSI\u02prue2
Status: Success
[02/06/14 21:00:31.380]


If I use a ldap browser to check the group, I can see that the value of
member it's fine But when I go to the unix machine, the user doesn't
have the group.
If I put manually, the same value of member on the group with the ldap
browser, the user has the group.

What's wrong? Why when the value of member is setting by the rule
doesn't work, and when the value of member is setting manually with the
ldap browser, works right.
If I

kiekurt's Profile: https://forums.netiq.com/member.php?userid=1394
View this thread: https://forums.netiq.com/showthread.php?t=49928