I'm having some trouble to do the match between IDVault and my AD.

In my IDVault I have some applications that have groups inside. A sample
DN should be like cn=GROUP,ou=APP,ou=applications,o=data. The same app
can have more then one group.

To test my policies, I copied one of this apps to AD (export/import of a
LDIF file). In AD I have the following DN :
cn=GROUP,ou=APP,OU=Applications,OU=Groupes,OU=MYDO MAIN,DC=nim2012,DC=intra

The problem is that when I try to start a migration, NIM searches for a
match in the users branch and don't find the match that I copied. I've
already solved a "out-of-scope" veto by adding "data\applications" in
the sub-mp-scoping police, but I have no clue to where I can tell NIM to
look for groups instead of users...

<description>Find matching object in Active Directory</description>
<description>remember relative position in hierarchy</description>
<comment xml:space="preserve">This rule marks events in the given containers for processing by adding the unmached-src-dn and attempt-to-match operation properties. You can add subtrees in the Identity Vault for inclusion by adding if-src-dn conditionals here. If you are using mirrored placement, the unmatched-src-dn is used later in the placement rule. The attempt-to-match property determines whether the matching policies following this initializing policy should try to match the object or whether its out of scope.</comment>
<if-src-dn op="in-subtree">~idv.dit.data.users~</if-src-dn>
<if-op-property mode="nocase" name="attempt-to-match" op="not-equal">false</if-op-property>
<if-src-dn op="in-subtree">data\applications</if-src-dn>
<if-op-property mode="nocase" name="attempt-to-match" op="not-equal">false</if-op-property>
<do-set-op-property name="unmatched-src-dn">
<token-unmatched-src-dn convert="true"/>
<do-set-op-property name="attempt-to-match">
<token-text xml:space="preserve">true</token-text>

Here is my last engine log if you want to see it :

Thanks in advance,

MuadDib_II's Profile: https://forums.netiq.com/member.php?userid=8754
View this thread: https://forums.netiq.com/showthread.php?t=52487