IDM 3.6.1

I would like to use an auxiliary attribute (Boolean) in the eDirectory
to add and remove users to an Active Directory Group.
The auxiliary attribute is in the schema and filter. Once the auxiliary
Attribute value is set to true, the existing user should be added as
member to the Group - But it wont work.

Any ideas or help would be appreciated



<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd" "C:\Program Files
(x86)\Novell\Designer\plugins\com.novell.idm.polic ybuilder_3.5.0.200909160331\DTD\dirxmlscript3.6.1. dtd"><policy>
<rule>
<description>Add dest attribute Group Member to current
user</description>
<conditions>
<and>
<if-operation mode="nocase" op="not-equal">delete</if-operation>
<if-op-attr mode="nocase" name="auxmycompanyOfflineFolder"
op="changing-to">TRUE</if-op-attr>
<if-class-name mode="nocase" op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-add-dest-attr-value class-name="Group" name="Member">
<arg-dn>
<token-text
xml:space="preserve">cn=test,OU=Groups,OU=DE,OU=my company,DC=mycompany,DC=ger</token-text>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
</policy>


L3 trace:

[04/01/14 11:51:54.969]:MSAD-DE ST:Start transaction.
[04/01/14 11:51:54.970]:MSAD-DE ST:Processing events for transaction.
[04/01/14 11:51:54.971]:MSAD-DE ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20140401095154.935Z" class-name="User"
event-id="idm-mh-brm02#20140401095154#3#1"
qualified-src-dn="O=mycompany\OU=DE\CN=me_Test"
src-dn="\mycompany-TREE\mycompany\DE\me_Test" src-entry-id="60271"
timestamp="1396345914#2">
<association
state="associated">87a070d8719e8b4fa505dd5a05149e9 d</association>
<modify-attr attr-name="auxmycompanyOfflineFolder">
<remove-value>
<value timestamp="1396345867#2" type="state">false</value>
</remove-value>
<add-value>
<value timestamp="1396345914#2" type="state">true</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[04/01/14 11:51:54.973]:MSAD-DE ST:No event transformation policies.
[04/01/14 11:51:54.973]:MSAD-DE ST:Subscriber processing modify for
\mycompany-TREE\mycompany\DE\me_Test.
[04/01/14 11:51:54.973]:MSAD-DE ST:Applying command transformation
policies.
[04/01/14 11:51:54.973]:MSAD-DE ST:Applying policy:
%+C%14Csub-ctp-group-assignment-OfflineDrive%-C.
[04/01/14 11:51:54.974]:MSAD-DE ST: Applying to modify #1.
[04/01/14 11:51:54.974]:MSAD-DE ST: Evaluating selection criteria for
rule 'Add dest attribute Group Member to current user'.
[04/01/14 11:51:54.974]:MSAD-DE ST: (if-operation not-equal
"delete") = TRUE.
[04/01/14 11:51:54.974]:MSAD-DE ST: (if-op-attr
'auxmycompanyOfflineFolder' changing-to "TRUE") = TRUE.
[04/01/14 11:51:54.975]:MSAD-DE ST: (if-class-name equal "User") =
TRUE.
[04/01/14 11:51:54.975]:MSAD-DE ST: Rule selected.
[04/01/14 11:51:54.975]:MSAD-DE ST: Applying rule 'Add dest attribute
Group Member to current user'.
[04/01/14 11:51:54.975]:MSAD-DE ST: Action:
do-add-dest-attr-value("Member",class-name="Group",arg-dn("cn=test,OU=Groups,OU=DE,OU=mycompany,DC=mycomp any,DC=ger"),token-src-dn()).
[04/01/14 11:51:54.975]:MSAD-DE ST:
arg-dn("cn=test,OU=Groups,OU=DE,OU=mycompany,DC=mycomp any,DC=ger")
[04/01/14 11:51:54.976]:MSAD-DE ST:
token-text("cn=test,OU=Groups,OU=DE,OU=mycompany,DC=myco mpany,DC=ger")
[04/01/14 11:51:54.976]:MSAD-DE ST: Arg Value:
"cn=test,OU=Groups,OU=DE,OU=mycompany,DC=mycompany ,DC=ger".
[04/01/14 11:51:54.976]:MSAD-DE ST: arg-string(token-src-dn())
[04/01/14 11:51:54.976]:MSAD-DE ST: token-src-dn()
[04/01/14 11:51:54.977]:MSAD-DE ST: Token Value:
"\mycompany-TREE\mycompany\DE\me_Test".
[04/01/14 11:51:54.977]:MSAD-DE ST: Arg Value:
"\mycompany-TREE\mycompany\DE\me_Test".
[04/01/14 11:51:54.977]:MSAD-DE ST:Policy returned:
[04/01/14 11:51:54.977]:MSAD-DE ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20140401095154.935Z" class-name="User"
event-id="idm-mh-brm02#20140401095154#3#1"
qualified-src-dn="O=mycompany\OU=DE\CN=me_Test"
src-dn="\mycompany-TREE\mycompany\DE\me_Test" src-entry-id="60271"
timestamp="1396345914#2">
<association
state="associated">87a070d8719e8b4fa505dd5a05149e9 d</association>
<modify-attr attr-name="auxmycompanyOfflineFolder">
<remove-value>
<value timestamp="1396345867#2" type="state">false</value>
</remove-value>
<add-value>
<value timestamp="1396345914#2" type="state">true</value>
</add-value>
</modify-attr>
</modify>
<modify class-name="Group"
dest-dn="cn=test,OU=Groups,OU=DE,OU=mycompany,DC=mycomp any,DC=ger"
event-id="idm-mh-brm02#20140401095154#3#1">
<modify-attr attr-name="Member">
<add-value>
<value type="dn">\mycompany-TREE\mycompany\DE\me_Test</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>


--
Laude_Volker
------------------------------------------------------------------------
Laude_Volker's Profile: https://forums.netiq.com/member.php?userid=6336
View this thread: https://forums.netiq.com/showthread.php?t=50410