Hello,

Running IDM 4.5.2.0

In a null driver I am attempting to query the objects, that have a
specific Group Membership attribute value. The objects can have the
value from both nested memberships but also through other means.

The problem is that I do not get the nested group memberships returned
in my query from my driver. But, I do get the values that I added
manually.

The very strange this is: It works from iManager, ConsoleOne and Apache
LDAP studio. iManager and ConsoleOne uses NCP and Apache LDAP studio
uses LDAP. The driver as far as I know, also uses NCP, so I would think
it worked just like ConsoleOne and iManager and therefore I should get
the nested group memberships returned by the query.

My query:


Code:
--------------------

<do-set-local-variable name="lAffilList" scope="policy">
<arg-node-set>
<token-query class-name="Group" datastore="src" max-result-count="50" scope="subtree">
<arg-dn>
<token-global-variable name="idv.dit.data.affiliations"/>
</arg-dn>
<arg-match-attr name="Group Membership">
<arg-value type="dn">
<token-src-dn convert="false"/>
</arg-value>
</arg-match-attr>
</token-query>
</arg-node-set>
</do-set-local-variable>

--------------------


So as I said, the attribute, when viewed in ConsoleOne, shows 4 objects
with this value in the Group Membership attribute. I know 3 of them are
nested and 1 is given manually. But, I only get the one, manually
assigned object back in the query. It does not find the nested ones.

The query from trace:


Code:
--------------------

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.2.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query-ex class-name="Group" dest-dn="top\idv\entities\affiliations" max-result-count="50" scope="subtree">
<search-class class-name="Group"/>
<search-attr attr-name="Group Membership">
<value type="dn">\IDVTREE\top\idv\structures\departments\ 4a0d76be-1ed8-4800-bc00-0000012e0002</value>
</search-attr>
<read-attr/>
</query-ex>
</input>
</nds>

--------------------


So, what is going on here? Why do I not get nested group memberships
returned in my driver query? But I do when I make the same query from
whatever tool I try.

I also tried using the query variant directly from XPATH, same result. I
am about to try calling the ECMA ldapsearch function, but, I would think
this should work and would be more clean.

Thanks in advance,

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=55087