Running IDM

In a null driver I am attempting to query the objects, that have a
specific Group Membership attribute value. The objects can have the
value from both nested memberships but also through other means.

The problem is that I do not get the nested group memberships returned
in my query from my driver. But, I do get the values that I added

The very strange this is: It works from iManager, ConsoleOne and Apache
LDAP studio. iManager and ConsoleOne uses NCP and Apache LDAP studio
uses LDAP. The driver as far as I know, also uses NCP, so I would think
it worked just like ConsoleOne and iManager and therefore I should get
the nested group memberships returned by the query.

My query:


<do-set-local-variable name="lAffilList" scope="policy">
<token-query class-name="Group" datastore="src" max-result-count="50" scope="subtree">
<token-global-variable name="idv.dit.data.affiliations"/>
<arg-match-attr name="Group Membership">
<arg-value type="dn">
<token-src-dn convert="false"/>


So as I said, the attribute, when viewed in ConsoleOne, shows 4 objects
with this value in the Group Membership attribute. I know 3 of them are
nested and 1 is given manually. But, I only get the one, manually
assigned object back in the query. It does not find the nested ones.

The query from trace:


<nds dtdversion="4.0" ndsversion="8.x">
<product edition="Advanced" version="">DirXML</product>
<contact>NetIQ Corporation</contact>
<query-ex class-name="Group" dest-dn="top\idv\entities\affiliations" max-result-count="50" scope="subtree">
<search-class class-name="Group"/>
<search-attr attr-name="Group Membership">
<value type="dn">\IDVTREE\top\idv\structures\departments\ 4a0d76be-1ed8-4800-bc00-0000012e0002</value>


So, what is going on here? Why do I not get nested group memberships
returned in my driver query? But I do when I make the same query from
whatever tool I try.

I also tried using the query variant directly from XPATH, same result. I
am about to try calling the ECMA ldapsearch function, but, I would think
this should work and would be more clean.

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=55087