Hello All,

I am working on requirement using loop back driver.

-> When ever we assign a resource to the user, a secondary account in edirectory in different container with same attribute values as in the primary account with different CN value. I am able to create the same and working fine.

-> Now whenever there is a change in the attribute values like managerWorkforceID, manager etc, the values in the secondary account that is created in different container should get updated.

I trying to achieve this using the below code :

<rule>
<description>Modify manager </description>
<comment xml:space="preserve">Modify manager </comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-association disabled="true" op="associated"/>
<if-operation mode="nocase" op="equal">modify</if-operation>
<if-op-attr name="managerWorkforceID" op="changing"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="lvFlagManagerChanged" scope="policy">
<arg-string>
<token-text xml:space="preserve">TRUE</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvNewManagerEMPID" scope="policy">
<arg-string>
<token-text xml:space="preserve"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvNewManagerEMPID" scope="policy">
<arg-string>
<token-op-attr name="managerWorkforceID"/>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">*** old managerworkforceid in idm ***</token-text>
<token-xpath expression="modify-attr/remove-value/value/text()"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">*** New managerworkforceid ***</token-text>
<token-op-attr name="managerWorkforceID"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">*** Existing manager dn in IDM ***</token-text>
<token-src-attr name="manager"/>
</arg-string>
</do-trace-message>
<do-set-dest-attr-value class-name="User" name="managerWorkforceID">
<arg-dn>
<token-local-variable name="lvNewManagerEMPID"/>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-set-dest-attr-value>
</rule>


I am getting the below warning and err
DirXML Log Event -------------------
Driver: \ABCIDV\system\driverset1\secondaryAccountLoopback
Channel: Publisher
Status: Warning
Message: Code(-8003) Unable to synchronize reference to \ABCIDV\ABC\users\contractors\X8zap from attribute manager

No (9064)DN has been generated from object placement.

as there is no association modify event is getting converted into add and looking to generate DN.

can someone suggest how can i achieve the update values part.


Thanks all.