Hi,

I have to move users in an productive eDirectory which is connected by the bidirectional eDir Driver. Situation is:
user gets an new OU Attribute value - based on this the eDir Driver starts to move the object and will finish this with an success message. So far so good.
Meanwhile a loopback driver in the IDVault is calculating new GroupMemberships based on the OU. This will cause events for the eDir Driver to remove the user from groups in eDir or / and add the user to groups.

My problem is, that everything works fine, if I prevent the move. Due to the nature of the events in IDM, the move will always comes first. the the group changes. If I have the move processed, all Group changes will fail with the message "LDAPinterface.doLDAPModify() Modify attempted on an entry that doesn't exist in the target LDAP directory."

So my Idea was to take the group Membership changes if I get the output status doc in itp. Same problem. So I thought it might by a synchronisation issue, which it is. I used xds processor to check if the user is already moved, but this tdidn't help because the result was ok, but still the error happened if I tried to modify groups after this check. I even put wait intervals into the code to wait 5 seconds. Sometimes this works, sometimes it takes longer and my document will fail again.

In this case the bidirectional driver seems to behave much more different from the "old" eDir-eDir that I thought. So my Question: As even a Java based query can't give me a reliable information on the status of the users move process, is there any method one may use to determine that the move has finished? Or is there something we can do on the driver to prevent these fails?

Thanks in advance.

Uwe