I have a 'useraccount' entitlement that creates AD accounts and several
'group' entitlements that add users to AD groups.

The problem I am having is adding the user as a member of the AD group
if the AD account already exists. If I change the attribute value on
the user to meet the 'group' entitlement criteria, the user is not added
to the AD group. If the AD account is added at the same time, then it
is added to the AD group.

I've searched the forum and tried modifying the rules but am not having
any luck. I think my problem is in the itp-EntitlementsImpl policy, but
am not sure.

I am attaching two level 3 trace files, one is adcorp_add_works.txt and
the other is adcorp_modify_fails.txt. The add works and the modify
fails.

IDM engine 3.5.1
AD driver on the Vault 3.6.1
AD remote loader 3.5.4
eDirectory 8.8.2

Any help would be appreciated.

Cindy


+----------------------------------------------------------------------+
|Filename: adcorp.zip |
|Download: http://forums.novell.com/attachment....achmentid=3407 |
+----------------------------------------------------------------------+

--
SyncUp
------------------------------------------------------------------------
SyncUp's Profile: http://forums.novell.com/member.php?userid=55472
View this thread: http://forums.novell.com/showthread.php?t=387155