I am working with an eDir2eDir driver that will ultimately maintain a
"Whitepages" application for use via web lookups and as an LDAP address
book for email clients. For legal reasons I am obliged to give users the
ability to opt out of the Directory.

I wrote a pretty simple driver policy that just vetos adds if a
particular attribute is set, but for some reason the driver does not see
the attribute value in my policy - it creates users in the remote tree
even if the opt-out attribute equals "Y" - and further it dutifully
syncs the attribute value into the remote tree.

The attribute (ugaFerpaFlag) is set to sync in the subscriber channel
of the source tree and in the publisher channel in the remote tree. I
added a trace message to the policy to see if that would help me figure
out what's going on. It returns a value of "" for the operation
attribute but the correct value of "Y" for the source attribute:

[10/28/09 14:45:54.681]:MyID-to-WP ST:Applying policy: %+C%14CVeto Adds
if Ferpa set%-C.
[10/28/09 14:45:54.681]:MyID-to-WP ST: Applying to sync #1.
[10/28/09 14:45:54.681]:MyID-to-WP ST: Evaluating selection criteria
for rule 'Veto if ferpa set'.
[10/28/09 14:45:54.682]:MyID-to-WP ST: (if-operation equal "add")
= FALSE.
[10/28/09 14:45:54.682]:MyID-to-WP ST: (if-operation equal "sync")
= TRUE.
[10/28/09 14:45:54.682]:MyID-to-WP ST: (if-op-attr 'ugaFerpaFlag'
equal "Y") = FALSE.
[10/28/09 14:45:54.682]:MyID-to-WP ST: (if-op-attr
'ugaBlockFacStaffDirectoryInfo' equal "Y") = FALSE.
[10/28/09 14:45:54.682]:MyID-to-WP ST: (if-op-attr
'ugaBlockStudentDirectoryInfo' equal "Y") = FALSE.
[10/28/09 14:45:54.683]:MyID-to-WP ST: Rule rejected.
[10/28/09 14:45:54.683]:MyID-to-WP ST:Policy returned:
[10/28/09 14:45:54.683]:MyID-to-WP ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<sync cached-time="20091028184554.648Z" class-name="User"
event-id="idm-dev#20091028184554#1#1"
qualified-src-dn="O=UGA\OU=Users\CN=DSHULA"
src-dn="\DEVTREE\UGA\Users\DSHULA" src-entry-id="41115"
timestamp="0#0">
<association
state="migrate">{78A0C0D2-C256-2a43-21B9-78A0C0D2C256}</association>
</sync>
</input>
</nds>
[10/28/09 14:45:54.684]:MyID-to-WP ST:Applying policy:
%+C%14Cdebug%-C.
[10/28/09 14:45:54.684]:MyID-to-WP ST: Applying to sync #1.
[10/28/09 14:45:54.684]:MyID-to-WP ST: Evaluating selection criteria
for rule 'Print op-attr'.
[10/28/09 14:45:54.685]:MyID-to-WP ST: (if-operation equal "sync")
= TRUE.
[10/28/09 14:45:54.685]:MyID-to-WP ST: Rule selected.
[10/28/09 14:45:54.685]:MyID-to-WP ST: Applying rule 'Print
op-attr'.
[10/28/09 14:45:54.685]:MyID-to-WP ST: Action:
do-trace-message(level="3","ugaFerpaFlag:
"+token-op-attr("ugaFerpaFlag")+" "+token-src-attr("ugaFerpaFlag")).
[10/28/09 14:45:54.685]:MyID-to-WP ST: arg-string("ugaFerpaFlag:
"+token-op-attr("ugaFerpaFlag")+" "+token-src-attr("ugaFerpaFlag"))
[10/28/09 14:45:54.686]:MyID-to-WP ST:
token-text("ugaFerpaFlag: ")
[10/28/09 14:45:54.686]:MyID-to-WP ST:
token-op-attr("ugaFerpaFlag")
[10/28/09 14:45:54.686]:MyID-to-WP ST: Token Value: "".
[10/28/09 14:45:54.686]:MyID-to-WP ST: token-text(" ")
[10/28/09 14:45:54.686]:MyID-to-WP ST:
token-src-attr("ugaFerpaFlag")
[10/28/09 14:45:54.687]:MyID-to-WP ST: Query from policy
[10/28/09 14:45:54.687]:MyID-to-WP ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="\DEVTREE\UGA\Users\DSHULA"
dest-entry-id="41115" scope="entry">
<read-attr attr-name="ugaFerpaFlag"/>
</query>
</input>
</nds>
[10/28/09 14:45:54.688]:MyID-to-WP ST: Pumping XDS to
eDirectory.
[10/28/09 14:45:54.688]:MyID-to-WP ST: Performing operation
query for \DEVTREE\UGA\Users\DSHULA.
[10/28/09 14:45:54.689]:MyID-to-WP ST: Query from policy
result
[10/28/09 14:45:54.689]:MyID-to-WP ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User"
qualified-src-dn="O=UGA\OU=Users\CN=DSHULA"
src-dn="\DEVTREE\UGA\Users\DSHULA" src-entry-id="41115">
<association
state="migrate">{78A0C0D2-C256-2a43-21B9-78A0C0D2C256}</association>
<attr attr-name="ugaFerpaFlag">
<value timestamp="1256755357#1" type="string">Y</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[10/28/09 14:45:54.690]:MyID-to-WP ST: Token Value: "Y".
[10/28/09 14:45:54.690]:MyID-to-WP ST: Arg Value:
"ugaFerpaFlag: Y".
[10/28/09 14:45:54.691]:MyID-to-WP ST:ugaFerpaFlag: Y
[10/28/09 14:45:54.691]:MyID-to-WP ST:Policy returned:
[10/28/09 14:45:54.691]:MyID-to-WP ST:


--
keithbmartin
------------------------------------------------------------------------
keithbmartin's Profile: http://forums.novell.com/member.php?userid=48654
View this thread: http://forums.novell.com/showthread.php?t=390823