I have an Ldap driver without changelog, using publisher channel
mainly, only syncing one attribute on subscriber channel. This is for

For OU:s we sync them on publisher channel only, create - delete -
modify -rename.

Now to the problem.
If I rename a OU in the vault it does rename it in the LDAP db as it
My problem is that all associations for that OU is now wrong since LDAP
uses DN as association value.

I started to work on an rule that should update all users with an
association value from that container but I don't have access to the
system so I can't try it.

Has anyone done this before ?

Was thinking in the lines of this:
If OU and operation rename then

query dirxml-associations for all users and set in a nodeset variable.
If the association ends with the same value as the OU:s association
remove association and add cn="cn", ou:s new DN in ldap format.

Dont know if I have to do a query for all users since I dont't have
anything to match on, I just need all users.

Was wondering if this was the best way or if I should change
association attribute value instead and how do I do that in that case.

joakim . ganse_@_ accept-it . se
joakim_ganse's Profile: http://forums.novell.com/member.php?userid=6236
View this thread: http://forums.novell.com/showthread.php?t=401750