Hello,

in the idm project im working on there are several roles and profiles a
user can have, using workflows i can grant these roles and profiles, but
when i try to add several roles at same time using a profile instead of
a single role I seem to have a problem.

I have an multivalued attribute called dnPerfil (it saves inside a
variable called coPerfil as you can see in the code) that has all roles
from the user and I have a policy inside a loopback driver that fills
that attribute using the entitlements from the role, it works well for
one role at time, but for several it doesnt, it gets the first
entitlement and uses to add only one dnPerfil (from the first
entitlement).

I tried to use this rule to fill the dnPerfil values, but it doesnt
work


Code:
--------------------


<conditions>
<and>
<if-entitlement name="AprovisionaDnPerfil" op="available"/>
<if-op-attr name="OU" op="not-changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-entitlement name="AprovisionaDnPerfil"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="coPerfil" scope="policy">
<arg-string>
<token-added-entitlement name="AprovisionaDnPerfil"/>
</arg-string>
</do-set-local-variable>
<do-add-src-attr-value name="dnPerfil">
<arg-value>
<token-parse-dn dest-dn-format="slash" src-dn-format="ldap">
<token-local-variable name="coPerfil"/>
</token-parse-dn>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-veto/>
</actions>
</rule>

--------------------



trace log in attachment..

thanks for the help


+----------------------------------------------------------------------+
|Filename: loopback.zip |
|Download: http://forums.novell.com/attachment....achmentid=4175 |
+----------------------------------------------------------------------+

--
Diogo12
------------------------------------------------------------------------
Diogo12's Profile: http://forums.novell.com/member.php?userid=61044
View this thread: http://forums.novell.com/showthread.php?t=405552