I am trying to create some rules to add/remove roles in policy, but I am
consistently getting an error back. I have tried various methods, the
latest being to use the association for the user. I have tried
association, current object, and tried specifying various flavors of DN
(destination-dn, convert=yes, parse DN, etc). Can anyone tell me which
format I need to use so I do not get a bad format? I have read other
forum posts that I need to use LDAP format, but how can I get a DN in
this format?

Please see the trace below. Any help is greatly appreciated.

[03/24/10 17:34:02.615]:AuthToMain PT: Applying rule 'Remove
TestRole2'.
[03/24/10 17:34:02.615]:AuthToMain PT: Action:
do-remove-role(id="CN=IDMAdmin,OU=Admins,OU=ESC,O=CHSAuth",r ole-id="CN=testrole2,CN=Level10,CN=RoleDefs,CN=RoleCon fig,CN=AppConfig,CN=UserApplication,CN=AUTHDRIVERS ET01,OU=DirXML,OU=ESC,O=CHSAuth",url="http://10.5.61.16:80/IDM",arg-password(token-named-password("idmadmin")),arg-association(token-association())).
[03/24/10 17:34:02.615]:AuthToMain PT:
arg-password(token-named-password("idmadmin"))
[03/24/10 17:34:02.615]:AuthToMain PT:
token-named-password("idmadmin")
[03/24/10 17:34:02.615]:AuthToMain PT: Retrieving password
value for named password 'idmadmin'.
[03/24/10 17:34:02.630]:AuthToMain PT: Token Value: "--
suppressed --".
[03/24/10 17:34:02.630]:AuthToMain PT: Arg Value: "--
suppressed --".
[03/24/10 17:34:02.630]:AuthToMain PT:
arg-association(token-association())
[03/24/10 17:34:02.630]:AuthToMain PT: token-association()
[03/24/10 17:34:02.630]:AuthToMain PT: Token Value:
"{3AA4358F-99EF-3a4f-AFC1-B979008947A4}".
[03/24/10 17:34:02.630]:AuthToMain PT: Arg Value:
"{3AA4358F-99EF-3a4f-AFC1-B979008947A4}".
[03/24/10 17:34:02.646]:AuthToMain PT:
DirXML Log Event -------------------
Driver:
\CHSIDMAUTH\CHSAuth\ESC\DirXML\AUTHDRIVERSET01\CHS IDMAUTHtoCHSIDMMAIN
Channel: Publisher
Object: \CHSIDMMAIN\CHSMain\EMP\Active\rivey
(CHSAuth\USR\Corporate\Users\rivey)
Status: Error
Message: Code(-9206) Error in
vnd.nds.stream://CHSIDMAUTH/CHSAuth/ESC/DirXML/AUTHDRIVERSET01/CHSIDMAUTHtoCHSIDMMAIN/Publisher/Add+or+Remove+roles+based+on+CHS-Roles#XmlData:67
: Couldn't request revocation of role:
'CN=testrole2,CN=Level10,CN=RoleDefs,CN=RoleConfig ,CN=AppConfig,CN=UserApplication,CN=AUTHDRIVERSET0 1,OU=DirXML,OU=ESC,O=CHSAuth'
from identity 'rivey,Users,Corporate,USR,CHSAuth':
com.novell.nds.dirxml.soap.UserAppClientException:
com.novell.nds.dirxml.soap.rolestubs.NrfServiceExc eption={_Reason=Invalid
name: rivey,Users,Corporate,USR,CHSAuth}


--
robertivey
------------------------------------------------------------------------
robertivey's Profile: http://forums.novell.com/member.php?userid=27938
View this thread: http://forums.novell.com/showthread.php?t=405681