So for reasons that are many and varied we are creating entitlements out of band via LDAP. Volker has said this is possible, but as I'm working out the details I'm running into a few unknowns.

1. When creating the entitlement it appears you must also add a value for DirXML-SPPriority to the Entitlement Policies container object. This appears to have the syntax of [entitlement DN]#[priority]#[interval]

What is the purpose of the interval value and what are the available options?
Does the priority have to be serial and unique among each entitlement in the container?
Is there a better way to handle the creation of this attribute?

2. If the entitlement driver is running, and you make a change (via LDAP) to the dynamic query URL value of an entitlement, and then subsequently issue a migrate on a user (for the entitlement driver) that would be effected by the changed value, the driver fatally shuts down complaining that a dynamic value has changed and caused a change in membership. Simply restarting the driver resolves the issue and causes the migrated object to process.

Can this be avoided? or is it just something to take into account in design?

3. In the DirXML-SPDisplayEntitlements attribute of the entitlement, there is a XML node of <conflict-resolution>priority</conflict-resolution>. The particular object in question was set in Designer to merge as opposed to priority, but then subsequent entitlements seem to have this value instead.

Can this be changed to merge to avoid the issues in #1?

I'm sure I will discover more, so any other sage advice is always appreciated.