Hi all,

is it possible to create Entitlement Policies by another driver for
example the JDBC driver?

The background of this question is the follwing. We manage our
department and location informations in database tables. This database
is connected via the JDBC driver to our IDM system. Every entry in this
tables has a unique id. This unique id is stored in two user attributes
on every user object in the IDM system. If changes occur at this
department or location data (e.g. the name of the location changes),
this changes will be reflected to the user objects in IDM via the JDBC

So, this is what we current have and this works great.

Now a new challenge came up. For every department / location a group
must be created in IDM. For this we want use the
GroupEntitlementLoopback driver.

I think this are the steps to do this...

1. Stop Entitlement driver (i realized this by help of ECMAScript,
JLDAP,StartDriver/StopDriver methods)

2. Create Group (no problem)
3. Create Entitlement Policy for this group (a little bit tricky but
4. Add new Entitlement Policy to attribut DirXML-SPPriority of the
cn=Entitlement Policies container (i think no problem)
5. Start Entitlement driver (see step 1)
6. Reevaluate for the new Entitlement Policy

I think step 6 is heavy. Is it possible and when yes how can i do

Another point is, we have aprox. 6000 deaprtments and aprox. 700
locations. If we implement this we have then aprox. 7000 groups and 7000
Entitlement Policies. Can someone tell me something about the


Andre Giza

