I am a bit lost here. I am using the <use-html> command and it works
well however I have needed to add another loop within the below logic
and when I try to use the <use-html> twice it errors.

Anybody see what I am doing wrong here?

Code:
--------------------

<rule>
<description>Veto and Notify out of process change to entitled groups</description>
<comment xml:space="preserve">This rule detects changes in gfsmemberof made in DSEE instead of the vault. gfsmemberof controls access and should only be changed based on role membership in the vault. If an attempt is made to change access in DSEE, the change is blocked and the IAM team is notified.</comment>
<conditions>
<and>
<if-op-attr name="gfsmemberof" op="available"/>
<if-operation mode="case" op="equal">modify</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="var-Entitlements" scope="policy">
<arg-string>
<token-local-variable name="var-Entitlements"/>
<token-text xml:space="preserve">&lt;use-html></token-text>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-op-attr name="gfsmemberof"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="var-Entitlements" scope="policy">
<arg-string>
<token-local-variable name="var-Entitlements"/>
<token-text xml:space="preserve"><br/>&lt;br/></token-text>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
</arg-actions>
</do-for-each>
<do-set-local-variable name="var-Entitlements" scope="policy">
<arg-string>
<token-local-variable name="var-Entitlements"/>
<token-text xml:space="preserve">&lt;/use-html></token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="var-VaultEntitlements" scope="policy">
<arg-string>
<token-local-variable name="var-VaultEntitlements"/>
<token-text xml:space="preserve">&lt;use-html></token-text>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-dest-attr name="nrfMemberOf"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="var-VaultEntitlements" scope="policy">
<arg-string>
<token-local-variable name="var-VaultEntitlements"/>
<token-text xml:space="preserve">&lt;br/></token-text>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
</arg-actions>
</do-for-each>
<do-set-local-variable name="var-Entitlements" scope="policy">
<arg-string>
<token-local-variable name="var-VaultEntitlements"/>
<token-text xml:space="preserve">&lt;/use-html></token-text>
</arg-string>
</do-set-local-variable>
<do-send-email-from-template notification-dn="Security\Default Notification Collection" template-dn="Security\Default Notification Collection\gfs-IAM notifiication of out of process Change">
<arg-string name="to">
<token-text xml:space="preserve">user1@GFSIAM</token-text>
</arg-string>
<arg-string name="CN">
<token-src-name/>
</arg-string>
<arg-string name="FullName">
<token-src-attr class-name="inetOrgPerson" name="cn"/>
</arg-string>
<arg-string name="System">
<token-text xml:space="preserve">DSEE</token-text>
</arg-string>
<arg-string name="reply-to">
<token-text xml:space="preserve">user1@GFSIAM</token-text>
</arg-string>
<arg-string name="Entitlements">
<token-local-variable name="var-Entitlements"/>
</arg-string>
<arg-string name="VaultEntitlements">
<token-local-variable name="var-VaultEntitlements"/>
</arg-string>
</do-send-email-from-template>
<do-veto/>
</actions>
</rule>

--------------------


Thank you for the help


--
larryleeroberts
------------------------------------------------------------------------
larryleeroberts's Profile: http://forums.novell.com/member.php?userid=21217
View this thread: http://forums.novell.com/showthread.php?t=428565