In IDM, the process

event occurs, this triggers an action, which produces a result.

is fundamental.

I have been using dynamic groups successfully to filter objects for the
current action and this works well.

However, I have hundreds, if not a few thousand of these types of

It occurred to me that it would be nice if I could dynamically update
the dynamic group filter and then run the action.

There are 2 bits of information needed :

The Search Root and the LDAP Filter.

I have thought of updating the Dynamic Group attributes that hold this
information using a policy. However, I discover that there is only one
attribute that holds both of these bits of data memberQuery. This has
syntax 'Octect string'. Does anyone have a way of decoding/ encoding
the data in this attribute. If it was possible it would mean I could
use one Dynamic Group for all these actions. This would result in :

event occurs, this triggers update of Dynamic Group attribute
memberQuery, this then triggers an action, which produces a result.

chall's Profile:
View this thread: