Hi all,

Noob questions here... I understand the concept of entitlements fine...
Just what I do not understand is the difference between removing /
deleting entitlements and revoking them...

I have my vault with IDM4 connected to AD via the AD Driver, as well as
the Role-Based Entitlements Service driver installed and configured to
grant AD UserAccount entitlement if the object is a user and belongs to
a group called ADAccess in eDirectory on the vault.
I think this is the best way, from what I have read...

Now... If I remove the user from that group, the ADUserAccount
entitlement sticks... i.e. is not removed / revoked and the account is
still active in AD...

What am I doing wrong? I do need to manually create a rule to revoke
that entitlement?


ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=435322