Hi,

Running SLES 11sp1, IDM 3.6, eDirectory8.8sp6, sync'ing to MAD
Win2008r2

I'm using a loopback driver to provide several function, one of which
is set / remove group membership based on user object attributes.

Group membership addition is performed on the user object with two
commands:

add source attribute value( "Group Membership", groupname )
add source attribute value( "Security Equals", groupname )


Tests indicated all was working as expected.

However, things are not do good when I run an LDIF import to set
attributes for many users.

Importing changes to ~18000 user objects, the loopback runs and a level
3 trace shows all users updated successfully. However, when I look at
the group membership using iManager2.7, there are between 2000 - 5000
members. Looking at user object that have been added but don't show up
using an LDAP browser, neither of the attributes have been added.

To confuse the issue even more the group synchronized to MAD shows the
expected number of members.

eDirectory and timesync all looks ok.

Any thoughts gratefully received

Ian Vine
Swansea University


--
iavine
------------------------------------------------------------------------
iavine's Profile: http://forums.novell.com/member.php?userid=32209
View this thread: http://forums.novell.com/showthread.php?t=445693