I appreciate your response.

Problem:
Like to have the ConsoleOne behaviour regarding User-Group relation
with Userapp Directory Search (more concrete: Edit mode of Detail
Portlet).
In C1 it is sufficient to add a User to Members of a Group or to add a
Group to the Group Membership of a User.
C1 takes care of maintaining the Relation between User and Group
concerning the attributes Group Membership-Members and Security
Equals-Equivalent To Me.

Setting up the DAL (IDM 3.5.1) for Group attribute Members with a
DNLookup Relational Integrity of
- Source Attributes to Update --> Equivalent To Me
- Target Attributes to Update --> Group Membership and Security
Equals
yields spurious exceptions:
Virtual data exceptions
com.novell.srvprv.spi.vdata.exception.VirtualDataE xception: Ldap error
updating object: cn=AGROUP,ou=GROUPS. Error: javax.na
ming.directory.AttributeInUseException: [LDAP: error code 20 - NDS
error: duplicate value (-614)]; remaining name 'cn=user,OU=USERS'

Observation:
Adding User values to Equivalent To Me for Group via LDAP yields Group
as Secururity Equals value on User (eDirectory 8.8, SLES 9.3)
(Adding Group values on User Group Membership and Security Equals
doesn't modify Group at all)

Planned DAL DNLookup Relational Integrity:
- Source Attributes to Update --> Equivalent To Me
- Target Attributes to Update --> Group Membership

Can anyone confirm this as a valid setup?


--
Dietmar Habermann
------------------------------------------------------------------------
Dietmar Habermann's Profile: http://forums.novell.com/member.php?userid=2618
View this thread: http://forums.novell.com/showthread.php?t=306918