Hi All,
I have a workflow that I am trying to kick off from a Loopback Driver
(GroupEntitlementLoopback). I tested the workflow that I am trying to kick
off through the User App to verify it grants the entitlement (it does). The
entitlement gives the récipient the UserAccount entitlement from the Active
Directory Driver based on whether the user is a member of the ITD group in
eDir. I think I am getting close to it working, but have hit a wall in my
trouble-shooting. Like I said I could manually log into the User App
program as the user and can successfully perform the workflow with no
problems. The trouble comes when I try to kick off the same workflow from
the driver.

I have my policy trying to kick off the workflow to grant the account (if a
user is a member of ITD group, give them an AD account). It is a No
Approval workflow using the UserAccount Entitlement for the Entitlement DN
(set it up through iManager). The entitlement is a No Value entitlement, so
I don't have anything entered in DirXML-Entitlement-Parameter, which I am
beginning to suspect may be the problem (when I look at it in Designer the
Data Item Mapping shows '{enter Entitlement param here}'). The Loopback
Driver gives me an error saying a Data item[] is not defined. I have no
idea which data item it's talking about. Here is the error in the trace:


DirXML Log Event -------------------
Driver: \LDAP-TB\utc\VM-IDM-TB\GroupEntitlementLoopback
Channel: Subscriber
Status: Error
Message: Code(-9194) Error in
vnd.nds.stream://LDAP-TB/utc/VM-IDM-TB/GroupEntitlementLoopback/Subscriber/Ent+GrantRevokeAD#XmlData:23
: Couldn't start workflow
'CN=CreateADAccount,CN=RequestDefs,CN=AppConfig,CN =UserApplication-TB,CN=VM-IDM-TB,O=utc'
for recipient 'CN=aadams,OU=Users,O=utc':
com.novell.soa.af.impl.soap.AdminException={reason =Data item [] is not
defined for activity or provisioning request}
[09/09/2008 14:01:45.584] GroupEntitlementLoopback ST: Evaluating
selection criteria for rule 'Revoke AD account if not in ITD group'.
[09/09/2008 14:01:45.586] GroupEntitlementLoopback ST: (if-class-name
equal "User") = TRUE.
[09/09/2008 14:01:45.584] GroupEntitlementLoopback ST: (if-entitlement
'UserAccount' available) = FALSE.
[09/09/2008 14:01:45.590] GroupEntitlementLoopback ST: Rule rejected.
[09/09/2008 14:01:45.591] GroupEntitlementLoopback ST:Policy returned:
[09/09/2008 14:01:45.593] GroupEntitlementLoopback ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20080909180145.054Z" class-name="User"
event-id="1net#20080909180145#2#2"
qualified-src-dn="O=utc\OU=Users\CN=aadams"
src-dn="\LDAP-TB\utc\Users\aadams" src-entry-id="33610"
timestamp="1220983300#1">
<association state="associated">LU4A3ZEi60+miy1OAN2RIg==</association>
<modify-attr attr-name="Group Membership">
<add-value>
<value timestamp="1220983300#1"
type="dn">\LDAP-TB\utc\Groups\ITD</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>


Any help is greatly appreciated.

-Morgan