I just can't seem to get this right.
The solution requires AD be the authority for users.
THere are users in NDS that are also in AD. The users in NDS are named with
uniqueID and it is based on the DirXML-ADAliasName value.

I can not get a matching rule to find existing users.
Here is a trace:

13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: (if-src-attr 'DirXML-ADAliasName'
available) = TRUE.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Rule selected.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Applying rule 'Match on UID'.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Action:
do-find-matching-object(scope="subtree",arg-dn(token-global-variable("USER-BASEDN-IN-VALUT")),arg-match-attr("DirXML-ADAliasName")).
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT:
arg-dn(token-global-variable("USER-BASEDN-IN-VALUT"))
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT:
token-global-variable("USER-BASEDN-IN-VALUT")
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Token Value:
"\TEST-MYTREE\dc=com\dc=mycompany\OU=People".
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Arg Value:
"\TEST-MYTREE\dc=com\dc=mycompany\OU=People".
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: arg-match-attr("DirXML-ADAliasName")
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Query from policy
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User"
dest-dn="\TEST-MYTREE\dc=com\dc=mycompany\OU=People" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="DirXML-ADAliasName">
<value naming="true" type="string">adamso</value>
</search-attr>
<read-attr/>
</query>
</input>
</nds>
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Pumping XDS to eDirectory.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Performing operation query for
\TEST-MYTREE\dc=com\dc=mycompany\OU=People.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Query from policy result
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: No matches found.
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT: Policy returned:
13:59:56 66FB4BB0 Drvrs: TEST-MYTREE PT:

Here is the policy:
<rule>
<description>Match on UID</description>
<comment name="author" xml:space="preserve">jim@willeke.com</comment>
<comment name="version" xml:space="preserve">1.0001111</comment>
<comment name="lastchanged" xml:space="preserve">2006-02-23</comment>
<conditions>
<and>
<if-src-attr name="DirXML-ADAliasName" op="available"/>
</and>
</conditions>
<actions>
<do-find-matching-object scope="subtree">
<arg-dn>
<token-global-variable name="USER-BASEDN-IN-VALUT"/>
</arg-dn>
<arg-match-attr name="DirXML-ADAliasName"/>
</do-find-matching-object>
</actions>
</rule>
<rule disabled="true">
<description>MatchOnUniqueID</description>
<comment name="author" xml:space="preserve">jim@willeke.com</comment>
<comment name="version" xml:space="preserve">1.0</comment>
<comment name="lastchanged" xml:space="preserve">2006-02-23</comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-find-matching-object>
<arg-dn>
<token-global-variable name="USER-BASEDN-IN-VALUT"/>
</arg-dn>
<arg-match-attr name="uniqueID"/>
</do-find-matching-object>
</actions>
</rule>


The GCV for USER-BASEDN-IN-VALUT = \TEST-MYTREE\dc=com\dc=mycompany\OU=People

Thanks
-jim