IDM2 is the version we are using.

I know it's a different area, but it's still mighty confusing for me!


"Father Ramon" <devforums@novell.com> wrote in message
news:Wht1g.2988$sd1.2957@prv-forum2.provo.novell.com...
> You seem to have moved on to another topic altogether. If there isn't a
> user with sAMAccountName = AD003-2, then the matching policy is not going
> to find a match and it will move on to the creation and placement policies
> to decide if an object should be created and what it should be named.
>
> If what you're actually looking for help with is placement policy, then we
> need to know what version of IDM you are working with because the default
> policies are very different between IDM2 and IDM3.
>
> --
>
> Father Ramon
>
>
> Nelson wrote:
>> Thanks Father! I tried that.... and the driver still does not seem to
>> match correctly:
>>
>> ie if I edit user AD003-2, which has the same given name, surname and
>> fullname as user AD003, I need AD003 to fail the matching rule and to
>> create the AD003-2 user in AD.
>>
>> What seems to be happening is that the driver seems to want to create AD
>> 003 and not AD003-2, as shown below.
>>
>> DirXML Log Event -------------------
>> Driver = \BLACK-TREE\UK\Salford\Servers\Driver_Set\IDMADDriverTest s
>> Thread = Subscriber Channel
>> Object = \BLACK-TREE\IDMADDriverTest\AD003-2 (CN=AD
>> 003,ou=IDMADDriverTest,dc=imanami,dc=local)
>> Level = error
>> Message = <ldap-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">
>> <client-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">Already
>> Exists</client-err>
>> <server-err>00002071: UpdErr: DSID-030502F7, problem 6005
>> (ENTRY_EXISTS), data 0
>> </server-err>
>> <server-err-ex win32-rc="8305"/>
>> </ldap-err>
>>
>> I can't help get the feeling that I'm being stupid here and missing
>> something really obvious
>>
>>
>> "Father Ramon" <devforums@novell.com> wrote in message
>> news:xKr1g.2841$sd1.59@prv-forum2.provo.novell.com...
>>> Try:
>>>
>>> <do-find-matching-object scope="subordinates">
>>> <arg-dn>
>>> <token-text>ou=IDMADDriverTest,dc=domain,dc=local</token-text>
>>> </arg-dn>
>>> <arg-match-attr name="sAMAccountName">
>>> <arg-value>
>>> <token-src-name/>
>>> </arg-value>
>>> </arg-match-attr>
>>> </do-find-matching-object>
>>>
>>> --
>>>
>>> Father Ramon
>>>
>>>
>>> Nelson wrote:
>>>>
>>>>
>>>> I am struggling with the syntax to create a match on sAMAccountName. We
>>>> have edited the matching rule as follows:
>>>>
>>>> <description>Match Existing Users</description>
>>>> <conditions>
>>>> <and>
>>>> <if-operation op="equal">add</if-operation>
>>>> </and>
>>>> </conditions>
>>>> <actions>
>>>> <do-find-matching-object scope="subordinates">
>>>> <arg-dn>
>>>> <token-text
>>>> xml:space="preserve">ou=IDMADDriverTest,dc=domain, dc=local</token-text>
>>>> </arg-dn>
>>>> <arg-match-attr name="CN"/>
>>>> </do-find-matching-object>
>>>> </actions>
>>>> </rule>
>>>>
>>>> If I read this ccorrectly I am trying to match the eDirectory CN to the
>>>> AD sAMAccountName, but I'm drawing a blank on the rule actually working
>>>> when I try and run it.
>>>>
>>>>
>>>>
>>>> "Father Ramon" <devforums@novell.com> wrote in message
>>>> news:Bgr1g.2796$sd1.674@prv-forum2.provo.novell.com...
>>>>> Not obviously - you made no prior mention that you had tried anything.
>>>>> What exactly did you try that didn't work?
>>>>> --
>>>>>
>>>>> Father Ramon
>>>>>
>>>>>
>>>>> Nelson wrote:
>>>>>> Thank you Father.
>>>>>>
>>>>>> Obviously I had already tried to do that but had not been successful.
>>>>>>
>>>>>>
>>>>>> "Father Ramon" <devforums@novell.com> wrote in message
>>>>>> news:8Jq1g.2756$sd1.1305@prv-forum2.provo.novell.com...
>>>>>>> Yes, Just change the matching policy.
>>>>>>> --
>>>>>>>
>>>>>>> Father Ramon
>>>>>>>
>>>>>>>
>>>>>>> Nelson wrote:
>>>>>>>> Is it possible to get have the AD driver match on sAMAccountName?
>>>>>>>>
>>>>>>>> We have an AD and eDirectory with many, many multiples of names and
>>>>>>>> the only unique value is the eDirectory CN and the AD
>>>>>>>> sAMAccountName.
>>>>>>>>
>>>>>>>> The standard driver seems to use the Operationsl Attribute 'Full
>>>>>>>> Name' but we can not rely on this value!
>>>>>>>>
>>>>>>>> All help gratefully received!
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Nelson

>>