I am running IDM 2.01. I have an eDirectory, Active Directory and
Entitlements driver loaded. The Active Directory driver is entitlement
enabled. I have a group in eDirectory that is located throughout
multiple containers in our tree and it is called esaGroup. I would like
to create an entitlement policy using a filter with the following
parameters:

Object Class equals User
Group Membership equals esaGroup

I would then like to entitle these users in Active Directory so that I
can use IDM policies to create user accounts for these members and also
place them in an equivalent group in Active Directory called esaGroup.

When creating the Entitlements filter in Role Based Entitlements, the
above filter does not return any members when I test the filter. Isn't
group membership an attribute of the User object class? Any reason that
this will not work?

Any help would be appreciated.

Thanks,
Michelle