I'm having difficulty getting the Notes Driver to set ACLs properly on
newly created mail files. Regardless of the parameter I choose, the
mail file is created with MANAGER access. I know I'm setting the GCV
properly. I'm wondering if I'm missing something?

Here is a snippet from the trace (this is the AddAccountNotesOptions
creation policy):


Notes lntest ST: Evaluating selection criteria for rule ' Add User
E-Mail: ACL Setting'.
Notes lntest ST: (if-global-variable 'account.email.aclsetting'
available) = TRUE.
Notes lntest ST: (if-global-variable 'account.email.aclsetting'
not-equal "default") = TRUE.
Notes lntest ST: Rule selected.
Notes lntest ST: Applying rule ' Add User E-Mail: ACL Setting'.
Notes lntest ST: Action:
do-set-xml-attr("mail-acl-level","../add[@class-name='User']",token-global-variable("account.email.aclsetting")).
Notes lntest ST:
arg-string(token-global-variable("account.email.aclsetting"))
Notes lntest ST: token-global-variable("account.email.aclsetting")
Notes lntest ST: Token Value: "NOACCESS".
Notes lntest ST: Arg Value: "NOACCESS".


I was testing with an ACL of "NOACCESS", but my goal is to have the ACL
set to EDITOR (which I've tried with the same result). The final
document, as submitted to the remote loader, is as follows (and it
appears to have the correct ACL, at least in the document):


Notes lntest ST: Stripping operation data from input document
Notes lntest ST: Remote Interface Driver: Sending...
Notes lntest ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add allow-adminp-support="true" certify-user="true"
class-name="Person" create-mail="true" dest-dn="CN=testuser/O=lntest"
event-id="WCF-1#20060516140345#6#2" expire-term="2"
internet-password-force-change="false" mail-acl-level="NOACCESS"
mail-acl-manager-name="CN=DirXML Driver/O=lntest"
mail-file-inherit-flag="true" mail-file-quota="512000"
mail-quota-warning-threshold="384000" no-id-file="false"
notes-password-change-interval="0"
notes-password-check-setting="PWD_CHK_CHECKPASSWORD"
notes-password-grace-period="0"
qualified-src-dn="O=vault\OU=users\OU=active\CN=testuser"
roaming-cleanup-period="90"
roaming-cleanup-setting="REG_ROAMING_CLEANUP_EVERY_NDAYS"
roaming-server="CN=lntestmail/O=lntest"
roaming-subdir="Roaming\TestUser" roaming-user="false"
src-dn="\IDMTREE\vault\users\active\testuser" src-entry-id="34425"
store-useridfile-in-ab="true" sync-internet-password="true">
<add-attr attr-name="FullName">
<value naming="true" timestamp="1147714119#4"
type="string">testuser</value>
</add-attr>
<add-attr attr-name="Comment">
<value timestamp="1147714119#19" type="string">DirXML User</value>
</add-attr>
<add-attr attr-name="OfficeFAXPhoneNumber">
<value timestamp="1147714119#20" type="structured">
<component name="faxNumber">(555) 555-8610</component>
<component name="faxBitCount">0</component>
<component name="faxParameters"/>
</value>
</add-attr>
<add-attr attr-name="Location">
<value timestamp="1147714119#21" type="string">Murray</value>
</add-attr>
<add-attr attr-name="Department">
<value timestamp="1147714119#25" type="string">IT</value>
</add-attr>
<add-attr attr-name="LastName">
<value timestamp="1147714119#29" type="string">User</value>
</add-attr>
<add-attr attr-name="OfficePhoneNumber">
<value timestamp="1147714119#30" type="teleNumber">(555)
555-8000</value>
</add-attr>
<add-attr attr-name="JobTitle">
<value timestamp="1147714119#31" type="string">DIRXML Crash Test
Dummy</value>
</add-attr>
<add-attr attr-name="FirstName">
<value timestamp="1147714119#35" type="string">Test</value>
</add-attr>
<add-attr attr-name="Suffix">
<value timestamp="1147714119#36" type="string">T430</value>
</add-attr>
<password><!-- content suppressed --></password>
<operation-data>
<password-subscribe-status/>
<association/>
<src-dn>\IDMTREE\vault\users\active\testuser</src-dn>
</operation-data>
</add>
</input>
</nds>
Notes lntest ST: Remote Interface Driver: Document sent.
Notes lntest : Remote Interface Driver: Waiting for receive...
Notes lntest : Remote Interface Driver: Received.
Notes lntest :
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20060324_1600 " instance="Notes lntest"
version="2.2.1">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="WCF-1#20060516140345#6#2" level="success"/>
<add-association dest-dn="\IDMTREE\vault\users\active\testuser"
event-id="WCF-1#20060516140345#6#2">C8E459FDFFCEAED087257170004D 9322</add-association>
<status event-id="WCF-1#20060516140345#6#2" level="success"
type="app-general">
<mailfile-creation filename="mail/TestUser.nsf"
server="CN=lntestmail/O=lntest">success</mailfile-creation>
</status>
</output>
</nds>

This snippet is from the Remote Loader, where REGARDLESS of the ACL set
in the GCV, the remote loader sets the "Mail File ACL Level" to 6 (which
I assume is MANAGER). All the other settings appear to be correctly
applied (e.g. quotas, warning thresholds, etc):

DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
MailDb: mail/TestUser.nsf
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
MailTemplate: dwa7.ntf
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Inherit from Mail File Template: true
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
MailPath: mail
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
MailServer: CN=lntestmail/O=lntest
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Notes DN: CN=Test User/O=lntest
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
First Name: Test
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Last Name: User
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Mail File ACL Level: 6
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Mail ACL Manager: CN=DirXML Driver/O=lntest
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Mail ACL Manager Group: null
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Mail File Size Quota: 512000
DirXML: [05/16/06 08:07:20.92]: TRACE: Notes lntest: createMailFile -
Mail Quota Warning Threshold: 384000
DirXML: [05/16/06 08:07:41.17]: TRACE: Remote Loader: Connection
monitor thread waking up.
DirXML: [05/16/06 08:07:41.17]: TRACE: Remote Loader: Connection
monitor thread going to sleep.
DirXML: [05/16/06 08:07:51.33]: TRACE: Notes lntest: Added CN=Test
User/O=lntest (level = 6) to ACL on mailbox mail/TestUser.nsf
DirXML: [05/16/06 08:07:51.39]: TRACE: Notes lntest: createMailFile -
Removed CN=DirXML Driver/O=lntest from ACL on mailbox mail/TestUser.nsf
DirXML: [05/16/06 08:07:51.49]: TRACE: Notes lntest: createMailFile -
Added CN=DirXML Driver/O=lntest (level=MANAGER) to ACL on mailbox
mail/TestUser.nsf
DirXML: [05/16/06 08:07:51.49]: TRACE: Notes lntest: addUserMailbox:
createMailFile created mail/TestUser.nsf
DirXML: [05/16/06 08:07:51.49]: TRACE: Notes lntest: addUserMailbox:
mail/TestUser.nsf will inherit changes
DirXML: [05/16/06 08:07:51.49]: TRACE: Notes lntest: addUserMailbox:
mail/TestUser.nsf Mail Domain = lntest
DirXML: [05/16/06 08:07:51.49]: TRACE: Notes lntest: addUserMailbox:
mail/TestUser.nsf Mail Server = CN=lntestmail/O=lntest