Dear All,

I am using IDM3 and the RACF driver but I'm having trouble when
checking for the existence of a RACF group from the subscriber channel.

The code I have written is:

<description>Look for a matching RACF Group object</description>
<do-set-local-variable name="RACF-Group">
<token-text xml:space="preserve">$</token-text>
<token-local-variable name="RACF-Location"/>
<do-set-local-variable name="RACF-Group-found">
expression="count(query:search($destQueryProcessor ,'subtree','','GROUPS/','GROUP','CN',$RACF-Group,''))"/>
<do-trace-message color="brpurple" level="1">
<token-text xml:space="preserve">RACF group object search for
<token-local-variable name="RACF-Group"/>
<token-text xml:space="preserve">', has found '</token-text>
<token-local-variable name="RACF-Group-found"/>
<token-text xml:space="preserve">'.</token-text>

The variable RACF-Location is being set in an earlier rule in the same
I have tried the query without 'subtree'; with 'GROUPS\'; and also just

The DStrace shows:

<nds dtdversion="3.0" ndsversion="8.x">
<product version=" ">DirXML</product>
<contact>Novell, Inc.</contact>
<query class-name="Group" dest-dn="GROUPS/" event-id="0" scope="subtree">
<search-class class-name="Group"/>
<search-attr attr-name="DirXML-RACF-group">

ST: RACF group object search for '$TEST', has found '0'.

NB RACF does have a group called '$TEST'.

Your corrections to my XPATH statement would be much appreciated.