As many of you know, when creating new users in Dir via a template that
includes group memberships, the driver tries to add the unassociated user
to the group in the connected system before the driver has a chance to
give the user being added a DirXML association. This creates two problems
in Notes:
1.) The initial group member in Notes has the wrong naming format (i.e.
\Treename\OU\OU\username)
2.) The new user does not get correctly added to the group until the group
is modified again.

Based on a post in this forum (albeit related to the AD driver), a
suggestion was made to insert a rule to handle this. I tried it for the
Notes driver and it 'kinda' worked but not like I would've hoped. The TID
can be found here: http://wiki.novell.com/index.php/AD_Add_Groups_Policy
I've also pasted the rule below.

The result of this rule is as follows:
1.) The initial group modify in Notes still goes through, adding the
unassociated user to the group with the wrong naming format.
2.) The rule runs, but adds the user to the Notes Group as CN/Notes
Domain. It is taking the literal username out of the eDir group and
placing it in the Notes group and tagging a /Notes Domain on the end.

Is there a way to make this pretty and only add 1 user with the correct
syntax the first time?

Thanks

-Carrick

<?xml version="1.0" encoding="UTF-8"?>
<policy
xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor">
<rule>
<description>Add new user to associated groups</description>
<conditions>
<and>
<if-operation op="equal">add</if-operation>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-set-local-variable name="groupAssociations">
<arg-node-set>
<token-xpath expression="empty"/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-src-attr name="Group Membership"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="groupAssociations">
<arg-node-set>
<token-local-variable name="groupAssociations"/>
<token-xpath expression="query:readObject($srcQueryProcessor, '',
$current-node, 'Group','')/association/text()[. != '']"/>
</arg-node-set>
</do-set-local-variable>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-local-variable name="groupAssociations"/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value class-name="Group" name="Member">
<arg-association>
<token-local-variable name="current-node"/>
</arg-association>
<arg-value type="string">
<token-dest-dn/>
</arg-value>
</do-add-dest-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>