Hi all,

I have idm2x on NW. I have a loopback driver doing all sorts of wonderful
things and it's all going fine. What i want to do is add a policy to it that
checks for a duplicate account when a new account is created and then do
some action on it like delete it or send and email etc..anyway the action
isn't that important. What i want to know is how do i get it to find the
duplicate object.

I put most of the stuff that i'm doing in the Sub Event Trans Policy. I set
a local variable called lc-user which just says User objects created and
it's a staff member. I've currently got it searching the subtree under the O
and matching on CN.

Not sure what to do next....ie i'm not sure what it returns and how to
capture that if that makes any sense. I read someewhere that if it finds a
single match it returns $#xFFFC and multiple it returns &#xFFFD..but not
sure if that's right...well it's not working for may anyhow the trace
does come back with the new object by i want to know it there's a duplicate
in another OU.

Any help would be greatly appreciated.

<rule>
<description>Find Duplicate Account Creation</description>
<conditions>
<and>
<if-local-variable name="lc-user" op="equal">staff</if-local-variable>
<if-operation op="equal">add</if-operation>
</and>
</conditions>
<actions>
<do-find-matching-object>
<arg-dn>
<token-text xml:space="preserve">Curtin</token-text>
<token-attr name="OU"/>
</arg-dn>
<arg-match-attr name="CN"/>
</do-find-matching-object>
</actions>
</rule>