I received a sample from Father Ramon that I have tried to use for a user
move. When I move the user it has to remove the group membership from the
user. Them it will assign the new group membership to the user as it is
going to the destination OU. I have eDir and AD. No groups are on the eDir
side. Here is the samples I received from Father Ramon.
Get the old DN (before the move) of the object in eDir:

<do-set-local-variable name="old-edir-dn">
<arg-string>
<token-xpath expression="@old-src-dn">
</arg-sring>
</do-set-local-variable>


Get the old qualified DN (before the move) of the object in eDir:

<do-set-local-variable name="old-edir-qualified-dn">
<arg-string>
<token-xpath expression="@old-qualified-src-dn">
</arg-sring>
</do-set-local-variable>

Get the current DN of the object in AD in a local variable call
current-ad-dn:

<do-set-local-variable name="current-ad-dn">
<arg-string>
<token-resolve>
<arg-association>
<token-association/>
</arg-association>
</token-resolve>
</arg-sring>
</do-set-local-variable>

I have been using them but with not much luck. I Have taken the variable
and used:
<do-remove-dest-attr-value class-name="Group" name="Member" hen="before">
<arg-dn>
<token-text xml:space="preserve">CN=</token-text>
<token-parse-dn dest-dn-format="ldap" src-dn-
format="ldap" start="3">
<token-local-variable name="old-edir-dn"/>
</token-parse-dn>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-remove-dest-attr-value>

I cannot change the eDir context to ldap for AD no matter what I do. I am
sure I am missing something or is it that it cannot be done this way? All I
want to do is to strip one ou name out of it so I can use it in an ldap
format. I have been able to do it with a regular src-dn Appreciate the any
help that would help.....Rob.