This is actually for a Notes driver, but I don't suppose it makes much
difference. The directory I want to match up to has one or other of two
attributes set correctly for the vast majority of users, but not a
sufficiently large population of either that I can choose just one of
them to match on

I'm pretty new to this but I believe I can set up a rule that requires
both to match pretty easily, but I don't see how to do the either/or.
The matching policy at the moment contains two rules:-

veto if workforceid not available
if add
and if user
and if op attr workforceid not available

User match

if class name equal "User"
find matching object(scope="subtree",match("workforceID"))

What I need is a rule with CN as well. If I just add it below the
others like this:-

if class name equal "User"
find matching object(scope="subtree",match("CN"))

AM I right in thinking it will be executed if the find matching object
fails, or will the break kick in anyway because if class name equal
"User" was true, even though a match wasn't found?

