I defined two Event transformation policies to LDAP driver. Rules should
remove entries from LDAP server (and remove associations) if user's ou
changes from defined or if user is moved to disabled subtree in
Identity vault:

1. Delete user entry and association if ou value in Identity Vault

If class name equal "User"
And if association associated
And if attribute 'ou' not equal "OrgUnitValue1"

delete destination object
remove association(association(Association()))

2. Remove user entry and association if user is moved to disabled

If class name equal "user"
And if operation equal "move"
And if destination DN in subtree "employee\Disabled"

delete destination object()
remove association(association(Association()))

First rule works fine but second one deletes destination entry but
doesn't remove association. I have tried different options (add to
current operation, add before current operation, add after current
operation) but without change.

Any ideas?



kuusejuk's Profile: http://forums.novell.com/member.php?userid=10896
View this thread: http://forums.novell.com/showthread.php?t=320673