IDM 3.5.1 eDir 8.8.1 on Netware. Latest Notes driver shim, Domino via
RL on Windows.

I need to place a user in a couple of default groups on create.

1) based on Fax number (which adds complexity since Facsimile Telephone
Number is a compound attr, but the XPATH to get the value is either:
For an add:
add-attr[@attr-name="Facsimile Telephone
Number"]/value/component[@name="faxNumber"]

For a modify:
modify-attr[@attr-name="Facsimile Telephone
Number"]/value/component[@name="faxNumber"]

2) Based on a Location value.

In both cases I have a mapping table that returns me the eDirectory DN
of the group.

All the groups of interest are synced FROM Notes. So if I have a DN in
eDir it is because it was generated from an object in Notes.


Ok, so I generate my add event, in the Sub-Create rule I do all my work,
figure out the DN's and I send a add-attr, Member of the Users source DN
to be added to the eDir DN of the Group.

I am before the Schema map rule and the Notify filter, so I should be
using eDir namespace (right?).

Just after Sub-Command Transform, I should see the references converted
to either Notes namespace or Association references.

Both add-attr's are set to go After the current operation.

When the event gets to Notes, I get told that there is no Association
ID. And the writes to the group fails. I take that to mean the
Add-association event has not happened, so the User is not yet associated.

Ok, I can parse out the Notes DN of the target user, I mean I know the
Dest-dn soon after (ok in PLacement, but I know what it is going to
generate and I can do it again here).

I tried in the INput Transform, on an add-association event but my
Op-property with the DN of the user was not getting added to the
add-association, so I had to use the Status that came after it.

Could not get to write to the Group in Notes.

if I write to the group in eDir (I.e. Add-src attr of Member to the eDir
group) then I get loopback protected and it does not sync to Notes...

There has to be an easy way to do this, isn't there? I know this would
work in the AD driver...

Any thoughts or hints?

My last ditch effort is to write back to the Group in eDir and trigger a
sync of that group as discussed in an earlier thread. I know that will
probably work, but is really a bass-ackwards way of handling it.

(No trace, I of course am no longer on site...)