Wondering if somone has something good answer to it.

We have implemented RBEs in our solution, as we understood that RBE
policies is the best idea from the administration point of view. but
here are the some few challenges that are we facing with RBE policies.

It would be appreciated, if someone has some solutions to the following
situations.

SCENARIO #1:

a) When defining Scope of a policy, we define a OU in IDVault. Thats
good.

Weakness: What if this associated OU gets RENAME or MOVE by the
customer in its connected app., since customer connected app is
Authrative source for OUs. ???

UnExpected result -> (Entitlements are going to be removed from all
previos user which were member on this policy...)


b) After defining Scope, if you define this Condition in the policy,
a) if objectClass= user
b) Group Membership is = CN=MyGroup,o=DeadHole.

Action: Add user to group = CN=YourGroup,o=DeadHole.


Weakness: What if the Group "CN=MyGroup,o=DeadHole" gets RENAMED or
MOVED ?


c) It is NOT possible to define values from GCVs, Global Configuration
Values in the Policy Criteria.


SCENARIO #2:

Entitlements: IT is not possible to define a single ENTITLEMENT to be
both Query + Admin defined. You have to create same ENTITLMENT two
times, one wth query, and one with admin-defined list.


Any comments guys?

Regards,

Maqsood.


--
love anything that talks binary!
------------------------------------------------------------------------
belaie's Profile: http://forums.novell.com/member.php?userid=4368
View this thread: http://forums.novell.com/showthread.php?t=346374