My driver to AD is authoritative for creating users in a specific OU-subtree
in the domain.
Lets say: ou=org,dc=domain,dc=com below this "base" ou's are created for the
org structure, users are created in those lower level OU's.
Example: CN=User1,OU=dep1,OU=org,DC=domain,DC=com

When matching, I want to match in the entire domain.
How can I detect (and send an e-mail), if the match was found in, or outside
my base container.

While writing this down, basically the question is where to write a policy
to test if a match was found, and how to get from the query result the
object that was found.
I can see the information is available in the query result (snippet below).

I want to do this in both channels of a AD driver.
Some dirxml script examples ware greatly apreciated. (IDM 3.5.1)

René

Matching Rule
<rule>
<description>Users: match on LoginID</description>
<comment xml:space="preserve">Objects are matched anywhere in the AD, not
just the relative position in the hierarchy.</comment>
<conditions>
<and>
<if-class-name mode="case" op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-find-matching-object scope="subtree">
<arg-dn>
<token-parse-dn dest-dn-format="ldap" length="2" src-dn-format="ldap"
start="0">
<token-global-variable name="gcv-user-placement"/>
</token-parse-dn>
</arg-dn>
<arg-match-attr name="DirXML-ADAliasName">
<arg-value type="string">
<token-src-name/>
</arg-value>
</arg-match-attr>
</do-find-matching-object>
<do-break/>
</actions>
</rule>

Trace
[12/24/08 10:02:38.291]:IV2AD ST: Applying schema mapping policies to
input.
[12/24/08 10:02:38.291]:IV2AD ST: Applying policy:
%+C%14CSchemaMapping%-C.
[12/24/08 10:02:38.292]:IV2AD ST: Mapping class-name 'user' to
'User'.
[12/24/08 10:02:38.292]:IV2AD ST: Resolving association references.
[12/24/08 10:02:38.294]:IV2AD ST: Query from policy result
[12/24/08 10:02:38.293]:IV2AD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070823_095000"
instance="\T-CUST-IV\CUST\GRSC\t-CUST-iv-drivers\IV2AD"
version="3.5.1">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0"
src-dn="CN=User1,OU=dep1,OU=org,DC=domain,DC=com">
<association>9e73982bd6ad8a4c9cd6057bd801b863</association>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[12/24/08 10:02:38.295]:IV2AD ST: Match found:
src-dn='CN=User1,OU=dep1,OU=org,DC=domain,DC=com'
association='9e73982bd6ad8a4c9cd6057bd801b863'
[12/24/08 10:02:38.295]:IV2AD ST: Action: do-break().