We are seeing apparently inconsistent RBE evaluations--entitlements not
granted where expected. This happens with multiple entitlements.
Sometimes, reevaluating the user grants the entitlement, sometimes not.


This may be similar to the problem mentioned in this thread a few
months back:

'' (http://tinyurl.com/a9ppt2)

We are already patched to the level suggested there.

We have eDirectory 8.8.2 FTF2 and IDM 3.5.1 with patches
idm351engineir3
and idm351ldapir2.

Here is an example. The entitlement's query (per ldapsearch):

dn: cn=InstRole Student Dearborn,cn=Entitlement
Policies,cn=DriverSet,ou=IDM,o=services
memberQueryURL:
ldap:///OU=People,dc=umich,dc=edu??one?(&(umichDbrnTermSta tus=*)(objectClass=inetOrgPerson))
cn: InstRole Student Dearborn
cn: dynamic

The server running the entitlements driver has a mapping between
classes User and inetOrgPerson. The trace below is from a reevaluation
of all entitlements for 2 users. User "isok" got the expected result;
user "notok" did not.

Can anyone suggest how we might track this down?

Trace, level 3, attached (entitlementswhy.txt).


+----------------------------------------------------------------------+
|Filename: entitlementswhy.txt |
|Download: http://forums.novell.com/attachment....achmentid=2281 |
+----------------------------------------------------------------------+

--
ghlghl
------------------------------------------------------------------------
ghlghl's Profile: http://forums.novell.com/member.php?userid=21515
View this thread: http://forums.novell.com/showthread.php?t=359050