Hi There,

I have create a rule the matching policies on both the publisher and
subscriber channels to look for a match on the email address attribute
(Internet EMail Address)

Unfortunately as well as vetoing if the email attribute does not match
or is missing the rule is vetoing even if the email address attributes
match.

I have tried using both source attribute and operational attribute.
This is a an Active Directory to eDirectory Driver. IDM 3.6 running on
a Windows 2003 SP2 server. The Remote Loader is also running in the
same server (prefer this than using Java as you have the RL screen).
The server is also running eDirectory 8.8.3.

A screenshot of the rule has been attached and an extract from DSTrace
as follows:

Hopefully this should be enough information to start with. Thanks to
anyone who can help!

========================================
This is the log extract when creating the account without email address
- it is working how it should

Drvrs : AD to eDirectory ST: Evaluating selection criteria for
rule 'match users based on full name'.
Drvrs : AD to eDirectory ST: (if-class-name equal "User") =
TRUE.
Drvrs : AD to eDirectory ST: (if-global-variable 'FullNameMap'
equal "true") = TRUE.
Drvrs : AD to eDirectory ST: (if-op-attr 'Full Name' available)
= TRUE.
Drvrs : AD to eDirectory ST: Rule selected.
Drvrs : AD to eDirectory ST: Applying rule 'match users based on
full name'.
Drvrs : AD to eDirectory ST: Action:
do-find-matching-object(scope="entry",arg-dn("CN="+token-escape-for-dest-dn(token-attr("Full
Name"))+","+token-replace-first("(.+)","$1,",token-parse-dn(length="-2",src-dn-format="dest-dn",token-op-property("unmatched-src-dn")))+token-global-variable("drv.user.container"))).
Drvrs : AD to eDirectory ST: Evaluating selection criteria for
rule 'match user by email address - SS'.
Drvrs : AD to eDirectory ST: (if-class-name equal "User") =
TRUE.
Drvrs : AD to eDirectory ST: Rule selected.
Drvrs : AD to eDirectory ST: Applying rule 'match user by email
address - SS'.
Drvrs : AD to eDirectory ST: Action:
do-find-matching-object(scope="subtree",arg-dn(token-global-variable("drv.user.container")),arg-match-attr("Internet
EMail Address")).
Drvrs : AD to eDirectory ST: Evaluating selection criteria for
rule 'veto on matching for email address - SS'.
Drvrs : AD to eDirectory ST: (if-class-name equal "User") =
TRUE.
Drvrs : AD to eDirectory ST: (if-op-attr 'Internet EMail
Address' not-equal "true") = TRUE.
Drvrs : AD to eDirectory ST: Rule selected.
Drvrs : AD to eDirectory ST: Applying rule 'veto on matching for
email address - SS'.
Drvrs : AD to eDirectory ST: Action: do-veto().
Drvrs : AD to eDirectory ST:Policy returned:
Drvrs : AD to eDirectory ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input/>
</nds>
Drvrs : AD to eDirectory ST:Processing returned document.
Drvrs : AD to eDirectory ST:Processing operation <status> for .
Drvrs : AD to eDirectory ST:
DirXML Log Event -------------------
Driver: \MEHT\MEHT\IDM\AD to eDirectory
Channel: Subscriber
Object: \MEHT\MEHT\IDMPilotOU\itest07
Status: Warning
Message: Code(-8016) Operation vetoed by object matching policy.
Drvrs : AD to eDirectory ST:End transaction.
Drvrs : AD to eDirectory :Remote Interface Driver: Received.
Drvrs : AD to eDirectory :


================================================== ================================================== ======================

This is the log extract when creating the account with email address -
it is still being vetoed. You can see that the criteria has been meet

Drvrs : AD to eDirectory ST: Evaluating selection criteria for
rule 'match user by email address - SS'.
Drvrs : AD to eDirectory ST: (if-class-name equal "User") =
TRUE.
Drvrs : AD to eDirectory ST: Rule selected.
Drvrs : AD to eDirectory ST: Applying rule 'match user by email
address - SS'.
Drvrs : AD to eDirectory ST: Action:
do-find-matching-object(scope="subtree",arg-dn(token-global-variable("drv.user.container")),arg-match-attr("Internet
EMail Address")).
Drvrs : AD to eDirectory ST: Evaluating selection criteria for
rule 'veto on matching for email address - SS'.
Drvrs : AD to eDirectory ST: (if-class-name equal "User") =
TRUE.
Drvrs : AD to eDirectory ST: (if-op-attr 'Internet EMail
Address' not-equal "true") = TRUE.
Drvrs : AD to eDirectory ST: Rule selected.
Drvrs : AD to eDirectory ST: Applying rule 'veto on matching for
email address - SS'.
Drvrs : AD to eDirectory ST: Action: do-veto().
Drvrs : AD to eDirectory ST:Policy returned:
Drvrs : AD to eDirectory ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input/>
</nds>
Drvrs : AD to eDirectory ST:Processing returned document.
Drvrs : AD to eDirectory ST:Processing operation <status> for .
Drvrs : AD to eDirectory ST:
DirXML Log Event -------------------
Driver: \MEHT\MEHT\IDM\AD to eDirectory
Channel: Subscriber
Object: \MEHT\MEHT\IDMPilotOU\itest07
Status: Warning
Message: Code(-8016) Operation vetoed by object matching policy.
Drvrs : AD to eDirectory ST:End transaction.


+----------------------------------------------------------------------+
|Filename: rule-sc.jpg |
|Download: http://forums.novell.com/attachment....achmentid=2323 |
+----------------------------------------------------------------------+

--
stuart_sam
------------------------------------------------------------------------
stuart_sam's Profile: http://forums.novell.com/member.php?userid=43841
View this thread: http://forums.novell.com/showthread.php?t=360216