Just a thought, Frode:
If you implement a code like this:
local variable = <parse entitlement values for this driver's
entitlements of that user>
add user to grp_<local variable_value> in <AD or eDir>
This would give you one rule for every driver.
Is this what you are thinking of?
If one user have several entitlement values for the same driver, you
just have to loop them in the same rule.

Should save some work...

Tor Harald Lothe

fsjovatsen;1737051 Wrote:
> Im using a entitlement service driver to grant/revoke entitlements. I
> made a rule in this driver to check a attribute that tells which
> department the user works in. The entitlement driver is then
> granting/revoking entitlements based on where they work. There is about
> 200 department/OUs which has different needs. Then each driver
> implements the entitlements. We got three eDir trees and a MAD. Most of
> our users resides in all the directories. The 600 rules is to handle all
> the entitlements in every directory. Am I thinking all wrong? Did this
> clearify?
> --
> Frode

