I'm confused about what my Roles Based Entitlements Driver is doing in
this trace. The logic I thought I had setup was that when
usaProvisionUSATX is equal to TRUE the entitlement is granted. In the
event I am changing usaProvisionUSATX to FALSE. This should only remove
the entitlement but in the trace is shows that the entitlement is
removed, then added again.

What's going on here? Is this a bug? It's playing havoc on my AD
Driver.


~Forrest


<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.1.4427">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20090508030520.077Z" class-name="User"
event-id="USATXIDM06V-NDS#20090508030520#1#1"
qualified-src-dn="O=USA\OU=Users\CN=028022"
src-dn="\USA-VAULT-TEST\USA\Users\028022" src-entry-id="47345"
timestamp="1241751920#3">
<association
state="associated">{B507BBF5-8099-40FF-BD71-504FF949FD40}</association>
<modify-attr attr-name="usaProvisionUSAFL">
<add-value>
<value timestamp="1241751920#1" type="state">false</value>
</add-value>
</modify-attr>
<modify-attr attr-name="usaProvisionUSATX">
<remove-value>
<value timestamp="1241751640#16" type="state">true</value>
</remove-value>
<add-value>
<value timestamp="1241751920#3" type="state">false</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[05/07/09 22:05:20.218]:Entitlements Service Driver ST:BEGIN evaluate
object @dn='USA\Users\028022'
[05/07/09 22:05:20.218]:Entitlements Service Driver ST:determine policy
membership:
[05/07/09 22:05:20.390]:Entitlements Service Driver ST: is NOT a member
of entitlement policy 'USA\IDM\DriverSet\Entitlement Policies\USAFL-AD
[05/07/09 22:05:21.999]:Entitlements Service Driver ST: is NOT a member
of entitlement policy 'USA\IDM\DriverSet\Entitlement Policies\USATX-AD
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:add aux class:
[05/07/09 22:05:21.999]:Entitlements Service Driver ST: overwrite:
Syntax=SYNTAX_CLASS_NAME, attributeName=Object Class,
className=DirXML-EntitlementRecipient
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:resolve
conflicts:
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:read legacy
refs:
[05/07/09 22:05:21.999]:Entitlements Service Driver STbject doesn't
have any legacy entitlement refs
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:handle invalid
refs:
[05/07/09 22:05:21.999]:Entitlements Service Driver STbject doesn't
have any entitlement results
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:convert legacy
refs:
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:handle current
refs:
[05/07/09 22:05:21.999]:Entitlements Service Driver ST: revoke ref:
[state=1, src=RBE, ent=USA\IDM\DriverSet\USATX\USATXAccount,
id=USA\IDM\DriverSet\Entitlement Policies\USATX-AD]
[05/07/09 22:05:21.999]:Entitlements Service Driver ST: remove:
Syntax=SYNTAX_PATH, volumeDN=USA\IDM\DriverSet\USATX\USATXAccount,
volumePath=<ref><src>RBE</src><id>USA\IDM\DriverSet\Entitlement
Policies\USATX-AD</id></ref>, nameSpace=1
[05/07/09 22:05:21.999]:Entitlements Service Driver ST: add:
Syntax=SYNTAX_PATH, volumeDN=USA\IDM\DriverSet\USATX\USATXAccount,
volumePath=<ref><src>RBE</src><id>USA\IDM\DriverSet\Entitlement
Policies\USATX-AD</id></ref>, nameSpace=0
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:handle missing
refs:
[05/07/09 22:05:21.999]:Entitlements Service Driver ST:writing
changes...
[05/07/09 22:05:23.374]:Entitlements Service Driver ST:written
[05/07/09 22:05:23.374]:Entitlements Service Driver ST:END evaluate
object @dn='USA\Users\028022'


--
fevans
------------------------------------------------------------------------
fevans's Profile: http://forums.novell.com/member.php?userid=2532
View this thread: http://forums.novell.com/showthread.php?t=371920