Hello,

I've a group with 2 associated member on my AD. Well, when i remove one
member of the group, the driver doesn't remove it from "Equivalent To
Me" attribute. The level 3 trace is:

<nds dtdversion="2.2">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="group" event-id="0"
src-dn="CN=GrupoPruebas01,CN=Builtin,DC=proyectoadmin, DC=local">
<association>53197b26552c4c4a8260fa9385b0d426</association>
<modify-attr attr-name="member">
<remove-all-values/>
<add-value>
<value association-ref="c60d1a7395c1cb46baa2c2b57906c1a2"
naming="false" type="dn">CN=pap
user,CN=Users,DC=proyectoadmin,DC=local</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>

And in the commando of the publisher:
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT:Applying policy:
Pub_Cmt_002_Command.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Applying to modify #1.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Evaluating selection
criteria for rule 'set cached context value on merge'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-operation equal
"modify") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-xpath not-true
"@from-merge='true'") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Rule selected.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Applying rule 'set cached
context value on merge'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Action:
do-add-dest-attr-value("Object Class","DirXML-ApplicationAttrs").
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT:
arg-string("DirXML-ApplicationAttrs")
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT:
token-text("DirXML-ApplicationAttrs")
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Arg Value:
"DirXML-ApplicationAttrs".
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Action:
do-set-dest-attr-value("DirXML-ADContext",token-src-dn()).
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: arg-string(token-src-dn())
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: token-src-dn()
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Token Value:
"CN=GrupoPruebas01,CN=Builtin,DC=proyectoadmin,DC= local".
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Arg Value:
"CN=GrupoPruebas01,CN=Builtin,DC=proyectoadmin,DC= local".
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Evaluating selection
criteria for rule 'Set Equivalent To Me when adding object to a group'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-class-name equal
"Group") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-op-attr 'Member'
available) = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Rule selected.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Applying rule 'Set
Equivalent To Me when adding object to a group'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Action:
do-clone-op-attr("Member","Equivalent To Me").
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Evaluating selection
criteria for rule 'remove managed attributes when object
disassociated'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-operation equal
"remove-association") = FALSE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Rule rejected.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Evaluating selection
criteria for rule 'Prevent unassociated users from being removed from
groups'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-operation equal
"modify") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-class-name equal
"Group") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-op-attr 'Member'
changing) = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Rule selected.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Applying rule 'Prevent
unassociated users from being removed from groups'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Action:
do-for-each(arg-node-set(token-removed-attr("Member"))).
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT:
arg-node-set(token-removed-attr("Member"))
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT:
token-removed-attr("Member")
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Token Value: {}.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Arg Value: {}.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Evaluating selection
criteria for rule 'Remove Equivalent To Me when removing object from a
group'.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-class-name equal
"Group") = TRUE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: (if-op-attr 'Member'
changing-from ".+") = FALSE.
11:12:10 DC359BA0 Drvrs: GAP_AD_Correo PT: Rule rejected.

Can you help me, please?

Thanks.


--
pepegomez
------------------------------------------------------------------------
pepegomez's Profile: http://forums.novell.com/member.php?userid=43610
View this thread: http://forums.novell.com/showthread.php?t=380335