i know this has been done before but i just cant get mine working

i need to look at an attribute and if it exist add to group when
removed remove from group
i actually have the user being added to the group, my rule does not
remove him/her from the group when attribute not found


Code:
--------------------

<rule>
<description>Join userg</description>
<conditions>
<or>
<if-src-attr mode="regex" name="Title" op="equal">.*userg.*</if-src-attr>
</or>
</conditions>
<actions>
<do-add-src-attr-value name="Group Membership">
<arg-value type="string">
<token-text>rlc\groups\userg</token-text>
</arg-value>
</do-add-src-attr-value>
<do-add-src-attr-value name="Security Equals">
<arg-value type="string">
<token-text>rlc\groups\userg</token-text>
</arg-value>
</do-add-src-attr-value>
<do-break/>
</actions>
</rule>
<rule>
<description>Otherwise leave userg</description>
<conditions>
<and>
<if-src-attr mode="regex" name="Title" op="not-equal">.*userg.*</if-src-attr>
</and>
</conditions>
<actions>
<do-remove-dest-attr-value name="Group Membership">
<arg-value type="string">
<token-text xml:space="preserve">rlc\groups\userg</token-text>
</arg-value>
</do-remove-dest-attr-value>
<do-remove-dest-attr-value name="Security Equals">
<arg-value type="string">
<token-text xml:space="preserve">rlc\groups\userg</token-text>
</arg-value>
</do-remove-dest-attr-value>
</actions>
</rule>

--------------------




here is the trace with some errors at the bottom


Code:
--------------------

08/26/09 00:37:57.448]:loopback PT: (if-src-attr 'Title' match ".*userg.*") = FALSE.
[08/26/09 00:37:57.450]:loopback PT: Rule rejected.
[08/26/09 00:37:57.452]:loopback PT: Evaluating selection criteria for rule 'Otherwise leave userg'.
[08/26/09 00:37:57.464]:loopback PT: (if-src-attr 'Title' not-match ".*userg.*") = TRUE.
[08/26/09 00:37:57.468]:loopback PT: Rule selected.
[08/26/09 00:37:57.474]:loopback PT: Applying rule 'Otherwise leave userg'.
[08/26/09 00:37:57.478]:loopback PT: Action: do-remove-dest-attr-value("Group Membership","rlc\groups\userg").
[08/26/09 00:37:57.481]:loopback PT: arg-string("rlc\groups\userg")
[08/26/09 00:37:57.483]:loopback PT: token-text("rlc\groups\userg")
[08/26/09 00:37:57.485]:loopback PT: Arg Value: "rlc\groups\userg".
[08/26/09 00:37:57.487]:loopback PT: Action: do-remove-dest-attr-value("Security Equals","rlc\groups\userg").
[08/26/09 00:37:57.490]:loopback PT: arg-string("rlc\groups\userg")
[08/26/09 00:37:57.492]:loopback PT: token-text("rlc\groups\userg")
[08/26/09 00:37:57.493]:loopback PT: Arg Value: "rlc\groups\userg".
[08/26/09 00:37:57.495]:loopback PT:Policy returned:
[08/26/09 00:37:57.497]:loopback PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add class-name="User" event-id="idmmetatest#20090825143756#1#1" qualified-src-dn="O=rlc\OU=users\OU=staff\CN=9486" src-dn="\IDMMETA\rlc\users\staff\9486" src-entry-id="33868">
<association state="manual"></association>
<add-attr attr-name="CN">
<value naming="true" timestamp="1251093953#336" type="string">9486</value>
</add-attr>
<add-attr attr-name="Full Name">
<value timestamp="1251107360#2" type="string">Stephen Carins</value>
</add-attr>
<add-attr attr-name="Given Name">
<value timestamp="1251093953#314" type="string">Stephen</value>
</add-attr>
<add-attr attr-name="rlcStaffJobPositionCode">
<value timestamp="1251206846#4" type="string">NONE</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1251107358#3" type="string">Carins</value>
</add-attr>
<add-attr attr-name="Title">
<value timestamp="1251202024#1" type="string">mr</value>
</add-attr>
</add>
<modify class-name="User" event-id="idmmetatest#20090825143756#1#1" qualified-src-dn="O=rlc\OU=users\OU=staff\CN=9486" src-dn="\IDMMETA\rlc\users\staff\9486" src-entry-id="33868">
<modify-attr attr-name="Group Membership">
<remove-value>
<value type="string">rlc\groups\userg</value>
</remove-value>
</modify-attr>
</modify>
<modify class-name="User" event-id="idmmetatest#20090825143756#1#1" qualified-src-dn="O=rlc\OU=users\OU=staff\CN=9486" src-dn="\IDMMETA\rlc\users\staff\9486" src-entry-id="33868">
<modify-attr attr-name="Security Equals">
<remove-value>
<value type="string">rlc\groups\userg</value>
</remove-value>
</modify-attr>
</modify>
</input>
</nds>
[08/26/09 00:37:57.554]:loopback PT:No object placement policies.
[08/26/09 00:37:57.556]:loopback PT:Found non-class attribute rlcStaffJobPositionCode.
[08/26/09 00:37:57.562]:loopback PT:Adding auxiliary class rlcUser to operation.
[08/26/09 00:37:57.564]:loopback PT:No command transformation policies.
[08/26/09 00:37:57.566]:loopback PT:Filtering out notification-only attributes.
[08/26/09 00:37:57.568]:loopback PT:Pumping XDS to eDirectory.
[08/26/09 00:37:57.570]:loopback PT:Performing operation add for .
[08/26/09 00:37:57.706]:loopback PT:Performing operation modify for .
[08/26/09 00:37:57.741]:loopback PT:Performing operation modify for .
[08/26/09 00:37:57.777]:loopback PT:
DirXML Log Event -------------------
Driver: \IDMMETA\rlc\idm\rlc_driverset\Generic Loopback
Channel: Publisher
Object: \IDMMETA\rlc\users\staff\9486
Status: Error
Message: Code(-9040) <add> operation does not have dest-dn.
[08/26/09 00:37:57.817]:loopback PT:
DirXML Log Event -------------------
Driver: \IDMMETA\rlc\idm\rlc_driverset\Generic Loopback
Channel: Publisher
Object: \IDMMETA\rlc\users\staff\9486
Status: Error
Message: Code(-9039) Element <modify> does not have a valid association.
[08/26/09 00:37:57.853]:loopback PT:
DirXML Log Event -------------------
Driver: \IDMMETA\rlc\idm\rlc_driverset\Generic Loopback
Channel: Publisher
Object: \IDMMETA\rlc\users\staff\9486
Status: Error
Message: Code(-9039) Element <modify> does not have a valid association.
[08/26/09 00:37:57.889]:loopback PT:Fixing up association references.
[08/26/09 00:37:57.891]:loopback PT:Applying schema mapping policies to output.
[08/26/09 00:37:57.893]:loopback PT:Applying policy: %+C%14CMappingRule%-C.
[08/26/09 00:37:57.895]:loopback PT:No output transformation policies.
[08/26/09 00:37:57.897]:loopback PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9040) &lt;add> operation does not have dest-dn.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9039) Element &lt;modify> does not have a valid association.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9039) Element &lt;modify> does not have a valid association.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[08/26/09 00:37:57.924]:loopback ST:SubscriptionShim.execute() returned:
[08/26/09 00:37:57.926]:loopback ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9040) &lt;add> operation does not have dest-dn.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9039) Element &lt;modify> does not have a valid association.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
<status event-id="idmmetatest#20090825143756#1#1" level="error">Code(-9039) Element &lt;modify> does not have a valid association.<application>DirXML</application>
<module>Generic Loopback</module>
<object-dn>\IDMMETA\rlc\users\staff\9486</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>

--------------------


many thanks
Steve


--
scarins
------------------------------------------------------------------------
scarins's Profile: http://forums.novell.com/member.php?userid=14224
View this thread: http://forums.novell.com/showthread.php?t=383694