Hello,
I am trying to establish IDvault authority over Deny Access group, I mean that if LoginDisabled=false and user has been put in Deny Access group manually so I must catch this event and remove the user from Deny Access group as LoginDisabled=false
and if LoginDisabled=true and the user is removed from Deny Access group manually, I must as well react and get the user back into Deny Access group
I set the filter in the publisher to sync 'Group' class and notify 'members' attribute
I am getting the follwing document on the publisher
Dont ask me to post the whole trace, no thing interesting and the document is the same all over the publisher
When a user is added to the group, I had no issue to know that because he will be contained in <add-value>...</add-value>
But when the user is removed , he does not appear in some <remove-value> element, its always <remove-all-values/>, no history for the removed member
Could any one tell me if there is a trick to watch Deny Access group for removed members, or if there is a better way to keep IDVault Authority over Deny Access Group
Thanks in advance.
I am trying to establish IDvault authority over Deny Access group, I mean that if LoginDisabled=false and user has been put in Deny Access group manually so I must catch this event and remove the user from Deny Access group as LoginDisabled=false
and if LoginDisabled=true and the user is removed from Deny Access group manually, I must as well react and get the user back into Deny Access group
I set the filter in the publisher to sync 'Group' class and notify 'members' attribute
I am getting the follwing document on the publisher
Code:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20110525_152103" instance="LotusNotes" version="3.5.7">Identity Manager Driver for Lotus Notes</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="Group" event-id="EE7AF6BC9518E73EC125798B0033FD52 - 1328720003337">
<association state="associated">EE7AF6BC9518E73EC125798B0033FD52</association>
<modify-attr attr-name="Members">
<remove-all-values/>
<add-value>
<value>CN=Zachai LEVI/OU=EXT/OU=FR/O=Vuitton</value>
<value association-ref="DCEAB9158B88DCC2C12579990049E63D" type="dn">CN=Fanny BACLET LEJEUNE/OU=FR/O=Vuitton</value>
<value association-ref="7589F8F12F10DBC9C125799C004A6DDA" type="dn">CN=Salman ROCHDI/OU=FR/O=Vuitton</value>
<value association-ref="51E5707C5170A547C125799E00535909" type="dn">CN=Paul LIVRE/OU=FR/O=Vuitton</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>When a user is added to the group, I had no issue to know that because he will be contained in <add-value>...</add-value>
But when the user is removed , he does not appear in some <remove-value> element, its always <remove-all-values/>, no history for the removed member
Could any one tell me if there is a trick to watch Deny Access group for removed members, or if there is a better way to keep IDVault Authority over Deny Access Group
Thanks in advance.