Determine user department using AD login

KnightWare

Trying to determine user Department as Access rights to the Application.

Using Active Directory, as I do on most applications. The setup follows the manual. Always works and users don't have to login as long as they already are on the network. The one Regular User rule "Uniqueness of Login Name" exists as I never change it. I would like to add another rule checking the users department when logging on for the first time. This is defined in the Regular User as a shortcut to the underlying LDAP attribute. This second rule doesn't seem to be working. I have "Form Initialization" set to YES. I've also tried adding it as a "AND/OR" condition to the first rule, but same results... ignored.

Is this because at login the underlying attributes are not known?
Is it because "Department" is a shortcut to the LDAP object department, and again can't be read at this time?

aware_support

It's hard to understand what's going on from this description, but if some rule is not working as expected, you should check the rule log, which should give you a clue.

KnightWare

I've stopped running AIM as services and started console on the AIM server. I see all rules being logged from the initial form that displays on the dashboard, EXCERPT those under Regular User. The two rules for checking for current login (Uniqueness of login name) as well as my Validate rule do not show up in the test log.

aware_support

The rules of the Regular User will only fire when the instance of the user is being created. This is when you need to check your rules and this is when you should set the access level of the user.

KnightWare

Thanks - now that makes sense.