Environment
NetIQ Identity Manager 4.0.2 Patch 7
NetIQ Identity Manager 4.5 HF 2
NetIQ Identity Manager Engine Rules
NetIQ Identity Manager 4.5 HF 2
NetIQ Identity Manager Engine Rules
Situation
Driver fails to start after adding a rule using do-add-role with error:
[04/14/15 11:53:37.812]:Utility Driver ST:
DirXML Log Event -------------------
Driver: \MYTREE\system\driverset1\Utility Driver
Channel: Subscriber
Status: Error
Message: Code(-9128) Error in vnd.nds.stream://MYTREE/system/driverset1/Utility+Driver/Subscriber/NETIQGTS-sub-cmd-assign-role#XmlData:46 : An invalid value 'name' is specified for attribute 'arg-string' on element '{3}'.
[04/14/15 11:53:37.824]:Utility Driver ST:Driver terminated.
[04/14/15 11:53:37.812]:Utility Driver ST:
DirXML Log Event -------------------
Driver: \MYTREE\system\driverset1\Utility Driver
Channel: Subscriber
Status: Error
Message: Code(-9128) Error in vnd.nds.stream://MYTREE/system/driverset1/Utility+Driver/Subscriber/NETIQGTS-sub-cmd-assign-role#XmlData:46 : An invalid value 'name' is specified for attribute 'arg-string' on element '{3}'.
[04/14/15 11:53:37.824]:Utility Driver ST:Driver terminated.
Resolution
Setting 'role-assignment-type' to something requires that <arg-dn> is used:
<do-add-role id="$lv_UAAdminLDAPDN$" role-id="$lc_LDAPRoleDN$" time-out="0" url="$UAProvURL$">
<arg-password>
<token-named-password name="NOVLLIBUSERAPP.named.password"/>
</arg-password>
<arg-dn>
<token-text xml:space="preserve">cn=destinationuser,ou=users,o=data</token-text>
</arg-dn>
<arg-string name="role-assignment-type">
<token-text>USER_TO_ROLE</token-text>
</arg-string>
<arg-string name="description">
<token-text xml:space="preserve">this is by a driver</token-text>
</arg-string>
</do-add-role>

<do-add-role id="$lv_UAAdminLDAPDN$" role-id="$lc_LDAPRoleDN$" time-out="0" url="$UAProvURL$">
<arg-password>
<token-named-password name="NOVLLIBUSERAPP.named.password"/>
</arg-password>
<arg-dn>
<token-text xml:space="preserve">cn=destinationuser,ou=users,o=data</token-text>
</arg-dn>
<arg-string name="role-assignment-type">
<token-text>USER_TO_ROLE</token-text>
</arg-string>
<arg-string name="description">
<token-text xml:space="preserve">this is by a driver</token-text>
</arg-string>
</do-add-role>

Additional Information
This have been reported to engineering