Using Role-Based Entitlements
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
I want to map three groups in eDirectory to one group in AD - how would I do that?
A:
The simplest way I can think of to map multiple groups in eDir to one group in
AD would be to use Role-Based Entitlements (RBE). You would have to add
the Group entitlement definition as though you had enabled entitlements on driver import, as well as pull in the policies that implement the entitlement. Then you create an RBE policy (aka a role) and define it such that members of those groups are members of the role, and assign the Group entitlement to that role.
Without RBE, every time one of the 3 groups was modified, you would have to do a lot more: 1) read the complete list of members from each of the groups, 2) merge the lists, 3) remove the duplicates, 4) compare with the existing AD list, and 5) generate a modify that updates the AD member list to match the union of the eDir lists. By using RBE, pretty much all of that would be done for you.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com