Article

(View Disclaimer)

The background to this article is a need to convert a typical slash formatted edir name, \org name\org unit 1\org unit 2\object , to an LDAP formatted edir name, cn=object,ou=org unit 2,ou=org unit 1,o=org name.

The reason we had to do this was to use the value set by this attribute value as a lookup for UserApp, which needed to resolve the DN to display the description to the end user.

There is of course a token that will convert the slash format to LDAP format but it doesn't know how to fill in all the object types so it only swaps the order round.

In most edirectories the top object in the returned path is an Organisation and the bottom is a CN. I have used this in my example rules but they could quite easily be tweaked if you have to deal with other configurations.

First we set up a node set containing the slash formatted DN , in this example I am using the input from another variable that has been set from a two part operational attribute containing location and location floor;

input variable; Corp\SERVICES\LOCATIONS\Corp Location|Corp\SERVICES\LOCATIONS\LOCATION-FLOORS\2nd Floor

In this example I am splitting the input round a "|" delimiter then using a delimiter of \ to split the result into a node set. Note that you have to escape the \delimiter with another \ or it doesn't work!

<;do-set-local-variable name="Var_Loc" scope="policy">
	<;arg-node-set>
		<token-split delimiter="\\">
			<token-xpath expression='substring-before($Var_Location,"|")'/>
		</token-split>
	</arg-node-set>
</do-set-local-variable>

Which will give us a node set "Var_Loc" which contains;

Arg Value: {"Corp","SERVICES","LOCATIONS","Corp Location"}

Next we work out how many parts (NP=Number of Parts) are in the DN by counting the node objects. We will be using this count several times to extract separate parts of the node set;

 <do-set-local-variable name="Var_Loc_NP" scope="policy">
	<arg-string>
		<token-xpath expression="count($Var_Loc)"/>
	</arg-string>
</do-set-local-variable>

Which gives us;

Arg Value: "4"

Next we pull out the part of the node set that is the Organisation "O=" part of the LDAP DN
we do this by using the xpath "position" function and picking the first node;

<do-set-local-variable name="Var_Loc_O" scope="policy">
	<arg-string>
		<token-text xml:space="preserve">O=</token-text>
		<token-xpath expression="$Var_Loc[position()=1]"/>
	</arg-string>
</do-set-local-variable>

Which gives us;

Arg Value: "O=Corp"

Next we pull out the part of the node set that is the CN= part of the LDAP DN'
we do this by again using the xpath position function and picking the node that equals the total number of parts;

 <do-set-local-variable name="Var_Loc_CN" scope="policy">
	<arg-string>
		<token-text xml:space="preserve">CN=</token-text>
		<token-xpath expression="$Var_Loc[position()=$Var_Loc_NP]"/>
		<token-text xml:space="preserve">,</token-text>
	</arg-string>
</do-set-local-variable>

Which gives us;

Arg Value: "CN=Corp Location,"

Note: We have added the "CN=" and the "," ready for later use.

Next we loop round the node set ignoring the first and last parts which we have already extracted. this is what makes the code portable in differing Directories as long as all the intermediate levels are all OUs.

If the structure contains other fixed level parts then the code above can be reused with differing positions and code below varied by using differing looping check values.
This rule creates the Middle of the DN, hence the "Mid" in the variable name. It works by writting "OU=", then the second part of the node set, then "," and then it loops back around adding to the variable.

This technique is useful in many situations.

<do-for-each>
	<arg-node-set>
		<token-local-variable name="Var_Loc"/>
	</arg-node-set>
	<arg-actions>
		<do-if>
			<arg-conditions>
				<and>
					<if-xpath op="true">$Var_Loc_NP >2</if-xpath>
				</and>
			</arg-conditions>
			<arg-actions>
				<do-set-local-variable name="Var_Loc_NP" scope="policy">
					<arg-string>
						<token-xpath expression="$Var_Loc_NP - 1"/>
					</arg-string>
				</do-set-local-variable>
				<do-set-local-variable name="Var_Loc_Mid" scope="policy">
					<arg-string>
						<token-local-variable name="Var_Loc_Mid"/>
						<token-text xml:space="preserve">OU=</token-text>
						<token-xpath expression="$Var_Loc[position()=$Var_Loc_NP]"/>
						<token-text xml:space="preserve">,</token-text>
					</arg-string>
				</do-set-local-variable>
			</arg-actions>
			<arg-actions/>
		</do-if>
	</arg-actions>
</do-for-each>

Which gives us;

Arg Value: "OU=LOCATIONS,OU=SERVICES,"

Finally we stich all the parts together in one more variable;

<do-set-local-variable name="Var_Loc_LDAP" scope="policy">
	<arg-string>
		<token-local-variable name="Var_Loc_CN"/>
		<token-local-variable name="Var_Loc_Mid"/>
		<token-local-variable name="Var_Loc_O"/>
	</arg-string>
</do-set-local-variable>

Which gives us;

Arg Value: "CN=Corp Location,OU=LOCATIONS,OU=SERVICES,O=Corp"

And there you go, converted from \ format to LDAP format.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.