Article

anonymous's picture
article
Reads:

4688

Score:
0
0
 
Comments:

0

Creating New Multi-Valued Groups in IDM

Author Info

31 January 2007 - 3:20am
Submitted by: anonymous (not verified)

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Problem

A Forum reader recently asked:

"I have two rules which read the value of a single-valued attribute, check to see if a group exists with the name of the value that was read, and create the group if necessary.

I need to do the same thing with multi-valued attributes. For example, I would read attribute "MutliValuedAttribute" which contains 3 values, "One" "Two" and "Three". Then I check to see if groups exist named "One", "Two" or "Three", and I create the groups if necessary."

And here's the response from IDM expert Father Ramon ...

Solution

This is how I would do it with a single rule rather than two:

 <rule>
   <description>Create MultiValuedAttribute groups that don't 
exist</description>
   <conditions>
    <and>
     <if-op-attr name="MultiValuedAttribute" op="available"/>
    </and>
   </conditions>
   <actions>
    <do-for-each>
     <arg-node-set>
      <token-op-attr name="MultiValuedAttribute"/>
     </arg-node-set>
     <arg-actions>
      <do-set-local-variable name="desiredGroup" scope="policy">
       <arg-string>
        <token-global-variable name="group-container"/>
        <token-local-variable name="current-node"/>
       </arg-string>
      </do-set-local-variable>
      <do-set-local-variable name="desiredGroupObjectClass" scope="policy">
       <arg-node-set>
        <token-dest-attr name="Object Class">
         <arg-dn>
          <token-local-variable name="desiredGroup"/>
         </arg-dn>
        </token-dest-attr>
       </arg-node-set>
      </do-set-local-variable>
      <do-for-each>
       <arg-node-set>
        <token-xpath 
expression="$current-node[not($desiredGroupObjectClass = 'Group')]"/>
       </arg-node-set>
       <arg-actions>
        <do-add-dest-object class-name="Group">
         <arg-dn>
          <token-local-variable name="desiredGroup"/>
         </arg-dn>
        </do-add-dest-object>
       </arg-actions>
      </do-for-each>
     </arg-actions>
    </do-for-each>
   </actions>
  </rule>

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell