Article
検索
Shameless Plugs
Most Popular
Who's online
Online users
- Anonymous
- Anonymous
- Anonymous
- Anonymous
- Anonymous
- Anonymous
- Anonymous
User login
3724
Vetoing Group-Modifies for Users without DirXML Associations
Problem
A Forum reader asked the following question:
I need to veto group-modifies for users who don't yet have a DirXML association. This stems from creating users in eDirectory with a template that contains group memberships. I need to get the users added and associated before I get them into the groups.
I am running IDM 3 with Lotus Notes as the connected system. How can I get this logic into Policy Builder?"
And here's a tip from Novell's Perry Nuffer ...
Solution
Try this sample in the Output Transformation Policy set. It simply strips Group Members that do not have association-ref attributes.
<rule>
<description>Fix Unassociated Group Members 2</description>
<conditions>
<and>
<if-class-name op="equal">Group</if-class-name>
<if-xpath
op="true">modify-attr[@attr-name="Members"]/add-value/value[not(@association
-ref)]</if-xpath>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-text
xml:space="preserve">modify-attr[@attr-name="Members"]/add-value/value[not(@
association-ref)]</token-text>
</arg-node-set>
<arg-actions>
<do-strip-xpath
expression='modify-attr[@attr-name="Members"]/add-value/value[not(@associati
on-ref)]'/>
</arg-actions>
</do-for-each>
</actions>
</rule>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 3724 reads
0