A Forum reader recently asked:
"I have two rules which read the value of a single-valued attribute, check to see if a group exists with the name of the value that was read, and create the group if necessary.
I need to do the same thing with multi-valued attributes. For example, I would read attribute "MutliValuedAttribute" which contains 3 values, "One" "Two" and "Three". Then I check to see if groups exist named "One", "Two" or "Three", and I create the groups if necessary."
And here's the response from IDM expert Father Ramon ...
This is how I would do it with a single rule rather than two:
<description>Create MultiValuedAttribute groups that don't
<if-op-attr name="MultiValuedAttribute" op="available"/>
<do-set-local-variable name="desiredGroup" scope="policy">
<do-set-local-variable name="desiredGroupObjectClass" scope="policy">
<token-dest-attr name="Object Class">
expression="$current-node[not($desiredGroupObjectClass = 'Group')]"/>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.