Article
Search
Share This
Shameless Plugs
Popular content
Recent comments
Top Contributors
| User | Points |
|---|---|
| geoffc | 64,470 |
| DamianMyerscough | 18,220 |
| aburgemeister | 17,205 |
| mfaris01 | 15,635 |
| davesimons | 15,300 |
| mbluteau2 | 15,300 |
| gchilders | 12,540 |
| rkalfane | 9,015 |
| bkeadle | 8,590 |
| ncashell | 7,730 |
User login
Vetoing Group-Modifies for Users without DirXML Associations
article
Reads:
1740
Score:
Problem
A Forum reader asked the following question:
I need to veto group-modifies for users who don't yet have a DirXML association. This stems from creating users in eDirectory with a template that contains group memberships. I need to get the users added and associated before I get them into the groups.
I am running IDM 3 with Lotus Notes as the connected system. How can I get this logic into Policy Builder?"
And here's a tip from Novell's Perry Nuffer ...
Solution
Try this sample in the Output Transformation Policy set. It simply strips Group Members that do not have association-ref attributes.
<rule>
<description>Fix Unassociated Group Members 2</description>
<conditions>
<and>
<if-class-name op="equal">Group</if-class-name>
<if-xpath
op="true">modify-attr[@attr-name="Members"]/add-value/value[not(@association
-ref)]</if-xpath>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-text
xml:space="preserve">modify-attr[@attr-name="Members"]/add-value/value[not(@
association-ref)]</token-text>
</arg-node-set>
<arg-actions>
<do-strip-xpath
expression='modify-attr[@attr-name="Members"]/add-value/value[not(@associati
on-ref)]'/>
</arg-actions>
</do-for-each>
</actions>
</rule>
0