Hiding a Password on a Stylesheet from the Log

Novell Cool Solutions: Tip
By Cade Carvell

Digg This - Slashdot This

Posted: 12 Apr 2006

This stylesheet serves two basic purposes:

  • Hiding the password on a stylesheet from the log
  • Setting passwords on user accounts on a Sybase database server

The proc that I run is a custom one that is a modified sp_password. It limits what this account can do with the modified passwords.

Note: I have 25 Sybase servers to do this to, so I will be creating a base driver, then linking the 25 sybase servers to this one driver's Subscriber Command process. That way, I can change it in one spot and have it reflected to all 25 drivers.

Stylesheet Example

<?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet exclude-result-prefixes="query cmd dncv" version="1.0" xmlns:cmd="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsCommandProcessor" xmlns:dncv="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.DNConverter" xmlns:exslt="http://exslt.org/common" xmlns:jdbc="urn:dirxml:jdbc" xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<!-- parameters passed in from the DirXML engine -->
<xsl:param name="srcQueryProcessor"/>
<xsl:param name="destQueryProcessor"/>
<xsl:param name="srcCommandProcessor"/>
<xsl:param name="destCommandProcessor"/>
<xsl:param name="dnConverter"/>
<xsl:param name="fromNds"/>
<!-- identity transformation template -->
<!-- in the absence of any other templates this will cause -->
<!-- the stylesheet to copy the input through unchanged to the output -->
<xsl:template match="node()|@*">
<xsl:apply-templates select="@*|node()"/>
<xsl:variable name="namingAttribute">CN</xsl:variable>
<!-- END Policy Declaration -->
<!-- BEGIN Policy Selection -->
<!-- END Policy Selection -->
<!-- BEGIN Policy Implementation -->
<!-- END Policy Implementation -->
<xsl:template name="namingAttributeValue">
<xsl:value-of select="*[@attr-name=$namingAttribute]/value[1]"/>
<xsl:template name="namingPolicy">
<!-- concatenate Surname attribute value and the unique primary key integer -->
    because an association value is not yet available, you can reference association fields
    using XSLT attribute value template notation (e.g., {$id}) and the driver will replace
    the variable with it's corresponding value once it becomes available
<xsl:variable name="value">
<xsl:call-template name="namingAttributeValue"/>
<xsl:value-of select="$value"/>
<!-- Query object name queries NDS for the passed object -->
<!-- name. Ideally, this would not depend on "CN": to do -->
<!-- this, add another parameter that is the name of the   -->
<!-- naming attribute.                                     -->
<xsl:template name="query-object-password">
<xsl:param name="object-name"/>
<!-- build an xds query as a result tree fragment -->
<xsl:variable name="query">
<search-class class-name="{ancestor-or-self::add/@class-name}"/>
<!-- NOTE: depends on CN being the naming attribute -->
<search-attr attr-name="CN">
<xsl:value-of select="$object-name"/>
<!-- put an empty read attribute in so that we dont get -->
<!-- the whole object back -->
<read-attr attr-name="nspmDistributionPassword"/>
<!-- query NDS -->
<xsl:variable name="result" select="query:query($srcQueryProcessor,$query)"/>
<!-- return an empty or non-empty result tree fragment -->
<!-- depending on result of query -->
<xsl:value-of select="$result//instance"/>
<!-- ******************************************************-->
<!--   This gets the attributes that I need to update Sybase Account
<xsl:template match="input/add[@class-name='User'] | input/modify[@class-name='User']">
<!--Get the CN (common name of this user)  -->
<xsl:variable name="CN">
<xsl:call-template name="namingAttributeValue"/>
<status level="information" type="password-set-operation">
<xsl:text>CN: </xsl:text>
<xsl:value-of select="$CN"/>
</xsl:message> -->
<!-- Grab the password to pass onto the Execute Statement  -->
<xsl:variable name="password">
<xsl:call-template name="query-object-password">
<xsl:with-param name="object-name" select="$CN"/>
<status level="information" type="password-set-operation">
<xsl:text>pass: </xsl:text>
<xsl:value-of select="$password"/>
</xsl:message> -->
<!--  Time to actually execute the statement -->
<xsl:call-template name="set-password">
<xsl:with-param name="CN" select="$CN"/>
<xsl:with-param name="password" select="$password"/>
<!-- ******************************************************-->
<!--   This Executes the actual update statement to the 
       Sybase Server
<xsl:template name="set-password">
<xsl:param name="CN"/>
<xsl:param name="password"/>
<jdbc:sql is-sensitive="true">
<xsl:text>EXECUTE mdp_dba_prd..sp_HD_password </xsl:text>
<xsl:text>'{$$$driver-password}', '</xsl:text>
<xsl:value-of select="$password"/>
<xsl:text>', '</xsl:text>
<xsl:value-of select="$CN"/>

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus