Novell Home

Finding the User DN with the Delimited Driver

Novell Cool Solutions: Tip
By Lothar Haeger

Digg This - Slashdot This

Posted: 16 Aug 2006
 

Problem

We have a non-standard HR software (long story). I've finally gotten them to send me a comma-delimited file with the userid's of the user and the "id" of their supervisor. However, I notice that in eDirectory, the "manager" attribute is in the "dn" format (cn=blah,ou=blah,ou=blah,o=blah)

Any advice on getting the delimited driver to somehow take the userid and "find" the user's DN and then import/modify it that way?

And here's the reply from Lothar Haeger ...

Solution

You can try something like this:

<do-set-local-variable name="PersNr">
<arg-string>
<token-op-attr name="userid"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor, 
   "subtree", "", "~UserBaseDN~", "User", "workforceID", $PersNr, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-dest-attr-value>
</arg-actions>
</do-for-each>

where UserBaseDN is GCV pointing to the user container; replace with clear text if you like.

If you define a GCV "UserBaseDN" of type "DN" in driver properties, you can browse the ID Vault for the base path. ~UserBaseDN~ is the syntax to access that GCV (similar to "$variable" for a local variable). Or, you can also hardcode the path (in backslash syntax) into the policy, only making it a bit harder for others to follow the code and to maintain the driver in the future.

The query:search function returns a nodeset of all entries where "workforceID" is equal to the value of $PersNr. <do-for-each> walks through the nodes one by one, and $current-node/@src-dn returns the DN of each entry, which shows as <instance ... src-dn="\TREE\container\objectname" ...> in a Level 3 trace.

If I get your situation right, the following should work for you:

<do-set-local-variable name="manID">
<arg-string>
<token-op-attr name="manager"/>
</arg-string>
</do-set-local-variable>
<do-strip-op-attr name="manager"/>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor, 
   "subtree", "", "\TREE\myorg\myou\users", "User", "CN", $manID, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-dest-attr-value>
</arg-actions>
</do-for-each>

Please note the <do-strip-op-attr> - that removes the supervisor's ID (which is not a DN, thus causing an error otherwise). Details regarding the query function can be found here:
http://developer.novell.com/documentation/dirxml/dirxmlbk/api/com/novell/nds/dirxml/driver/XdsQueryProcessor.html


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell