Changing a Non-CN Identifier During Rename
Novell Cool Solutions: Tip
By Raymon Epping
|
Digg This -
Slashdot This
Posted: 15 Nov 2006 |
Problem
How can you change an object identifier other than the CN during a rename operation? Let's say that you want the uniqueID attribute of the user object-Class populated by the CN, and the object gets renamed in your connected application.
In this specific case I wanted to update the uniqueID attribute and set a new IDM association when the user got renamed. I set a new IDM association because it was based on the source-dn.
Solution
The answer to this question is in the following policy, which, again, shows how easy it is to implement policy rules with Novell IDM.
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>React on user renames</description>
<comment xml:space="preserve">This policy reacts on user renames.
It sets a new uniqueID for the user and updates the IDM association</comment>
<conditions>
<and>
<if-operation op="equal">rename</if-operation>
</and>
</conditions>
<actions>
<do-set-dest-attr-value class-name="User" name="uniqueID" when="before">
<arg-association>
<token-association/>
</arg-association>
<arg-value>
<token-xpath expression="./new-name"/>
</arg-value>
</do-set-dest-attr-value>
<do-remove-association when="after">
<arg-association>
<token-association/>
</arg-association>
</do-remove-association>
<do-add-association when="after">
<arg-dn>
<token-parse-dn dest-dn-format="slash" length="-2" src-dn-format="slash" start="0">
<token-xpath expression="./@dest-dn"/>
</token-parse-dn>
<token-text xml:space="preserve">\</token-text>
<token-xpath expression="./new-name"/>
</arg-dn>
<arg-association>
<token-src-dn/>
</arg-association>
</do-add-association>
</actions>
</rule>
</policy>
-->
Below is a screen shot of the policy itself.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com