Fields

Operator Condition is Met When...

Operator	Condition is met when...
associated	There is an established association for the current object.
available	There is a non-empty association value specified by the current operation.
equal	The association value specified by the current operation is exactly equal to the content of the if association.
not-associated	There is not an established association for the current object.
not available	The association is not available for the current object.
not-equal	The association value specified by the current operation is not equal to the content of the if association.

Example

This example tests to see if the association is available. When this condition is met, the actions that are defined are executed.

Fields

Name

Specify the name of the attribute to test.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a value available in either the current operation or the source data store for the specified attribute.
equal	There is a value available in either the current operation or the source data store for the specified attribute, which equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

The example uses the condition If Attribute when filtering for User objects that are disabled or have a certain title. The policy is Policy to Filter Events, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The condition is looking for any User object that has an attribute of Title with a value of consultant or sales.

Fields

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is an object class name available in the current operation.
equal	There is an object class name available in the current operation, and it equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

The example uses the condition If Class Name to govern group membership for a User object based on their title. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

Checks to see if the class name of the current object is User.

Fields

Name

Specify the name of the attribute to test.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a value available in the destination data store for the specified attribute.
equal	There is a value available for the specified attribute in the destination data store that equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

The example uses the condition If Attribute to govern group membership for a User object based on the title. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The policy checks to see if the value of the title attribute contains manager.

Fields

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a destination DN available.
equal	There is a destination DN available, and it equals the specified value when compared using semantics appropriate to the DN format of the destination data store.
in-container	There is a destination DN available, and it represents an object in the container, specified by value, when compared using semantics appropriate to the DN format of the destination data store.
in-subtree	There is a destination DN available, and it represents an object in the subtree, specified by value, when compared using semantics appropriate to the DN format of the destination data store.
not available	Available would return False.
not-equal	Equal would return False.
not-in-container	In-container would return False.
not-in-subtree	In-subtree would return False.

Example

Fields

Name

Specify the name of the entitlement to test for the selected condition.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	The named entitlement is available in either the current operation or the Identity Vault.
changing	The current operation contains a change (modify attribute or add attribute) of the named entitlement.
changing-from	The current operation contains a change that removes a value (remove value) of the named entitlement, which has a value that equals the specified value, when compared using the specified comparison mode.
changing-to	The current operation contains a change that adds a value (add value or add attribute) to the named entitlement. It has a value that equals the specified value, when compared using the specified comparison mode.
equal	There is a value available for the specified attribute in the destination data store that equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-changing	Changing would return False.
not-changing-from	Changing-from would return False.
not-changing-to	Changing-to would return False.
not-equal	Equal would return False.

Example

Fields

Name

Specify the name of the global variable to test for the selected condition.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a global configuration variable with the specified name.
equal	There is a global configuration variable with the specified name and its value equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

Fields

Name

Specify the name of the local variable to test for the selected condition.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a local variable with the specified name that has been defined by an action of a earlier rule within the policy.
equal	There is a local variable with the specified name, and its value equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The policy contains five rules that are dependent on each other.

For the If Locate Variable condition to work, the first rule sets four different local variables to test for groups and where to place the groups.

The condition the rule is looking for is to see if the local variable of manager-group-info is available and if manager-group-info is not equal to group. If these conditions are met, then the destination object of group is added.

Fields

Name

Specify the name of the named password to test for the selected condition.

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is password with the specified name available.
not available	Available would return False.

Example

Fields

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
equal	The name of the current operation is exactly equal to content of If Operation.
not-equal	Equal would return False.

Value

The values are the operations that the Metadirectory engine looks for in this condition:

• add

• add-association

• check-object-password

• delete

• get-named-password

• modify

• modify-association

• modify-password

• move

• init-params

• instance

Example

The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy name is Govern Groups for User Based on Title Attribute, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The condition is checking to see if an add or modify operation has occurred. When one of these occurs, it sets the local variables.

Fields

Name

Specify the name of the attribute to test.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a value available in the current operation (add attribute, add value, attribute) for the specified attribute.
changing	The current operation contains a change (modify attribute or add attribute) of the specified attribute.
changing-from	The current operation contains a change that removes a value (remove value) of the specified attribute. It equals the specified value when compared using the specified comparison mode.
changing-to	The current operation contains a change that adds a value (add value or add attribute) to the specified attribute. It equals the specified value when compared using the specified comparison mode.
equal	There is a value available in the current operation (other than a remove value) for the specified attribute. It equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-changing	Changing would return False.
not-changing-from	Changing-from would return False.
not-changing-to	Changing-to would return False.
not-equal	Equal would return False.

Example

The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy name is Govern Groups for User Based on Title Attribute, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The condition is checking to see if the attribute of Title is equal to .*manager*, which is a regular expression. It is looking for a title that has zero or more characters before manager and a single character after manager. It finds a match if the User object’s title was sales managers.

Fields

Name

Specify the name of the operation property to test for the selected condition.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is an operation property with the specified name on the current operation.
equal	There is a an operation property with the specified name on the current operation and its value equals the provided content when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

Fields

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is password available in the current operation.
not available	Available would return False.

Example

Fields

Name

Specify the name of the source attribute to test for the selected condition.

Operator

Select the condition test type.

Compare Mode

Select the comparison mode. See Comparison Modes.

Operator Condition is Met When...

Operator	Condition is met when...
available	There is a value available in the source data store for the specified attribute.
equal	There is a value available in the source data store for the specified attribute. It equals the specified value when compared using the specified comparison mode.
not available	Available would return False.
not-equal	Equal would return False.

Example

Fields

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
available	DN available.
equal	There is a source DN available, and it equals the content of the specified value in-container There is a source DN available, and it represents an object in the container identified by the specified value.
in-subtree	There is a source DN available, and it represents an object in the subtree identified by the specified value.
not available	Available would return False.
not-equal	Equal would return False.
not-in-container	In-container would return False.
not-in-subtree	In-subtree would return False.

Example

The example uses the condition If Source DN to check if the User object is in the source DN. The rule is from the predefined rules that come with Identity Manager. For more information, see Event Transformation - Scope Filtering - Exclude Subtrees.

The condition is checking to see if the source DN is in the Users container. If the object is coming from that container, it is vetoed.

Fields

Operator

Select the condition test type.

Operator Condition is Met When...

Operator	Condition is met when...
true	The XPath expression evaluates to True.
false	True would return False.

Example