If Local Variable

Performs a test on a local variable. The test performed depends on the specified operator.

Remark

For more information on using variables with policies, see Understanding Policies Components.

Fields

Name

Specify the name of the local variable to test for the selected condition.

Operator

Select the condition test type.

Operator

Returns True when...

Available

There is a local variable with the specified name that has been defined by an action of a earlier rule within the policy.

Not Available

Available would return False.

Equal

There is a local variable with the specified name, and its value equals the specified value when compared using the specified comparison mode.

Not Equal

Equal would return False.

Greater Than

There is a local variable with the specified name, and its value is greater than the content of the condition when compared using the specified comparison mode.

Not Greater Than

Greater Than or Equal would return False.

Less Than

There is a local variable with the specified name, and its value is less than the content of the condition when compared using the specified comparison mode.

Not Less Than

Less than or equal would return False.
Value

Contains the value defined for the select operator. The value is used by the condition. Each value supports variable expansion. For more information, see Variable Expansion. The operators that contain the value field are:

  • Equal

  • Not Equal

  • Greater Than

  • Not Greater Than

  • Less Than

  • Not Less Than

Comparison Mode

The condition has a comparison mode parameter that indicates how a comparison is done.

Mode

Description

Case Sensitive

Character-by-character case sensitive comparison.

Case Insensitive

Character-by-character case insensitive comparison.

Regular Expression

The regular expression matches the entire string. It defaults to case insensitive, but can be changed by an escape in the expression.

See Sun’s Web site.

The pattern options CASE_INSENSITIVE, DOTALL, and UNICODE_CASE are used but can be reversed using the appropriate embedded escapes.

Source DN

Compares using semantics appropriate to the DN format for the source data store.

Destination DN

Compares using semantics appropriate to the DN format for the destination data store.

Numeric

Compares numerically.

Binary

Compares the binary information.

The operators that contain the comparison mode parameter are:

  • Equal

  • Not Equal

  • Greater Than

  • Not Greater Than

  • Less Than

  • Not Less Than

Example

The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from the Novell Support Web site. For more information, see Downloading Identity Manager Policies.To view the policy in XML, see 003-Command-AddCreate-Groups.xml.

Policy for creating manager group

The policy contains five rules that are dependent on each other.

Local variable to test for the existence of groups and for placement

For the If Locate Variable condition to work, the first rule sets four different local variables to test for groups and where to place the groups.

Local variable

The condition the rule is looking for is to see if the local variable of manager-group-info is available and if manager-group-info is not equal to group. If these conditions are met, then the destination object of group is added.