if-op-attr

Performs a test on attribute values in the current operation.

Remarks

Operator

Returns true when...

available

There is a value available in the current operation (<add-attr>, <add-value> or <attr>) for the specified attribute.

changing

The current operation contains a change (<modify-attr> or <add-attr>) of the specified attribute.

changing-from

The current operation contains a change that removes a value (<remove-value>) of the specified attribute that equals the content of <if-op-attr> when compared using the specified comparison mode. If mode=“structured”, then the content must be a set of <component> elements; otherwise, it must be text.

changing-to

The current operation contains a change that adds a value (<add-value> or <add-attr>) to the specified attribute that equals the content of <if-op-attr> when compared using the specified comparison mode. If mode=“structured”, then the content must be text; otherwise, it must be a set of <component> elements.

equal

There is a value available in the current operation (other than a <remove-value>) for the specified attribute that equals the content of <if-op-attr> when compared using the specified comparison mode. If mode=“structured”, then the content must be a set of <component> elements; otherwise, it must be text. Supports variable expansion.

lt

There is a value available in the current operation (other than a <remove-value>) for the specified attribute that is less than the content of the condition when compared using the specified comparison mode. If mode=“structured” then the content must be a set of <component> elements, otherwise it must be text. Supports variable expansion.

gt

There is a value available in the current operation (other than a <remove-value>) for the specified attribute that is greater than the content of the condition when compared using the specified comparison mode. If mode=“structured” then the content must be a set of <component> elements, otherwise it must be text. Supports variable expansion.

not-available

Available returns false.

not-changing

Changing returns false

not-changing-from

Changing-from returns false.

not-changing-to

Changing-to returns false.

not-equal

Equal returns false.

not-lt

Less than returns false.

not-gt

Greater than returns false.

Example

<if-op-attr op="available" name="OU"/><if-op-attr op="changing" name="OU"/><if-op-attr op="changing-from" name="OU"/>Sales</if-op-attr><if-op-attr op="changing-to" name="OU"/>Sales</if-op-attr><if-op-attr op="equal" mode="nocase" name="OU">Sales</if-op-attr><if-op-attr op="equal" mode="structured" name="Language"> <component name="string">EN</component> <component name="string">JP</component></if-op-attr>

Allowed Content

#PCDATA

Attributes

Attribute

Possible Values

Default Value

disabled

true | false

True if this element is disabled.

false

mode

case | nocase | regex | src-dn | dest-dn | numeric | octet | structuredComparison mode if op=“equal” or op=“not-equal” or op=“changing-from” or op=“changing-to”.

nocase

name

CDATA

Name of the attribute. Supports variable expansion.

#REQUIRED

notrace

t rue | false

True if this element should not be traced during execution of the policy.

false

op

available | changing | changing-from | changing-to | equal | lt | gt | not-available | not-changing | not-changing-from | not-changing-to | not-equal | not-lt | not-gt

Test operator.

#REQUIRED

Content Rule

( #PCDATA | component ) *

Parent Elements

Element

Description

and

Logical conjunction.

or

Logical disjunction.