This section contains detailed reference to all noun tokens available using the Argument Builder interface.
Expands to the values of an entitlement granted in the current operation.
Name of the entitlement.
Expands to the association value from the current operation.
The example is from the predefined rules that come with Identity Manager. For more information on the predefined rule, see Command Transformation - Publisher Delete to Disable.
The action of Remove Association uses the Association token to retrieve the value from the current operation. The rule removes the association from the User object so that any new events coming through do not affect the User object.
Expands to the value of an attribute from the current object in current operation and in the source data store. It can be logically thought of as the union of the operation attribute token and the source attribute token. It does not include the removed values from a modify operation.
Specify the name of the attribute.
The example is from the predefined rules that come with Identity Manager. For more information, see Creation - Set Default Password.
The action of Set Destination Password uses the attribute token to create the password. The password is made up of the Given Name attribute and the Surname attribute. When you are in the Argument Builder Editor, you browse and select the attribute you want to use.
Expands to the object class name from the current operation.
Expands to the specified attribute value of the current object, a DN, or association, in the destination data store.
(Optional) Specify the class name of the target object. Leave blank to use the class name from the current object.
Name of the attribute.
The example is from the Govern Groups for User Based on Title policy which is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The policy creates the Destination Attribute with the Argument Builder. The action of Set Local Variable contains the Destination Attribute token.
You build the Destination Attribute through the Editor. In this example, the attribute of Object Class is set. DN is used to select the target object. The value of DN is the Local Variable of manager-group-dn.
Expands to the destination DN from the current operation.
Select whether or not to convert the DN to the format used by the source data store.
Specify the RDN index to start with:
Index 0 is the root-most RDN
Positive indexes are an offset from the root-most RDN
Index -1 is the leaf-most segment
Negative indexes are an offset from the leaf-most RDN towards the root-most RDN
Specify the number of RDN to include. Negative numbers are interpreted as (total # of segments + length) + 1. For example, for a DN with 5 segments a length of -1 = (5 + (-1)) + 1 = 5, -2 = (5 + (-2)) + 1 = 4, etc.
If start and length are set to the default values {0,-1}, the entire DN is used; otherwise only the portion of the DN specified by start and length is used.
The example uses the Destination DN token to set the value for the local variable of target-container. The policy creates a department container for the User object if it does not exist. The policy is from the predefined rules that come with Identity Manager. For more information, see Command Transformation - Create Departmental Container - Part 1 and Part 2.
Expands to the unqualified Relative Distinguished Name (RDN) of the destination DN specified from the current operation.
Expands to the values of a granted entitlement from the current object.
Specify the name of the entitlement.
Expands to the value of a global configuration value.
Name of the global configuration value.
Expands to the value of a local variable.
Specify the name of the local variable.
The example is from the Govern Groups for User Based on Title policy which is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The action Add Destination Object uses the Local Variable token.
The Local Variable can only be used if the action Set Local Variable has been used previously in the policy. It sets the value that is stored in the Local Variable. In the Editor, you click the browse icon and all of the local variables that have been defined are listed. Select the correct local variable.
The value of the local variable is group-manager-dn. In the rule before this one, the Set Local Variable action defined group-manager-dn as DN of the manager’s group Users\ManagersGroup.
Expands to the named password from the driver.
Specify the name of the password.
Expands to the name of the current operation.
Expands to the value of the specified attribute from the current XDS operation. It is different from Source Attribute and Destination Attribute, because it is always accessed directly from what is available in the current XDS operation as opposed to being queried from the source or destination data stores. It does not include the removed values from a modify operation.
Specify the name of the attribute.
The example has four rules that implement a Placement policy for User objects based on the first character of the Surname attribute. It generates both a trace message and a custom Novell Audit event. The policy name is Policy to Place by Surname, and it is available for download from Novell’s support Web site. For more information Downloadable Identity Manager Policies.
The action Set Operation Destination DN contains the Operation Attribute token. The Operation Attribute token sets the Destination DN to the CN attribute. The rule takes the context of Training\Users\Active\Users and adds a \ plus the value of the CN attribute.
The XML attribute attached to an <operation-data> element by a policy. It is a place for policies to store and forward information for consumption by other policies.
An XML attribute is a name value pair associated with an element in the XDS document.
Specify the name of the operation property
Expands to the password from the current operation.
Expands to the values of an attribute being removed in the current operation. It only applies to modify operations.
Specify the name of the attribute
Expands to the values of an entitlement revoked in the current operation.
Specify the name of the entitlement.
Expands to the values of an attribute from an object in the source data store.
(Optional) Specify the class name of the target object. Leave blank to use the class name from the current object.
Name of the attribute.
Expands to the source DN from the current operation.
Select whether or not to convert the DN to the format used by the destination data store.
Specify the RDN index to start with:
Index 0 is the root-most RDN
Positive indexes are an offset from the root-most RDN
Index -1 is the leaf-most segment
Negative indexes are an offset from the leaf-most RDN towards the root-most RDN
Number of RDN’s segments to include. Negative numbers are interpreted as (total # of segments + length) + 1. For example, for a DN with 5 segments a length of -1 = (5 + (-1)) + 1 = 5, -2 = (5 + (-2)) + 1 = 4, etc.
If start and length are set to the default values {0,-1}, then the entire DN is used, otherwise only the portion of the DN specified by start and length is used.
Expands to the unqualified Relative Distinguished Name (RDN) of the source DN from the current operation.
Expands to the text.
Specify the text.
The example is from the Govern Groups for User Based on Title policy which is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The Text token is used in the action Set Location Variable to define the DN of the manager’s group. The Text token can contain objects or plain text.
The Text noun contains the DN for the manager’s group. You can browse to the object you want to use, or type the information into the editor.
Expands to a pattern-based name that is unique in the destination data store according to the criteria specified.
Specify the name of attribute to check for uniqueness.
Specify the scope in which to check uniqueness.
Select a starting point for the search. The starting point can be the root of the data store, or specified by a DN or association.
Specify patterns to use to generate unique values by using the Argument Builder.
Specify the a number to start counter used when needed to find a unique name.
Specify the width in digits of counter, the default is 1. The Pad counter with leading 0’s checkbox prepends 0 to match the digit length. For example, with a digit width of 3, the initial unique value is be appended with 001, then 002, and so on.
For each specified pattern, a query is performed against the destination data store, using the supplied attribute name, scope, and search start. Each specified pattern is tried in order until a value is found that does not return any found objects.
If all of the specified patterns are exhausted, the final pattern has a counter appended to it and the pattern is tried repeatedly (increasing the counter each time) until the query does not return any instances.
The counter can be set to start at a different number using the counter start field. The counter uses the number of digits specified by the digits field. If the number of digits is less than those specified, then the counter is right padded with zeros. When the number of digits exceeds those specified, then no unique name is generated and the enclosing rule returns an error status.
If the destination data store is the Identity Vault and name field is left blank, then a search is performed against the pseudo-attribute “[Entry].rdn”, which represents the RDN of an object without respect to what the naming attribute might be. If the destination data store is the connected application, then the name field is required.
The following is an example of the Editor pane when constructing the unique name argument:
The following pattern was constructed to provide unique names:
If this pattern does not generate a unique name, a digit is appended, incrementing up to the specified number of digits. In this example, nine additional unique names would be generated by the appended digit before an error occurs (pattern1 - pattern9).
Expands to the part of the source DN in the current operation that corresponds to the part of the DN that was not matched by the most recent match of an If Source DN condition.
Select whether or not to convert the DN to the format used by the destination data store.
If there were no matches, the entire DN is used.
The example is from the predefined rules that come with Identity Manager. For more information, see Matching - Subscriber Mirrored - LDAP Format.
The action of Finding Matching Object uses the Unmatched Source DN token to build the matching information in LDAP format. It takes the unmatched portion of the source DN to make a match.
Expands to results of evaluating an XPath 1.0 expression.
Specify the XPath 1.0 expression to evaluate.