Performs a test on a local variable. The test performed depends on the specified operator.
For more information on using variables with policies, see Understanding Policies Components.
Specify the name of the local variable to test for the selected condition.
Select the condition test type.
Contains the value defined for the select operator. The value is used by the condition. Each value supports variable expansion. For more information, see Variable Expansion. The operators that contain the value field are:
Equal
Not Equal
Greater Than
Not Greater Than
Less Than
Not Less Than
The condition has a comparison mode parameter that indicates how a comparison is done.
Mode |
Description |
---|---|
Case Sensitive |
Character-by-character case sensitive comparison. |
Case Insensitive |
Character-by-character case insensitive comparison. |
Regular Expression |
The regular expression matches the entire string. It defaults to case insensitive, but can be changed by an escape in the expression. See Sun’s Web site. The pattern options CASE_INSENSITIVE, DOTALL, and UNICODE_CASE are used but can be reversed using the appropriate embedded escapes. |
Source DN |
Compares using semantics appropriate to the DN format for the source data store. |
Destination DN |
Compares using semantics appropriate to the DN format for the destination data store. |
Numeric |
Compares numerically. |
Binary |
Compares the binary information. |
The operators that contain the comparison mode parameter are:
Equal
Not Equal
Greater Than
Not Greater Than
Less Than
Not Less Than
The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from the Novell Support Web site. For more information, see Downloading Identity Manager Policies.To view the policy in XML, see 003-Command-AddCreate-Groups.xml.
The policy contains five rules that are dependent on each other.
For the If Locate Variable condition to work, the first rule sets four different local variables to test for groups and where to place the groups.
The condition the rule is looking for is to see if the local variable of manager-group-info is available and if manager-group-info is not equal to group. If these conditions are met, then the destination object of group is added.