The following style sheet can be used for a Creation policy. It creates a user, generates a password for the user from the user’s Surname and CN attributes, and performs an identity transformation (which passes through everything in the document except the events you are trying to intercept and transform).
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- This stylesheet has an example of how to replace a create rule with
an XSLT stylesheet and supply an initial password for "User" objects. -->
<xsl:transform xmlns:xsl="http://www.w3.org/1999/XSL/Transform
"version="1.0">
<!-- ensure we have required NDS attributes -->
<xsl:template match="add">
<xsl:if test="add-attr[@attr-name=’Surname’] and
add-attr[@attr-name=’CN’]">
<!-- copy the add through -->
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<!-- add a <password> element -->
<xsl:call-template name="create-password"/>
</xsl:copy>
</xsl:if>
<!-- if the xsl:if fails, we don’t have all the required attributes
so we won’t copy the add through, and the create rule will veto the add -->
</xsl:template>
<xsl:template name="create-password">
<password>
<xsl:value-of select="concat(add-attr[@attr-name=’Surname’]/value,
’-’,add-attr[@attr-name=’CN’]/value)"/>
</password>
</xsl:template>
<!-- identity transform for everything we don’t want to change -->
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:transform>