Fields

Name

Name of the entitlement.

Example

Example

The example is from the predefined rules that come with Identity Manager. For more information on the predefined rule, see Command Transformation - Publisher Delete to Disable.

The action of Remove Association uses the Association token to retrieve the value from the current operation. The rule removes the association from the User object so that any new events coming through do not affect the User object.

Fields

Name

Specify the name of the attribute.

Example

The example is from the predefined rules that come with Identity Manager. For more information, see Creation - Set Default Password.

The action of Set Destination Password uses the attribute token to create the password. The password is made up of the Given Name attribute and the Surname attribute. When you are in the Argument Builder Editor, you browse and select the attribute you want to use.

Example

Fields

Class Name

(Optional) Specify the class name of the target object. Leave blank to use the class name from the current object.

Name

Name of the attribute.

Example

The example is from the Govern Groups for User Based on Title policy and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The policy creates the Destination Attribute with the Argument Builder. The action of Set Local Variable contains the Destination Attribute token.

You build the Destination Attribute through the Editor. In this example, the attribute of Object Class is set. DN is used to select the object. The value of DN is the Local Variable of manager-group-dn.

Fields

Convert

Select whether or not to convert the DN to the format used by the source data store.

Start

Specify the RDN index to start with:

• Index 0 is the root-most RDN

• Positive indexes are an offset from the root-most RDN

• Index -1 is the leaf-most segment

• Negative indexes are an offset from the leaf-most RDN towards the root-most RDN

Length

Specify the number of RDN to include. Negative numbers are interpreted as (total # of segments + length) + 1. For example, for a DN with 5 segments a length of -1 = (5 + (-1)) + 1 = 5, -2 = (5 + (-2)) + 1 = 4, etc.

Remarks

If start and length are set to the default values {0,-1}, the entire DN is used; otherwise only the portion of the DN specified by start and length is used.

Example

The example uses the Destination DN token to set the value for the local variable of target-container. The policy creates a department container for the User object if it does not exist. The policy is from the predefined rules that come with Identity Manager. For more information, see Command Transformation - Create Departmental Container - Part 1 and Part 2.

Example

Fields

Name

Name of the entitlement.

Example

Fields

Name

Name of the global configuration value.

Example

Fields

Name

Specify the name of the local variable.

Example

The example is from the Govern Groups for User Based on Title policy which is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The action Add Destination Object uses the Local Variable token.

The Local Variable can only be used if the action Set Local Variable has been used previously in the policy. It sets the value that is stored in the Local Variable. In the Editor, you click the browse icon and all of the local variables that have been defined are listed. Select the correct local variable.

The value of the local variable is group-manager-dn. It the rule before this one, the Set Local Variable action defined group-manager-dn as DN of the manager’s group Users\ManagersGroup.

Fields

Name

Name of the password.

Example

Example

Fields

Name

Specify the name of the attribute.

Example

The example has four rules that implements a Placement policy for User objects based on the first character of the Surname attribute. It generates both a trace message and a custom Novell Audit event. The policy name is Policy to Place by Surname, and it is available for download from Novell’s support Web site. For more information Downloadable Identity Manager Policies.

The action Set Operation Destination DN contains the Operation Attribute token. The Operation Attribute token sets the Destination DN to the CN attribute. The rule takes the context of Training\Users\Active\Users and adds a \ plus the value of the CN attribute.

Remarks

An XML attribute is a name value pair associated with an element in the XDS document.

Fields

Name

Specify the name of the operation property.

Example

Example

Fields

Name

Specify the name of the attribute.

Example

Fields

Name

Specify the name of the entitlement.

Example

Fields

Class Name

(Optional) Specify the class name of the target object. Leave blank to use the class name from the current object.

Name

Name of the attribute.

Example

Fields

Convert

Select whether or not to convert the DN to the format used by the destination data store.

Start

Specify the RDN index to start with:

• Index 0 is the root-most RDN

• Positive indexes are an offset from the root-most RDN

• Index -1 is the leaf-most segment

• Negative indexes are an offset from the leaf-most RDN towards the root-most RDN

Length

Number of RDN’s segments to include. Negative numbers are interpreted as (total # of segments + length) + 1. For example, for a DN with 5 segments a length of -1 = (5 + (-1)) + 1 = 5, -2 = (5 + (-2)) + 1 = 4, etc.

Remarks

If start and length are set to the default values {0,-1}, the entire DN is used; otherwise only the portion of the DN specified by start and length is used.

Example

Example

Fields

Text

Specify the text.

Example

The example is from the Govern Groups for User Based on Title policy which is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.

The Text token is used in the action Set Location Variable to define the DN of the manager’s group. The Text token can contain objects or plain text.

The Text token contains the DN for the manager’s group. You can browse to the object you would like to use, or type in the information into the editor.

Fields

Name

Specify the name of attribute to check for uniqueness.

Scope

Specify the scope in which to check uniqueness.

Start Search

Select a starting point for the search. The starting point can be the root of the data store, or specified by a DN, or association.

Pattern

Specify patterns to use to generate unique values by using the Argument Builder.

Counter Start

Specify the a number to start counter used when needed to find a unique name.

Digits

Specify the width in digits of counter; the default is 1. The Pad counter with leading 0’s checkbox prepends 0 to match the digit length. For example, with a digit width of 3, the initial unique value would be appended with 001, then 002, and so on.

Remarks

For each provided pattern, a query is performed against the destination data store, using the supplied attribute name, scope, and search start. Each specified pattern is tried in order until a value is found that does not return any found objects.

If all of the specified patterns are exhausted, the final pattern has a counter appended to it and the pattern is tried repeatedly (increasing the counter each time) until the query does not return any instances.

The counter can be set to start at a different number using the counter start field. The counter uses the number of digits specified by the digits field. If the number of digits is less than those specified, then the counter is right padded with zeros. When the number of digits exceeds those specified, then no unique name is generated and the enclosing rule returns an error status.

If the destination data store is the Identity Vault and name field is left blank, then a search is performed against the pseudo-attribute “[Entry].rdn”, which represents the RDN of an object without respect to what the naming attribute might be. If the destination data store is the connected application, then the name field is required.

Example

The following is an example of the Editor pane when constructing the unique name argument:

The following pattern was constructed to provide unique names:

If this pattern does not generate a unique name, a digit is appended, incrementing up to the specified number of digits. In this example, nine additional unique names would be generated by the appended digit before an error occurs (pattern1 - pattern9).

Fields

Convert

Select whether or not to convert the DN format used by the destination data store.

Remarks

If there were no matches, the entire DN is used.

Example

The example is from the predefined rules that come with Identity Manager. For more information, see Matching - Subscriber Mirrored - LDAP Format.

The action of Finding Matching Object uses the Unmatched Source DN token to build the matching information in LDAP format. It takes the unmatched portion of the source DN to make a match.

Fields

Expression

XPath 1.0 expression to evaluate.

Example