5.3 Novell Identity Manager

The following example illustrates how to use Novell Identity Manager to create a SetQuota Action Object when a user's title is changed to some value containing the text “Admin” or “admin.” In addition, it shows how to clean up Action Objects that have processed successfully.

5.3.1 Driver Overview

The example driver uses the Generic Null driver from Novell Identity Manager 3.6.

Figure 5-1 Driver Overview

Because you are using the Null driver, only the Filter and Event Policy Sets are used.

5.3.2 Driver Filter

For the Filter in this example, you need the following:

Figure 5-2 Driver Filter.

The User class and its associated Title attribute are needed to notify the driver of the user's change in title.

The cccFSFactoryAction class and its associated cccFSFactoryActionStatus attribute are used when determining whether to clean up (delete) the Action Object after processing is complete.

5.3.3 Event Policy Set

The following Event Transformations are set up:

Figure 5-3 Event Transform Policy Set.

The policies shown perform the following actions:

The DropEvents policy simply limits the scope of the driver to Modify events.

The Cleanup Action Objects policy is used to delete Action Objects that have successfully completed their assigned actions.

The Title-based Quota policy creates SetQuota Action Objects for users whose Title attribute is changing to include “Admin” or “admin” as part of the title.

The Drop Processed Events policy simply drops the current operation, because no other processing is needed in the driver.

Title-based Quota Policy

The primary policy is the Title-based Quota policy. This policy has the following conditions and actions:

Figure 5-4 Set Admin Quota Rule.

The policy performs the following actions:

  1. Limits the scope of the processing to user objects whose title is changing to a value that includes “Admin” or “admin” as part of the string.

  2. Only processes user objects that have a current Home Directory attribute set.

  3. Sets up local variables to hold the new Action Object name and FDN.

  4. Creates a new Action Object based on the FDN specified in the local variables.

  5. Sets the attributes of the new Action Object based on what is required for a SetQuota action:

    1. Sets cccFSFactoryActionOperation to the value SetQuota.

    2. Sets cccFSFactoryActionOption to the XML string:<Option><SubCmd>1</SubCmd><Quantity>500</Quantity></Option>

      NOTE: The value of 1 for <SubCmd> is used to set the quota to the value specified by <Quantity>.

    3. Sets cccFSFactoryActionPath1 to the Home Directory attribute of the current user in the operation. This requires manipulation of a structured value as opposed to a simple string.

    4. Sets cccFSFactoryActionTrigger to the value Ready so that the Action Object can be processed immediately.

  6. Because the creation of the Action Object is a direct write back to eDirectory, a trace message indicating the creation of the Action Object was added for clarity in driver traces.

Cleanup Action Objects Policy

The Cleanup Action Objects policy is a helper policy that allows Novell Identity Manager to delete any Action Objects that have successfully completed. In addition, it adds trace messages to indicate success of the Action Object cleanup, or displays the error message from the Action Object’s operation if the Set Quota operation failed.

Figure 5-5 Cleanup Action Objects Rule.

NOTE:The Action Object should be evaluated for deletion only after a status of Complete has been posted to the Action Object. Deleting the Action Object prior to this might cause the associated pending event in the Novell Storage Manager Engine event queue to stay pending.

5.3.4 Policy Scripts

Title-based Quota Policy Script

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policy PUBLIC "policy-builder-dtd">
<policy>
  <rule>
    <description>SetAdminQuota_500MB</description>
    <comment xml:space="preserve">Set the home directory quota for any users with *admin* in their title attribute to 500MB using an NSM Action Object.</comment>
    <conditions>
      <and>
        <if-class-name mode="nocase" op="equal">User</if-class-name>
        <if-op-attr mode="regex" name="Title" op="changing-to">.*[Aa]dmin.*</if-op-attr>
        <if-attr name="Home Directory" op="available"/>
      </and>
    </conditions>
    <actions>
      <do-set-local-variable name="ao_name" scope="policy">
        <arg-string>
          <token-text xml:space="preserve">adminQuota-</token-text>
          <token-src-name/>
          <token-text xml:space="preserve">_</token-text>
          <token-time format="yyyyMMddHHmmss" lang="en-US" tz="UTC"/>
        </arg-string>
      </do-set-local-variable>
      <do-set-local-variable name="ao_fdn" scope="policy">
        <arg-string>
          <token-text xml:space="preserve">org\services\ao\</token-text>
          <token-local-variable name="ao_name"/>
        </arg-string>
      </do-set-local-variable>
      <do-set-local-variable name="home_dir" scope="policy">
        <arg-node-set>
          <token-attr name="Home Directory"/>
        </arg-node-set>
      </do-set-local-variable>
      <do-add-src-object class-name="cccFSFactoryAction">
        <arg-dn>
          <token-local-variable name="ao_fdn"/>
        </arg-dn>
      </do-add-src-object>
      <do-add-src-attr-value class-name="cccFSFactoryAction" name="cccFSFactoryActionOperation">
        <arg-dn>
          <token-local-variable name="ao_fdn"/>
        </arg-dn>
        <arg-value>
          <token-text xml:space="preserve">SetQuota</token-text>
        </arg-value>
      </do-add-src-attr-value>
      <do-add-src-attr-value class-name="cccFSFactoryAction" name="cccFSFactoryActionOption">
        <arg-dn>
          <token-local-variable name="ao_fdn"/>
        </arg-dn>
        <arg-value>
          <token-text xml:space="preserve">&lt;Option>&lt;SubCmd>1&lt;/SubCmd>&lt;Quantity>500&lt;/Quantity>&lt;/Option></token-text>
        </arg-value>
      </do-add-src-attr-value>
      <do-add-src-attr-value class-name="cccFSFactoryAction" name="cccFSFactoryActionPath1">
        <arg-dn>
          <token-local-variable name="ao_fdn"/>
        </arg-dn>
        <arg-value type="structured">
          <arg-component name="nameSpace">
            <token-xpath expression="$home_dir/component[@name='nameSpace']/text()"/>
          </arg-component>
          <arg-component name="volume">
            <token-xpath expression="$home_dir/component[@name='volume']/text()"/>
          </arg-component>
          <arg-component name="path">
            <token-xpath expression="$home_dir/component[@name='path']/text()"/>
          </arg-component>
        </arg-value>
      </do-add-src-attr-value>
      <do-add-src-attr-value class-name="cccFSFactoryAction" name="cccFSFactoryActionTrigger">
        <arg-dn>
          <token-local-variable name="ao_fdn"/>
        </arg-dn>
        <arg-value>
          <token-text xml:space="preserve">Ready</token-text>
        </arg-value>
      </do-add-src-attr-value>
      <do-trace-message color="brpurple">
        <arg-string>
          <token-text xml:space="preserve">Created Action Object '</token-text>
          <token-local-variable name="ao_name"/>
          <token-text xml:space="preserve">' to set home directory quota to 500MB for user '</token-text>
          <token-src-name/>
          <token-text xml:space="preserve">'</token-text>
        </arg-string>
      </do-trace-message>
    </actions>
  </rule>
</policy>

Cleanup Action Objects Policy Script

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policy PUBLIC "policy-builder-dtd">
<policy>
  <rule>
    <description>Cleanup Successful Actions</description>
    <comment xml:space="preserve">The driver will be responsible for cleaning up all Action Objects that have completed with a Result of "Success"</comment>
    <conditions>
      <and>
        <if-class-name mode="nocase" op="equal">cccFSFactoryAction</if-class-name>
        <if-op-attr mode="nocase" name="cccFSFactoryActionStatus" op="equal">Complete</if-op-attr>
      </and>
    </conditions>
    <actions>
      <do-if>
        <arg-conditions>
          <and>
            <if-attr mode="nocase" name="cccFSFactoryActionResult" op="equal">Success</if-attr>
          </and>
        </arg-conditions>
        <arg-actions>
          <do-delete-src-object/>
          <do-trace-message>
            <arg-string>
              <token-text xml:space="preserve">Deleting Action Object '</token-text>
              <token-src-name/>
              <token-text xml:space="preserve">' with successful completion.</token-text>
            </arg-string>
          </do-trace-message>
        </arg-actions>
        <arg-actions>
          <do-trace-message color="brred">
            <arg-string>
              <token-text xml:space="preserve">Action Object '</token-text>
              <token-src-name/>
              <token-text xml:space="preserve">' failed to complete successfully:  "</token-text>
              <token-attr name="cccFSFactoryActionResult"/>
              <token-text xml:space="preserve">"</token-text>
            </arg-string>
          </do-trace-message>
        </arg-actions>
      </do-if>
      <do-strip-xpath expression="$current-op"/>
    </actions>
  </rule>
</policy>