Problem with chancing values on source object - Haow to remove association-ref with XPATH?
V-M Luotonen
Main question is bottom of this post but I will explain first the background
of problem....
I have problem with my manager rule.. I have two objects in same eDirectory
tree associated together (Flat and Hierarcical)...
Meta\User1
Company\L\OU\User1
User has manager Company\L\OU\Mgr1 (object also exists in Meta\Mgr1)
I Have a rule which adds Manager DN to object while managerWorkforceID is
added
Problem is that it adds both Mgr1 objects (Flat and hierarcical) to manager
attribute of sourceobject in which I do the ManagerWorkforceID addition..
Rule which finds the Manager DN is as follows: (It supposed to add manager
DN to both source and destination object)
<rule>
<description>Put dest-dn to variable</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-set-local-variable name="dest-dn">
<arg-string>
<token-dest-dn/>
</arg-string>
</do-set-local-variable>
</actions>
</rule>
<rule>
<description>Add DNs from manager attribute based upon changes to
managerWorkforceID</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="managerWorkforceID" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-removed-attr name="managerWorkforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-op-attr name="managerWorkforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor,"subtree",
"", "Company\L", "User", "workforceID", $current-id, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-dest-attr-value>
<do-add-src-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
It adds nicely manager to destination object:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product version="2.0.8.20050119 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" dest-dn="Company\L\OU\User1" dest-entry-id="42653"
event-id="SERVER-NDS#20051124141617#1#1" qualified-src-dn="O=Meta\CN=User1"
src-dn="\TREE\Meta\User1" src-entry-id="42652" timestamp="1132841777#1">
<association
state="associated">{C17902CC-7F40-154b-81DB-6F27DB2EC39B}</association>
<modify-attr attr-name="managerWorkforceID">
<add-value>
<value timestamp="1132841777#1" type="string">6821</value>
</add-value>
</modify-attr>
<modify-attr attr-name="manager">
<add-value>
<value type="dn">\TREE\Company\L\OU\Mgr1</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
!!!But when starting to process source object!!!! - Associtioation takes
into document...
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product version="2.0.8.20050119 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" dest-dn="\TREE\Meta\User1" dest-entry-id="42652"
event-id="SERVER-NDS#20051124141617#1#1" src-dn="Company\L\OU\User1"
src-entry-id="42653">
<association>{C17902CC-7F40-154b-81DB-6F27DB2EC39B}</association>
<modify-attr attr-name="manager">
<add-value>
<value association-ref="{5432EE9D-A7C5-b34f-A754-1D7293C4C57D}"
type="dn">\TREE\Company\L\OU\Mgr1</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
And since it starts to proces manager with association ref it finds two of
them..
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product version="2.0.8.20050119 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" dest-dn="\TREE\Meta\User1" dest-entry-id="42652"
event-id="SERVER-NDS#20051124141617#1#1" src-dn="Company\L\OU\User1"
src-entry-id="42653">
<association>{C17902CC-7F40-154b-81DB-6F27DB2EC39B}</association>
<modify-attr attr-name="manager">
<add-value>
<value type="dn">\TREE\Company\L\OU\Mgr1</value>
<value type="dn">\TREE\Meta\Mgr1</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
Is there Any simple way to get into thing to remove association-ref from
document?
I have tried to implement following rule, but XPATH is not recognized:
<rule>
<description>Strip manager Association-ref from document</description>
<conditions>
<and>
<if-op-attr name="manager" op="changing"/>
<if-operation op="equal">modify</if-operation>
<if-xpath
op="true">/nds/input/modify/modify-attr/add-value/value/@association-ref</if-xpath>
</and>
</conditions>
<actions>
<do-strip-xpath expression="/add-value/value/@association-ref"/>
</actions>
</rule>
Question is how to remove
association-ref="{5432EE9D-A7C5-b34f-A754-1D7293C4C57D}" from document
<value association-ref="{5432EE9D-A7C5-b34f-A754-1D7293C4C57D}"
type="dn">\TREE\Company\L\OU\Mgr1</value>
So that result would be
<value type="dn">\TREE\Company\L\OU\Mgr1</value>
THANK for Advance....
BR
Veli-Matti Luotonen
Father Ramon
driver? If so, between two trees or within the same tree (loopback) ?
Which policy and channel you are doing this in?
--
Father Ramon
The Patron(izing) Saint of DirXML
V-M Luotonen
Sorry for long delay from my side...
Driver is loopback within same tree...
Main reason to do the loopback is that importing HR system does TXT file
which is imported to flat structure... after HR adds couple attributes user
ID is created to hierarcical structure (similar as on production AD).
On Create rule there are veto if attribute managerworkforceid not available
Channel where I am doing things is Publisher and
Rule which takes care of forming the manager attribute is as followed...
Rule is in Command transformation rule
<?xml version="1.0" encoding="UTF-8"?><policy
xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor">
<rule>
<description>Put dest-dn to variable</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-set-local-variable name="dest-dn">
<arg-string>
<token-dest-dn/>
</arg-string>
</do-set-local-variable>
</actions>
</rule>
<rule>
<description>Add or remove DNs from manager attribute based upon changes
to managerWorkforceID</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="managerWorkforceID" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-removed-attr name="managerWorkforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor,"subtree",
"", "Company\AD", "User", "workforceID",$current-id, "")'/>
</arg-node-set>
<arg-actions>
<do-remove-dest-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-remove-dest-attr-value>
<do-remove-src-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-op-attr name="managerWorkforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor,"subtree",
"", "Company\AD", "User", "workforceID", $current-id, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-dest-attr-value>
<do-add-src-attr-value class-name="User" name="manager">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>Find Manager - Add directReports/isManager attributes to
manager object </description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="managerWorkforceID" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="workforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor,"subtree",
"", "Company\AD", "User", "workforceID",$current-id, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value class-name="User" name="directReports">
<arg-dn>
<token-xpath expression="$current-node/@src-dn"/>
</arg-dn>
<arg-value type="dn">
<token-local-variable name="dest-dn"/>
</arg-value>
</do-add-dest-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($destQueryProcessor,"subtree",
"", "Company\AD", "User", "workforceID",$current-id, "")'/>
</arg-node-set>
<arg-actions>
<do-add-dest-attr-value class-name="User" name="isManager">
<arg-dn>
<token-xpath expression="$current-node/@src-dn"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">true</token-text>
</arg-value>
</do-add-dest-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="managerWorkforceID"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="current-id">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath
expression="'query:search($destQueryProcessor,"subtree",
"", "Company\AD", "User",
"managerWorkforceID",$current-id, "")"/>
</arg-node-set>
<arg-actions>
<do-remove-dest-attr-value class-name="User" name="directReports">
<arg-value type="dn">
<token-xpath expression="$current-node/@src-dn"/>
</arg-value>
</do-remove-dest-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>
"Father Ramon" <devf...@novell.com> wrote in message
news:gjGhf.8857$Pe3....@prv-forum2.provo.novell.com...
Father Ramon
loopback driver, though I would expect to see it if you were using the
eDirectory driver in loopback mode (i.e. connecting the subscriber
channel to the publisher channel of the same driver.
There are many ways to handle the problem you are seeing, but the one I
think I would suggest as the one that is going to make your life easiest
in the long run is to not run the eDirectory driver in loopback mode,
but rather run two drivers as if they were in separate trees. That gets
rid of the problem that both copies of your object have the same
association value for the same driver. You are still going to have to do
some scope filtering, but association resolution is never going to get
confused about which object you are talking about. The only real trick
to getting two eDir drivers running on the same server talking to each
other is that you have to configure the publisher and subscriber to user
different ports. You do this by adding an additional colon after the
first port number to specify a different port for the publisher. An
example of this would be to use localhost:8193:8194 on one driver and
localhost:8194:8193 on the other.