Overview#

Okay. The title is a little weird. (Old info 2009-12-23)

The problem was that the current RACF driver (3.52) does not support setting a password when the user is created.

The good news, the next release of the driver, which should be soon, will.

Shows a DirXML Example and XPATH Example.

We have on occasion needed to Convert DirXML Document from one form to another.

Details#

Back the the issue. We have a add document that looks like this:
 <input>
    <add class-name="User" event-id="plux0884#20091217161122#99#57" qualified-src-dn="dc=com\dc=willeke\OU=users\CN=GDR109" src-dn="\willekeIDV-LAB\com\willeke\users\GDR109" src-entry-id="42696">
      <add-attr attr-name="willekeRACFAccount">
        <value timestamp="1258656672#59" type="state">true</value>
      </add-attr>
      <add-attr attr-name="willekeRacfDefaultGroup">
        <value timestamp="1258656671#126" type="string">DEPTGFR</value>
      </add-attr>
      <add-attr attr-name="willekeTargetIDMUser">
        <value timestamp="1261066756#13" type="state">false</value>
      </add-attr>
      <add-attr attr-name="willekeUcode">
        <value timestamp="1258656671#130" type="string">U9G004</value>
      </add-attr>
      <add-attr attr-name="Login Disabled">
        <value timestamp="1258656671#111" type="state">false</value>
      </add-attr>
      <add-attr attr-name="nspmDistributionPassword">`
      <value timestamp="1258984340#10" type="string">Mickey</value>
      </add-attr>
      <add-attr attr-name="preferredName">
        <value timestamp="1258656671#7" type="string">aldo2</value>
      </add-attr>
      <add-attr attr-name="Surname">
        <value timestamp="1258656671#21" type="string">Stellato2</value>
      </add-attr>
      <add-attr attr-name="workforceID">
        <value timestamp="1258656671#6" type="string">GDR109</value>
      </add-attr>
      <password>password4User</password>
      <operation-data op-sourceDN="\willekeIDV-LAB\com\willeke\users\GDR109"/>
    </add>
  </input>

Note: the current driver will put the <password> element in the document, when you set the destination password, it just does not do anything with it.

We need to end up with a document that looks something like this:

    <modify-password class-name="User" event-id="plux0884#20091217161122#99#57xx" src-dn="\willekeIDV-LAB\com\willeke\users\GDR109">
      <association>\willekeIDV-LAB\com\willeke\users\GDR109</association>
      <password>password4User</password>
    </modify-password>

The DirXML Examples of the code:

<rule>
	<description>Convert adds of the nspmDistributionPassword attribute to password elements</description>
	<comment xml:space="preserve">Creates a separate document for a modif-password operation that will follow the add document.</comment>
	<comment name="author" xml:space="preserve">jim@willeke.com</comment>
	<comment name="version" xml:space="preserve">13</comment>
	<comment name="lastchanged" xml:space="preserve">2009-12-20</comment>
	<conditions>
		<and>
			<if-operation op="equal">add</if-operation>
			<if-op-attr name="nspmDistributionPassword" op="available"/>
		</and>
	</conditions>
	<actions>
		<!-- Change all add-attr elements for the nspmDistributionPassword attribute to password elements-->
		<do-set-dest-password>
			<arg-string>
				<token-xpath expression="modify-attr[@attr-name='nspmDistributionPassword']//add-value//value"/>
			</arg-string>
		</do-set-dest-password>
		<do-set-local-variable name="lv-thisuserdn" scope="policy">
			<arg-string>
				<token-src-dn/>
			</arg-string>
		</do-set-local-variable>
		<do-append-xml-element expression=".." name="modify-password"/>
		<do-set-xml-attr expression="../modify-password" name="class-name">
			<arg-string>
				<token-text xml:space="preserve">User</token-text>
			</arg-string>
		</do-set-xml-attr>
		<do-set-xml-attr expression="../modify-password" name="event-id">
			<arg-string>
				<token-xpath expression="@event-id"/>
				<token-text xml:space="preserve">xx</token-text>
			</arg-string>
		</do-set-xml-attr>
		<do-set-xml-attr expression="../modify-password" name="src-dn">
			<arg-string>
				<token-local-variable name="lv-thisuserdn"/>
			</arg-string>
		</do-set-xml-attr>
		<do-append-xml-element expression="../modify-password" name="association"/>
		<do-append-xml-text expression="../modify-password/association">
			<arg-string>
				<token-local-variable name="lv-thisuserdn"/>
			</arg-string>
		</do-append-xml-text>
		<do-append-xml-element expression="../modify-password" name="password"/>
		<do-append-xml-text expression="../modify-password/password">
			<arg-string>
				<token-xpath expression="../add/password/text()"/>
			</arg-string>
		</do-append-xml-text>
		<!-- Remove all add-attr elements for the nspmDistributionPassword attribute -->
		<do-strip-op-attr name="nspmDistributionPassword"/>
		<do-strip-xpath disabled="true" expression="../add/password"/>
	</actions>
</rule>

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 19-Aug-2014 11:07 by jim