jspωiki
IDM Manage Posix Attributes

Overview #

The client want to provide uid and gid values while and maintain the MemberUID values.

Shows a DirXML Example and XPATH Example for working with IDM Manage Posix Attributes.

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\novell\Designer\eclipse\plugins\com.novell.designer.idm.oldpolicybuilder_2.0.0.200710261247\DTD\dirxmlscript.dtd"><policy xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor">
	<rule>
		<description>Regenerate GID number for Groups</description>
		<conditions>
			<and>
				<if-class-name mode="nocase" op="equal">Group</if-class-name>
				<if-op-attr name="gidNumber" op="equal">999999999</if-op-attr>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lastGIDUsed">
				<arg-string>
					<token-src-attr name="nwLastGIDused">
						<arg-dn>
							<token-global-variable name="GIDNumberCounterDN"/>
						</arg-dn>
					</token-src-attr>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lastGIDUsed">
				<arg-string>
					<token-xpath expression="$lastGIDUsed + 1"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-src-attr-value name="nwLastGIDused">
				<arg-dn>
					<token-global-variable name="GIDNumberCounterDN"/>
				</arg-dn>
				<arg-value type="string">
					<token-local-variable name="lastGIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-set-src-attr-value name="gidNumber">
				<arg-value type="string">
					<token-local-variable name="lastGIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
		</actions>
	</rule>
	<rule>
		<description>Generate GID number for new Groups</description>
		<conditions>
			<and>
				<if-class-name mode="nocase" op="equal">Group</if-class-name>
				<if-operation op="equal">add</if-operation>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lastGIDUsed">
				<arg-string>
					<token-src-attr name="nwLastGIDused">
						<arg-dn>
							<token-global-variable name="GIDNumberCounterDN"/>
						</arg-dn>
					</token-src-attr>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lastGIDUsed">
				<arg-string>
					<token-xpath expression="$lastGIDUsed + 1"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-src-attr-value name="nwLastGIDused">
				<arg-dn>
					<token-global-variable name="GIDNumberCounterDN"/>
				</arg-dn>
				<arg-value type="string">
					<token-local-variable name="lastGIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-add-src-attr-value name="Object Class">
				<arg-value type="string">
					<token-text xml:space="preserve">posixGroup</token-text>
				</arg-value>
			</do-add-src-attr-value>
			<do-add-src-attr-value name="gidNumber">
				<arg-value type="string">
					<token-local-variable name="lastGIDUsed"/>
				</arg-value>
			</do-add-src-attr-value>
		</actions>
	</rule>
	<rule>
		<description>Generate UID number on User Modify</description>
		<conditions>
			<and>
				<if-class-name mode="nocase" op="equal">User</if-class-name>
				<if-op-attr name="uidNumber" op="equal">999999999</if-op-attr>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lastUIDUsed">
				<arg-string>
					<token-src-attr name="nwLastUIDused">
						<arg-dn>
							<token-global-variable name="UIDNumberCounterDN"/>
						</arg-dn>
					</token-src-attr>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lastUIDUsed">
				<arg-string>
					<token-xpath expression="$lastUIDUsed + 1"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-src-attr-value name="nwLastUIDused">
				<arg-dn>
					<token-global-variable name="UIDNumberCounterDN"/>
				</arg-dn>
				<arg-value type="string">
					<token-local-variable name="lastUIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-set-src-attr-value name="uidNumber">
				<arg-value type="string">
					<token-local-variable name="lastUIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
		</actions>
	</rule>
	<rule>
		<description>Set default user data - on User Create</description>
		<conditions>
			<and>
				<if-class-name mode="nocase" op="equal">User</if-class-name>
				<if-operation op="equal">add</if-operation>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lastUIDUsed">
				<arg-string>
					<token-src-attr name="nwLastUIDused">
						<arg-dn>
							<token-global-variable name="UIDNumberCounterDN"/>
						</arg-dn>
					</token-src-attr>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lastUIDUsed">
				<arg-string>
					<token-xpath expression="$lastUIDUsed + 1"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-src-attr-value name="nwLastUIDused">
				<arg-dn>
					<token-global-variable name="UIDNumberCounterDN"/>
				</arg-dn>
				<arg-value type="string">
					<token-local-variable name="lastUIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-add-src-attr-value name="Object Class">
				<arg-value type="string">
					<token-text xml:space="preserve">posixAccount</token-text>
				</arg-value>
			</do-add-src-attr-value>
			<do-set-src-attr-value name="uidNumber">
				<arg-value type="string">
					<token-local-variable name="lastUIDUsed"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-set-src-attr-value name="homeDirectory">
				<arg-value type="string">
					<token-global-variable name="DefaultUserHomeDirectory"/>
					<token-src-attr name="uniqueID"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-set-src-attr-value name="gidNumber">
				<arg-value type="string">
					<token-global-variable name="DefaultUserGID"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-set-src-attr-value name="loginShell">
				<arg-value type="string">
					<token-global-variable name="DefaultShell"/>
				</arg-value>
			</do-set-src-attr-value>
			<do-add-src-attr-value name="Object Class">
				<arg-value type="string">
					<token-text xml:space="preserve">shadowAccount</token-text>
				</arg-value>
			</do-add-src-attr-value>
		</actions>
	</rule>
	<rule>
		<description>PosixGroup - Member Changing - Update Group MemberUID &amp; User Group Membership</description>
		<conditions>
			<and>
				<if-class-name op="equal">Group</if-class-name>
				<if-op-attr name="Member" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="Member"/>
				</arg-node-set>
				<arg-actions>
					<do-add-src-attr-value class-name="Group" name="memberUid">
						<arg-value type="string">
							<token-parse-dn length="1" start="-1">
								<token-local-variable name="current-node"/>
							</token-parse-dn>
						</arg-value>
					</do-add-src-attr-value>
					<do-add-src-attr-value name="Group Membership">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn/>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="Member"/>
				</arg-node-set>
				<arg-actions>
					<do-remove-src-attr-value class-name="Group" name="memberUid">
						<arg-value type="string">
							<token-parse-dn length="1" start="-1">
								<token-local-variable name="current-node"/>
							</token-parse-dn>
						</arg-value>
					</do-remove-src-attr-value>
					<do-set-local-variable name="lvUserUID">
						<arg-string>
							<token-parse-dn length="1" start="-1">
								<token-local-variable name="current-node"/>
							</token-parse-dn>
						</arg-string>
					</do-set-local-variable>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $lvUserUID,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$current-node/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-remove-src-attr-value name="Group Membership">
								<arg-dn>
									<token-local-variable name="lvDN"/>
								</arg-dn>
								<arg-value type="string">
									<token-src-dn/>
								</arg-value>
							</do-remove-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>PosixGroup - memberUID Changing - Update Group Member</description>
		<conditions>
			<and>
				<if-class-name op="equal">Group</if-class-name>
				<if-op-attr name="memberUid" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="memberUid"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $current-node,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-add-src-attr-value name="Member">
								<arg-value type="dn">
									<token-local-variable name="lvDN"/>
								</arg-value>
							</do-add-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="memberUid"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $current-node,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-remove-src-attr-value name="Member">
								<arg-value type="string">
									<token-local-variable name="lvDN"/>
								</arg-value>
							</do-remove-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>User - Group Membership Changing - Update Group Member &amp; Group memberUID</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-op-attr name="Group Membership" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="Group Membership"/>
				</arg-node-set>
				<arg-actions>
					<do-add-src-attr-value name="Member">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn/>
						</arg-value>
					</do-add-src-attr-value>
					<do-add-src-attr-value name="memberUid">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn length="1" start="-1"/>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="Group Membership"/>
				</arg-node-set>
				<arg-actions>
					<do-remove-src-attr-value name="Member">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn/>
						</arg-value>
					</do-remove-src-attr-value>
					<do-remove-src-attr-value name="memberUid">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn length="1" start="-1"/>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>SudoRole - SudoUser Changing - update user sudoRole Membership</description>
		<conditions>
			<and>
				<if-class-name op="equal">sudoRole</if-class-name>
				<if-op-attr name="sudoUser" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="sudoUser"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $current-node,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-add-src-attr-value name="nwSudoMembership">
								<arg-dn>
									<token-local-variable name="lvDN"/>
								</arg-dn>
								<arg-value type="dn">
									<token-src-dn/>
								</arg-value>
							</do-add-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="sudoUser"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $current-node,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-remove-src-attr-value name="nwSudoMembership">
								<arg-dn>
									<token-local-variable name="lvDN"/>
								</arg-dn>
								<arg-value type="string">
									<token-src-dn/>
								</arg-value>
							</do-remove-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>User - nwSudoMembership Changing - Update SudoRole sudoUser</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-op-attr name="nwSudoMembership" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="nwSudoMembership"/>
				</arg-node-set>
				<arg-actions>
					<do-add-src-attr-value name="sudoUser">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn length="1" start="-1"/>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="nwSudoMembership"/>
				</arg-node-set>
				<arg-actions>
					<do-remove-src-attr-value name="sudoUser">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-src-dn length="1" start="-1"/>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>nisNetGroup - nisNetGroupTriple Changing - update user nwNetGroupMembership</description>
		<conditions>
			<and>
				<if-class-name op="equal">nisNetGroup</if-class-name>
				<if-op-attr name="nisNetGroupTriple" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="nisNetGroupTriple"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvFormatedNisTriple">
						<arg-string>
							<token-replace-all regex="[-(),]">
								<token-local-variable name="current-node"/>
							</token-replace-all>
						</arg-string>
					</do-set-local-variable>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $lvFormatedNisTriple,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-add-src-attr-value name="nwNetGroupMembership">
								<arg-dn>
									<token-local-variable name="lvDN"/>
								</arg-dn>
								<arg-value type="dn">
									<token-src-dn/>
								</arg-value>
							</do-add-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="nisNetGroupTriple"/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvFormatedNisTriple">
						<arg-string>
							<token-replace-all regex="[-(),]">
								<token-local-variable name="current-node"/>
							</token-replace-all>
						</arg-string>
					</do-set-local-variable>
					<do-set-local-variable name="result">
						<arg-node-set>
							<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "User", "uniqueID", $lvFormatedNisTriple,   "DN")'/>
						</arg-node-set>
					</do-set-local-variable>
					<do-for-each>
						<arg-node-set>
							<token-local-variable name="result"/>
						</arg-node-set>
						<arg-actions>
							<do-set-local-variable name="lvDN">
								<arg-string>
									<token-xpath expression="$result/@src-dn"/>
								</arg-string>
							</do-set-local-variable>
							<do-trace-message level="3">
								<arg-string>
									<token-text xml:space="preserve">Results eq </token-text>
									<token-local-variable name="lvDN"/>
								</arg-string>
							</do-trace-message>
							<do-remove-src-attr-value name="nwNetGroupMembership">
								<arg-dn>
									<token-local-variable name="lvDN"/>
								</arg-dn>
								<arg-value type="string">
									<token-src-dn/>
								</arg-value>
							</do-remove-src-attr-value>
						</arg-actions>
					</do-for-each>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>User - nwNetGroupMembership Changing - Update NetGroup nisNetGroupTriple</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-op-attr name="nwNetGroupMembership" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-for-each>
				<arg-node-set>
					<token-op-attr name="nwNetGroupMembership"/>
				</arg-node-set>
				<arg-actions>
					<do-add-src-attr-value name="nisNetGroupTriple">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-text xml:space="preserve">(-,</token-text>
							<token-src-dn length="1" start="-1"/>
							<token-text xml:space="preserve">,)</token-text>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-removed-attr name="nwNetGroupMembership"/>
				</arg-node-set>
				<arg-actions>
					<do-remove-src-attr-value name="nisNetGroupTriple">
						<arg-dn>
							<token-local-variable name="current-node"/>
						</arg-dn>
						<arg-value type="string">
							<token-text xml:space="preserve">(-,</token-text>
							<token-src-dn length="1" start="-1"/>
							<token-text xml:space="preserve">,)</token-text>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>User Deleted - Remove from SudoRoles, NetGroups, &amp; Groups</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-operation op="equal">delete</if-operation>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lvUserUID">
				<arg-string>
					<token-src-dn length="1" start="-1"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lvUserNisNetGroupTriple">
				<arg-string>
					<token-text xml:space="preserve">(-,</token-text>
					<token-local-variable name="lvUserUID"/>
					<token-text xml:space="preserve">,)</token-text>
				</arg-string>
			</do-set-local-variable>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "nisNetGroup", "nisNetGroupTriple", $lvUserNisNetGroupTriple,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="nisNetGroupTriple">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-text xml:space="preserve">(-,</token-text>
							<token-local-variable name="lvUserUID"/>
							<token-text xml:space="preserve">,)</token-text>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "SudoRole", "SudoUser", $lvUserUID,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="sudoUser">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvUserUID"/>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "Group", "memberUID", $lvUserUID,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="memberUid">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvUserUID"/>
						</arg-value>
					</do-remove-src-attr-value>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>User Rename - Update Groups, NetGroups, &amp; Sudo Roles</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-operation op="equal">rename</if-operation>
			</and>
		</conditions>
		<actions>
			<do-set-local-variable name="lvOldUID">
				<arg-string>
					<token-parse-dn length="1" start="-1">
						<token-xpath expression="@old-src-dn"/>
					</token-parse-dn>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lvNewUID">
				<arg-string>
					<token-xpath expression="new-name"/>
				</arg-string>
			</do-set-local-variable>
			<do-set-local-variable name="lvOldNisNetGroupTriple">
				<arg-string>
					<token-text xml:space="preserve">(-,</token-text>
					<token-local-variable name="lvOldUID"/>
					<token-text xml:space="preserve">,)</token-text>
				</arg-string>
			</do-set-local-variable>
			<do-trace-message level="3">
				<arg-string>
					<token-text xml:space="preserve">New Name = </token-text>
					<token-local-variable name="lvNewUID"/>
					<token-text xml:space="preserve"> Old Name = </token-text>
					<token-local-variable name="lvOldUID"/>
				</arg-string>
			</do-trace-message>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "Group", "memberUID", $lvOldUID,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="memberUid">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvOldUID"/>
						</arg-value>
					</do-remove-src-attr-value>
					<do-add-src-attr-value name="memberUid">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvNewUID"/>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "SudoRole", "sudoUser", $lvOldUID,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="sudoUser">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvOldUID"/>
						</arg-value>
					</do-remove-src-attr-value>
					<do-add-src-attr-value name="sudoUser">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvNewUID"/>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
			<do-for-each>
				<arg-node-set>
					<token-xpath expression='query:search($srcQueryProcessor,   "subtree", "", "", "nisNetGroup", "nisNetGroupTriple", $lvOldNisNetGroupTriple,   "DN")'/>
				</arg-node-set>
				<arg-actions>
					<do-set-local-variable name="lvDN">
						<arg-string>
							<token-xpath expression="$current-node/@src-dn"/>
						</arg-string>
					</do-set-local-variable>
					<do-remove-src-attr-value name="nisNetGroupTriple">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-local-variable name="lvOldNisNetGroupTriple"/>
						</arg-value>
					</do-remove-src-attr-value>
					<do-add-src-attr-value name="nisNetGroupTriple">
						<arg-dn>
							<token-local-variable name="lvDN"/>
						</arg-dn>
						<arg-value type="string">
							<token-text xml:space="preserve">(-,</token-text>
							<token-local-variable name="lvNewUID"/>

							<token-text xml:space="preserve">,)</token-text>
						</arg-value>
					</do-add-src-attr-value>
				</arg-actions>
			</do-for-each>
		</actions>
	</rule>
	<rule>
		<description>BlockFurtherAction</description>
		<conditions>
			<and>
				<if-op-attr name="audio" op="not-available"/>
			</and>
		</conditions>
		<actions>
			<do-veto/>
		</actions>
	</rule>
</policy>

More Information#

There might be more information for this subject on one of the following: