This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Handle Multi-to-single valued conversions
Handle Multi-to-single valued conversions

Version management

Difference between version and

At line 1 added 115 lines
!!! Overview
When using the [Microsoft Active Directory Driver] there are often attributes that require conversion from being Multi-Valued in [IDV] to [SINGLE-VALUE] in [Microsoft Active Directory].
The [DirXML Example] below shows on method to accomplish the task.
[{$pagename}] utilizes some rather unique techniques to accomplishing the task.
First the rule reads the [DirXML-ApplicationSchema] attribute values and stores this in a [Driver Scope] [Global Configuration Variable] "APP-SCHEMA". The value is set only once and then only checked for presence.
* For each DirXML Operational Attribute, the "APP-SCHEMA" GCV is checked using [XPATH] to read the XML Attribute @multi-valued and set the value into the [local Variable] "MULTI-VALUED".
* if the value of "MULTI-VALUED" is "false", the vlaue of the DirXML Operational Attribute is stored in the [Local Variable] "VALUE"
* The DirXML Operational Attribute is stripped from the operation and the destination Attribute is set to the value of "VALUE".
Originally taken from [Generic Single-valued Schema Enforcement|https://www.netiq.com/communities/cool-solutions/generic-single-valued-schema-enforcement/|target='_blank'].
%%warning
It is important that the [Application Schema|DirXML-ApplicationSchema]] be refreshed for the rule to work properly.
%%
We added a couple of tweaks.
Shows some [DirXML Example] and [XPATH Examples]:
{{{
<rule>
<description>[CIS] Handle Multi-to-single valued conversions</description>
<comment xml:space="preserve">Generic Rule which reads the application schema from AD and determines if it needs to take only the first value from a multi-valued eDirectory attribute
From:
http://www.novell.com/communities/node/9413/generic-single-valued-schema-enforcement</comment>
<comment name="author" xml:space="preserve">jim@willeke.com</comment>
<comment name="version" xml:space="preserve">40</comment>
<comment name="lastchanged" xml:space="preserve">2014-02-03</comment>
<conditions>
<or>
<if-operation mode="case" op="equal">modify</if-operation>
<if-operation mode="case" op="equal">add</if-operation>
</or>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-local-variable name="APP-SCHEMA" op="not-available"/>
</and>
</arg-conditions>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Caching DirXML-ApplicationSchema on startup of driver!</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="APP-SCHEMA" scope="driver">
<arg-node-set>
<token-xml-parse>
<token-base64-decode>
<token-src-attr name="DirXML-ApplicationSchema">
<arg-dn>
<token-global-variable name="dirxml.auto.driverdn"/>
</arg-dn>
</token-src-attr>
</token-base64-decode>
</token-xml-parse>
</arg-node-set>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
<do-for-each>
<arg-node-set>
<token-xpath expression=".//@attr-name"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="CLASS" scope="policy">
<arg-string>
<token-class-name/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="ATTR-DEF" scope="policy">
<arg-node-set>
<token-xpath expression="$APP-SCHEMA/schema-def/class-def/attr-def[@attr-name=$current-node]"/>
</arg-node-set>
</do-set-local-variable>
<do-set-local-variable name="MULTI-VALUED" scope="policy">
<arg-string>
<token-xpath expression="$ATTR-DEF[1]/@multi-valued"/>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="MULTI-VALUED" op="equal">false</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="VALUE" scope="policy">
<arg-string>
<token-op-attr name="$current-node$"/>
</arg-string>
</do-set-local-variable>
<do-strip-op-attr name="$current-node$"/>
<do-set-dest-attr-value name="$current-node$">
<arg-value>
<token-local-variable name="VALUE"/>
</arg-value>
</do-set-dest-attr-value>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
</actions>
</rule>
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop