!!! Overview
When using the [Microsoft Active Directory Driver] there are often attributes that require conversion from being Multi-Valued in [IDV] to [SINGLE-VALUE] in [Microsoft Active Directory].
The [DirXML Example] below shows on method to accomplish the task.
[{$pagename}] utilizes some rather unique techniques to accomplishing the task.
First the rule reads the [DirXML-ApplicationSchema] attribute values and stores this in a [Driver Scope] [Global Configuration Variable] "APP-SCHEMA". The value is set only once and then only checked for presence.
* For each DirXML Operational Attribute, the "APP-SCHEMA" GCV is checked using [XPATH] to read the XML Attribute @multi-valued and set the value into the [local Variable] "MULTI-VALUED".
* if the value of "MULTI-VALUED" is "false", the vlaue of the DirXML Operational Attribute is stored in the [Local Variable] "VALUE"
* The DirXML Operational Attribute is stripped from the operation and the destination Attribute is set to the value of "VALUE".
Originally taken from [Generic Single-valued Schema Enforcement|https://www.netiq.com/communities/cool-solutions/generic-single-valued-schema-enforcement/|target='_blank'].
%%warning
It is important that the [Application Schema|DirXML-ApplicationSchema]] be refreshed for the rule to work properly.
%%
We added a couple of tweaks.
Shows some [DirXML Example] and [XPATH Examples]:
{{{
<rule>
<description>[CIS] Handle Multi-to-single valued conversions</description>
<comment xml:space="preserve">Generic Rule which reads the application schema from AD and determines if it needs to take only the first value from a multi-valued eDirectory attribute
From:
http://www.novell.com/communities/node/9413/generic-single-valued-schema-enforcement</comment>
<comment name="author" xml:space="preserve">jim@willeke.com</comment>
<comment name="version" xml:space="preserve">40</comment>
<comment name="lastchanged" xml:space="preserve">2014-02-03</comment>
<conditions>
<or>
<if-operation mode="case" op="equal">modify</if-operation>
<if-operation mode="case" op="equal">add</if-operation>
</or>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-local-variable name="APP-SCHEMA" op="not-available"/>
</and>
</arg-conditions>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Caching DirXML-ApplicationSchema on startup of driver!</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="APP-SCHEMA" scope="driver">
<arg-node-set>
<token-xml-parse>
<token-base64-decode>
<token-src-attr name="DirXML-ApplicationSchema">
<arg-dn>
<token-global-variable name="dirxml.auto.driverdn"/>
</arg-dn>
</token-src-attr>
</token-base64-decode>
</token-xml-parse>
</arg-node-set>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
<do-for-each>
<arg-node-set>
<token-xpath expression=".//@attr-name"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="CLASS" scope="policy">
<arg-string>
<token-class-name/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="ATTR-DEF" scope="policy">
<arg-node-set>
<token-xpath expression="$APP-SCHEMA/schema-def/class-def/attr-def[@attr-name=$current-node]"/>
</arg-node-set>
</do-set-local-variable>
<do-set-local-variable name="MULTI-VALUED" scope="policy">
<arg-string>
<token-xpath expression="$ATTR-DEF[1]/@multi-valued"/>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="MULTI-VALUED" op="equal">false</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="VALUE" scope="policy">
<arg-string>
<token-op-attr name="$current-node$"/>
</arg-string>
</do-set-local-variable>
<do-strip-op-attr name="$current-node$"/>
<do-set-dest-attr-value name="$current-node$">
<arg-value>
<token-local-variable name="VALUE"/>
</arg-value>
</do-set-dest-attr-value>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
</actions>
</rule>
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]