!!! Overview
The client want to provide uid and gid values while and maintain the MemberUID values.
Shows a [DirXML Example] and [XPATH Example] for working with [{$pagename}].
{{{
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\novell\Designer\eclipse\plugins\com.novell.designer.idm.oldpolicybuilder_2.0.0.200710261247\DTD\dirxmlscript.dtd"><policy xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor">
<rule>
<description>Regenerate GID number for Groups</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
<if-op-attr name="gidNumber" op="equal">999999999</if-op-attr>
</and>
</conditions>
<actions>
<do-set-local-variable name="lastGIDUsed">
<arg-string>
<token-src-attr name="nwLastGIDused">
<arg-dn>
<token-global-variable name="GIDNumberCounterDN"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lastGIDUsed">
<arg-string>
<token-xpath expression="$lastGIDUsed + 1"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value name="nwLastGIDused">
<arg-dn>
<token-global-variable name="GIDNumberCounterDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lastGIDUsed"/>
</arg-value>
</do-set-src-attr-value>
<do-set-src-attr-value name="gidNumber">
<arg-value type="string">
<token-local-variable name="lastGIDUsed"/>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>
<rule>
<description>Generate GID number for new Groups</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
<if-operation op="equal">add</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="lastGIDUsed">
<arg-string>
<token-src-attr name="nwLastGIDused">
<arg-dn>
<token-global-variable name="GIDNumberCounterDN"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lastGIDUsed">
<arg-string>
<token-xpath expression="$lastGIDUsed + 1"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value name="nwLastGIDused">
<arg-dn>
<token-global-variable name="GIDNumberCounterDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lastGIDUsed"/>
</arg-value>
</do-set-src-attr-value>
<do-add-src-attr-value name="Object Class">
<arg-value type="string">
<token-text xml:space="preserve">posixGroup</token-text>
</arg-value>
</do-add-src-attr-value>
<do-add-src-attr-value name="gidNumber">
<arg-value type="string">
<token-local-variable name="lastGIDUsed"/>
</arg-value>
</do-add-src-attr-value>
</actions>
</rule>
<rule>
<description>Generate UID number on User Modify</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-op-attr name="uidNumber" op="equal">999999999</if-op-attr>
</and>
</conditions>
<actions>
<do-set-local-variable name="lastUIDUsed">
<arg-string>
<token-src-attr name="nwLastUIDused">
<arg-dn>
<token-global-variable name="UIDNumberCounterDN"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lastUIDUsed">
<arg-string>
<token-xpath expression="$lastUIDUsed + 1"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value name="nwLastUIDused">
<arg-dn>
<token-global-variable name="UIDNumberCounterDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lastUIDUsed"/>
</arg-value>
</do-set-src-attr-value>
<do-set-src-attr-value name="uidNumber">
<arg-value type="string">
<token-local-variable name="lastUIDUsed"/>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>
<rule>
<description>Set default user data - on User Create</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-operation op="equal">add</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="lastUIDUsed">
<arg-string>
<token-src-attr name="nwLastUIDused">
<arg-dn>
<token-global-variable name="UIDNumberCounterDN"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lastUIDUsed">
<arg-string>
<token-xpath expression="$lastUIDUsed + 1"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value name="nwLastUIDused">
<arg-dn>
<token-global-variable name="UIDNumberCounterDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lastUIDUsed"/>
</arg-value>
</do-set-src-attr-value>
<do-add-src-attr-value name="Object Class">
<arg-value type="string">
<token-text xml:space="preserve">posixAccount</token-text>
</arg-value>
</do-add-src-attr-value>
<do-set-src-attr-value name="uidNumber">
<arg-value type="string">
<token-local-variable name="lastUIDUsed"/>
</arg-value>
</do-set-src-attr-value>
<do-set-src-attr-value name="homeDirectory">
<arg-value type="string">
<token-global-variable name="DefaultUserHomeDirectory"/>
<token-src-attr name="uniqueID"/>
</arg-value>
</do-set-src-attr-value>
<do-set-src-attr-value name="gidNumber">
<arg-value type="string">
<token-global-variable name="DefaultUserGID"/>
</arg-value>
</do-set-src-attr-value>
<do-set-src-attr-value name="loginShell">
<arg-value type="string">
<token-global-variable name="DefaultShell"/>
</arg-value>
</do-set-src-attr-value>
<do-add-src-attr-value name="Object Class">
<arg-value type="string">
<token-text xml:space="preserve">shadowAccount</token-text>
</arg-value>
</do-add-src-attr-value>
</actions>
</rule>
<rule>
<description>PosixGroup - Member Changing - Update Group MemberUID & User Group Membership</description>
<conditions>
<and>
<if-class-name op="equal">Group</if-class-name>
<if-op-attr name="Member" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="Member"/>
</arg-node-set>
<arg-actions>
<do-add-src-attr-value class-name="Group" name="memberUid">
<arg-value type="string">
<token-parse-dn length="1" start="-1">
<token-local-variable name="current-node"/>
</token-parse-dn>
</arg-value>
</do-add-src-attr-value>
<do-add-src-attr-value name="Group Membership">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="Member"/>
</arg-node-set>
<arg-actions>
<do-remove-src-attr-value class-name="Group" name="memberUid">
<arg-value type="string">
<token-parse-dn length="1" start="-1">
<token-local-variable name="current-node"/>
</token-parse-dn>
</arg-value>
</do-remove-src-attr-value>
<do-set-local-variable name="lvUserUID">
<arg-string>
<token-parse-dn length="1" start="-1">
<token-local-variable name="current-node"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $lvUserUID, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="Group Membership">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>PosixGroup - memberUID Changing - Update Group Member</description>
<conditions>
<and>
<if-class-name op="equal">Group</if-class-name>
<if-op-attr name="memberUid" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="memberUid"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $current-node, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-add-src-attr-value name="Member">
<arg-value type="dn">
<token-local-variable name="lvDN"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="memberUid"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $current-node, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-remove-src-attr-value name="Member">
<arg-value type="string">
<token-local-variable name="lvDN"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>User - Group Membership Changing - Update Group Member & Group memberUID</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="Group Membership" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="Group Membership"/>
</arg-node-set>
<arg-actions>
<do-add-src-attr-value name="Member">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-add-src-attr-value>
<do-add-src-attr-value name="memberUid">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn length="1" start="-1"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="Group Membership"/>
</arg-node-set>
<arg-actions>
<do-remove-src-attr-value name="Member">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-remove-src-attr-value>
<do-remove-src-attr-value name="memberUid">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn length="1" start="-1"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>SudoRole - SudoUser Changing - update user sudoRole Membership</description>
<conditions>
<and>
<if-class-name op="equal">sudoRole</if-class-name>
<if-op-attr name="sudoUser" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="sudoUser"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $current-node, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-add-src-attr-value name="nwSudoMembership">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="sudoUser"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $current-node, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-remove-src-attr-value name="nwSudoMembership">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>User - nwSudoMembership Changing - Update SudoRole sudoUser</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="nwSudoMembership" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="nwSudoMembership"/>
</arg-node-set>
<arg-actions>
<do-add-src-attr-value name="sudoUser">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn length="1" start="-1"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="nwSudoMembership"/>
</arg-node-set>
<arg-actions>
<do-remove-src-attr-value name="sudoUser">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-src-dn length="1" start="-1"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>nisNetGroup - nisNetGroupTriple Changing - update user nwNetGroupMembership</description>
<conditions>
<and>
<if-class-name op="equal">nisNetGroup</if-class-name>
<if-op-attr name="nisNetGroupTriple" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="nisNetGroupTriple"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvFormatedNisTriple">
<arg-string>
<token-replace-all regex="[-(),]">
<token-local-variable name="current-node"/>
</token-replace-all>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $lvFormatedNisTriple, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-add-src-attr-value name="nwNetGroupMembership">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="nisNetGroupTriple"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvFormatedNisTriple">
<arg-string>
<token-replace-all regex="[-(),]">
<token-local-variable name="current-node"/>
</token-replace-all>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="result">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "User", "uniqueID", $lvFormatedNisTriple, "DN")'/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="result"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$result/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Results eq </token-text>
<token-local-variable name="lvDN"/>
</arg-string>
</do-trace-message>
<do-remove-src-attr-value name="nwNetGroupMembership">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-src-dn/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>User - nwNetGroupMembership Changing - Update NetGroup nisNetGroupTriple</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr name="nwNetGroupMembership" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="nwNetGroupMembership"/>
</arg-node-set>
<arg-actions>
<do-add-src-attr-value name="nisNetGroupTriple">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">(-,</token-text>
<token-src-dn length="1" start="-1"/>
<token-text xml:space="preserve">,)</token-text>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-removed-attr name="nwNetGroupMembership"/>
</arg-node-set>
<arg-actions>
<do-remove-src-attr-value name="nisNetGroupTriple">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">(-,</token-text>
<token-src-dn length="1" start="-1"/>
<token-text xml:space="preserve">,)</token-text>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>User Deleted - Remove from SudoRoles, NetGroups, & Groups</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">delete</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="lvUserUID">
<arg-string>
<token-src-dn length="1" start="-1"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvUserNisNetGroupTriple">
<arg-string>
<token-text xml:space="preserve">(-,</token-text>
<token-local-variable name="lvUserUID"/>
<token-text xml:space="preserve">,)</token-text>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "nisNetGroup", "nisNetGroupTriple", $lvUserNisNetGroupTriple, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="nisNetGroupTriple">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">(-,</token-text>
<token-local-variable name="lvUserUID"/>
<token-text xml:space="preserve">,)</token-text>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "SudoRole", "SudoUser", $lvUserUID, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="sudoUser">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvUserUID"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "Group", "memberUID", $lvUserUID, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="memberUid">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvUserUID"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>User Rename - Update Groups, NetGroups, & Sudo Roles</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">rename</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="lvOldUID">
<arg-string>
<token-parse-dn length="1" start="-1">
<token-xpath expression="@old-src-dn"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvNewUID">
<arg-string>
<token-xpath expression="new-name"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvOldNisNetGroupTriple">
<arg-string>
<token-text xml:space="preserve">(-,</token-text>
<token-local-variable name="lvOldUID"/>
<token-text xml:space="preserve">,)</token-text>
</arg-string>
</do-set-local-variable>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">New Name = </token-text>
<token-local-variable name="lvNewUID"/>
<token-text xml:space="preserve"> Old Name = </token-text>
<token-local-variable name="lvOldUID"/>
</arg-string>
</do-trace-message>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "Group", "memberUID", $lvOldUID, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="memberUid">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvOldUID"/>
</arg-value>
</do-remove-src-attr-value>
<do-add-src-attr-value name="memberUid">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvNewUID"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "SudoRole", "sudoUser", $lvOldUID, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="sudoUser">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvOldUID"/>
</arg-value>
</do-remove-src-attr-value>
<do-add-src-attr-value name="sudoUser">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvNewUID"/>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor, "subtree", "", "", "nisNetGroup", "nisNetGroupTriple", $lvOldNisNetGroupTriple, "DN")'/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lvDN">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-remove-src-attr-value name="nisNetGroupTriple">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="lvOldNisNetGroupTriple"/>
</arg-value>
</do-remove-src-attr-value>
<do-add-src-attr-value name="nisNetGroupTriple">
<arg-dn>
<token-local-variable name="lvDN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">(-,</token-text>
<token-local-variable name="lvNewUID"/>
<token-text xml:space="preserve">,)</token-text>
</arg-value>
</do-add-src-attr-value>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>BlockFurtherAction</description>
<conditions>
<and>
<if-op-attr name="audio" op="not-available"/>
</and>
</conditions>
<actions>
<do-veto/>
</actions>
</rule>
</policy>
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]