Finding Matching Users... but NOT for a Matching rule
I'm trying to write a create rule that says, "If a user being added has the
same first and last name as an existing user, create the user with a
"pendingXXX" CN." Then, admins can manually determine if the user should
have been matched to a pre-existing record, or if this is indeed just a case
of similar names. (For business reasons too complex to cover, I can't
implement this in a matching rule and we have to leave the manual
reconciliation in place.)
I have a piece of XSLT (see below) that queries the directory to find a
count of existing users who have the same first and last name as a new user
being added.
I'm wondering if there is an easy conversion of this to policy builder...
basically making all of the below into my " Conditions." If you know of one
could you point me in the right direction?
Thanks,
Rob.
<xsl:template match="add[@class-name='User']">
<xsl:variable name="firstName" select="./add-attr[@attr-name='Given
Name']/value"/>
<xsl:variable name="lastName"
select="./add-attr[@attr-name='Surname']/value"/>
<!-- query ID tree for any user objects that may match the current
record -->
<xsl:variable name="query-users">
<query dest-dn="\PHC_IDENT\users" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="Given Name">
<value type="string">
<xsl:value-of select="$firstName"/>
</value>
</search-attr>
<search-attr attr-name="Surname">
<value type="string">
<xsl:value-of select="$lastName"/>
</value>
</search-attr>
</query>
</xsl:variable>
<xsl:variable name="query-result"
select="query:query($destQueryProcessor,$query-users)"/>
<xsl:choose>
<xsl:when test="count($query-result//instance) > 0">
|
0 |
|
Rob
5/17/2006 2:18:28 PM
novell.id-manager.drivers
10360 articles. 
2 followers.
6 Replies
731 Views
Currently the only way to query on multiple attributes in Policy Builder is to use do-find-matching-object. It doesn't have to be used in a matching policy, but it can be used if the current operation is an add. The way you would check the result would be to check the association on the current operation and then remove the association so it doesn't interfere. -- Father Ramon Rob wrote: > I'm trying to write a create rule that says, "If a user being added has the > same first and last name as an existing user, create the user with a > "pendingXXX" CN." Then, admins can manually determine if the user should > have been matched to a pre-existing record, or if this is indeed just a case > of similar names. (For business reasons too complex to cover, I can't > implement this in a matching rule and we have to leave the manual > reconciliation in place.) > > I have a piece of XSLT (see below) that queries the directory to find a > count of existing users who have the same first and last name as a new user > being added. > > I'm wondering if there is an easy conversion of this to policy builder... > basically making all of the below into my " Conditions." If you know of one > could you point me in the right direction? > > Thanks, > Rob. > > <xsl:template match="add[@class-name='User']"> > <xsl:variable name="firstName" select="./add-attr[@attr-name='Given > Name']/value"/> > <xsl:variable name="lastName" > select="./add-attr[@attr-name='Surname']/value"/> > <!-- query ID tree for any user objects that may match the current > record --> > <xsl:variable name="query-users"> > <query dest-dn="\PHC_IDENT\users" scope="subtree"> > <search-class class-name="User"/> > <search-attr attr-name="Given Name"> > <value type="string"> > <xsl:value-of select="$firstName"/> > </value> > </search-attr> > <search-attr attr-name="Surname"> > <value type="string"> > <xsl:value-of select="$lastName"/> > </value> > </search-attr> > </query> > </xsl:variable> > <xsl:variable name="query-result" > select="query:query($destQueryProcessor,$query-users)"/> > <xsl:choose> > <xsl:when test="count($query-result//instance) > 0"> > >
|
|
0 |
|
Father
5/17/2006 4:42:09 PM
On Wed, 17 May 2006 14:18:28 GMT, "Rob" <folboteur.nospam@wi.spamno.rr.com> wrote: >I'm trying to write a create rule that says, "If a user being added has the >same first and last name as an existing user, create the user with a >"pendingXXX" CN." Hm. You can build queries in xpath, and store the results in local variables. Seems like you can probably do this, but not quite exactly the same way. Something akin to: if source attr available "firstname" and if source attr available "lastname" do set local variable checkfirstname equal to the xpath query for firstname do set local variable checklastname equal to the xpath query for lastname (I hope you have firstname and lastname indexed...) You don't really care how *many* objects there are, you just want to know if both attribute values are in use by any one object. Right? The xpath queries should give you back a node set of all matching objects. Use do-for-each to run through one of the two node-set variables, and check to see if it compares equal to the other node-set. More xpath required there, but pretty simple. If you get a positive, do set local variable to report the collision. At the end of the do-for-each, either your collision variable is set, or it isn't. You can then use the unique-name token to create the pendingXXX CN if the collision variable is set. Or use your other logic to create the CN for non colliding users. --------------------------------------------------------------------------- David Gersic dgersic_@_niu.edu I'm tired of receiving rubbish in my mailbox, so the E-mail address is munged to foil the junkmail bots. Humans will figure it out on their own.
|
|
0 |
|
dgersic_
5/17/2006 5:31:20 PM
I'm not catching your drift. How can I take action on the results of an
action?
Here's some output of a rule like you suggest. I assume I have to somehow
act on the status notification that an instance was found. If not, then I
don't know what you mean when you say to check the association? There will
be no association on these users.
This is in the create rule, prior to a rule I have that vetoes on missing
mandatory attributes.
Thanks for any clarity you can add to my understanding.
[05/22/06 13:39:44.132]: @#@#@# PT: No match found.
[05/22/06 13:39:44.132]: @#@#@# PT: Applying object creation policies.
[05/22/06 13:39:44.132]: @#@#@# PT: Applying policy: %+C%14CDetermine if
PENDING Status required%-C.
[05/22/06 13:39:44.133]: @#@#@# PT: Applying to add #1.
[05/22/06 13:39:44.133]: @#@#@# PT: Evaluating selection criteria for
rule 'Find users with Duplicate Given and Sur Names'.
[05/22/06 13:39:44.133]: @#@#@# PT: (if-class-name equal "User") =
TRUE.
[05/22/06 13:39:44.133]: @#@#@# PT: Rule selected.
[05/22/06 13:39:44.133]: @#@#@# PT: Applying rule 'Find users with
Duplicate Given and Sur Names'.
[05/22/06 13:39:44.133]: @#@#@# PT: Action:
do-find-matching-object(arg-match-attr("Surname"),arg-match-attr("Given
Name")).
[05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Surname")
[05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Given Name")
[05/22/06 13:39:44.133]: @#@#@# PT: Query from policy
[05/22/06 13:39:44.133]: @#@#@# PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="Surname">
<value type="string">Schneider</value>
</search-attr>
<search-attr attr-name="Given Name">
<value type="string">Robert</value>
</search-attr>
<read-attr/>
</query>
</input>
</nds>
[05/22/06 13:39:44.134]: @#@#@# PT: Pumping XDS to eDirectory.
[05/22/06 13:39:44.134]: @#@#@# PT: Performing operation query for .
[05/22/06 13:39:44.136]: @#@#@# PT: Query from policy result
[05/22/06 13:39:44.136]: @#@#@# PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0"
qualified-src-dn="O=Users\CN=u56361" src-dn="\SSO\Users\u56361"
src-entry-id="43113"/>
<status event-id="0" level="success"></status>
</output>
</nds>
"Father Ramon" <devforums@novell.com> wrote in message
news:BnIag.34$nw3.0@prv-forum2.provo.novell.com...
> Currently the only way to query on multiple attributes in Policy Builder
> is to use do-find-matching-object. It doesn't have to be used in a
> matching policy, but it can be used if the current operation is an add.
> The way you would check the result would be to check the association on
> the current operation and then remove the association so it doesn't
> interfere.
>
> --
>
> Father Ramon
>
>
> Rob wrote:
> > I'm trying to write a create rule that says, "If a user being added has
the
> > same first and last name as an existing user, create the user with a
> > "pendingXXX" CN." Then, admins can manually determine if the user
should
> > have been matched to a pre-existing record, or if this is indeed just a
case
> > of similar names. (For business reasons too complex to cover, I can't
> > implement this in a matching rule and we have to leave the manual
> > reconciliation in place.)
> >
> > I have a piece of XSLT (see below) that queries the directory to find a
> > count of existing users who have the same first and last name as a new
user
> > being added.
> >
> > I'm wondering if there is an easy conversion of this to policy
builder...
> > basically making all of the below into my " Conditions." If you know of
one
> > could you point me in the right direction?
> >
> > Thanks,
> > Rob.
> >
> > <xsl:template match="add[@class-name='User']">
> > <xsl:variable name="firstName" select="./add-attr[@attr-name='Given
> > Name']/value"/>
> > <xsl:variable name="lastName"
> > select="./add-attr[@attr-name='Surname']/value"/>
> > <!-- query ID tree for any user objects that may match the current
> > record -->
> > <xsl:variable name="query-users">
> > <query dest-dn="\PHC_IDENT\users" scope="subtree">
> > <search-class class-name="User"/>
> > <search-attr attr-name="Given Name">
> > <value type="string">
> > <xsl:value-of select="$firstName"/>
> > </value>
> > </search-attr>
> > <search-attr attr-name="Surname">
> > <value type="string">
> > <xsl:value-of select="$lastName"/>
> > </value>
> > </search-attr>
> > </query>
> > </xsl:variable>
> > <xsl:variable name="query-result"
> > select="query:query($destQueryProcessor,$query-users)"/>
> > <xsl:choose>
> > <xsl:when test="count($query-result//instance) > 0">
> >
> >
|
|
0 |
|
Rob
5/23/2006 12:32:57 PM
Re-read the part of my previous post that begins with "The way you would
check the result would be to ..."
--
Father Ramon
Rob wrote:
> I'm not catching your drift. How can I take action on the results of an
> action?
>
> Here's some output of a rule like you suggest. I assume I have to somehow
> act on the status notification that an instance was found. If not, then I
> don't know what you mean when you say to check the association? There will
> be no association on these users.
>
> This is in the create rule, prior to a rule I have that vetoes on missing
> mandatory attributes.
>
> Thanks for any clarity you can add to my understanding.
>
> [05/22/06 13:39:44.132]: @#@#@# PT: No match found.
> [05/22/06 13:39:44.132]: @#@#@# PT: Applying object creation policies.
> [05/22/06 13:39:44.132]: @#@#@# PT: Applying policy: %+C%14CDetermine if
> PENDING Status required%-C.
> [05/22/06 13:39:44.133]: @#@#@# PT: Applying to add #1.
> [05/22/06 13:39:44.133]: @#@#@# PT: Evaluating selection criteria for
> rule 'Find users with Duplicate Given and Sur Names'.
> [05/22/06 13:39:44.133]: @#@#@# PT: (if-class-name equal "User") =
> TRUE.
> [05/22/06 13:39:44.133]: @#@#@# PT: Rule selected.
> [05/22/06 13:39:44.133]: @#@#@# PT: Applying rule 'Find users with
> Duplicate Given and Sur Names'.
> [05/22/06 13:39:44.133]: @#@#@# PT: Action:
> do-find-matching-object(arg-match-attr("Surname"),arg-match-attr("Given
> Name")).
> [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Surname")
> [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Given Name")
> [05/22/06 13:39:44.133]: @#@#@# PT: Query from policy
> [05/22/06 13:39:44.133]: @#@#@# PT:
> <nds dtdversion="3.0" ndsversion="8.x">
> <source>
> <product version="3.0.0.20051118 ">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query class-name="User" scope="subtree">
> <search-class class-name="User"/>
> <search-attr attr-name="Surname">
> <value type="string">Schneider</value>
> </search-attr>
> <search-attr attr-name="Given Name">
> <value type="string">Robert</value>
> </search-attr>
> <read-attr/>
> </query>
> </input>
> </nds>
> [05/22/06 13:39:44.134]: @#@#@# PT: Pumping XDS to eDirectory.
> [05/22/06 13:39:44.134]: @#@#@# PT: Performing operation query for .
> [05/22/06 13:39:44.136]: @#@#@# PT: Query from policy result
> [05/22/06 13:39:44.136]: @#@#@# PT:
> <nds dtdversion="3.0" ndsversion="8.x">
> <source>
> <product version="3.0.0.20051118 ">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="User" event-id="0"
> qualified-src-dn="O=Users\CN=u56361" src-dn="\SSO\Users\u56361"
> src-entry-id="43113"/>
> <status event-id="0" level="success"></status>
> </output>
> </nds>
>
>
> "Father Ramon" <devforums@novell.com> wrote in message
> news:BnIag.34$nw3.0@prv-forum2.provo.novell.com...
>> Currently the only way to query on multiple attributes in Policy Builder
>> is to use do-find-matching-object. It doesn't have to be used in a
>> matching policy, but it can be used if the current operation is an add.
>> The way you would check the result would be to check the association on
>> the current operation and then remove the association so it doesn't
>> interfere.
>>
>> --
>>
>> Father Ramon
>>
>>
>> Rob wrote:
>>> I'm trying to write a create rule that says, "If a user being added has
> the
>>> same first and last name as an existing user, create the user with a
>>> "pendingXXX" CN." Then, admins can manually determine if the user
> should
>>> have been matched to a pre-existing record, or if this is indeed just a
> case
>>> of similar names. (For business reasons too complex to cover, I can't
>>> implement this in a matching rule and we have to leave the manual
>>> reconciliation in place.)
>>>
>>> I have a piece of XSLT (see below) that queries the directory to find a
>>> count of existing users who have the same first and last name as a new
> user
>>> being added.
>>>
>>> I'm wondering if there is an easy conversion of this to policy
> builder...
>>> basically making all of the below into my " Conditions." If you know of
> one
>>> could you point me in the right direction?
>>>
>>> Thanks,
>>> Rob.
>>>
>>> <xsl:template match="add[@class-name='User']">
>>> <xsl:variable name="firstName" select="./add-attr[@attr-name='Given
>>> Name']/value"/>
>>> <xsl:variable name="lastName"
>>> select="./add-attr[@attr-name='Surname']/value"/>
>>> <!-- query ID tree for any user objects that may match the current
>>> record -->
>>> <xsl:variable name="query-users">
>>> <query dest-dn="\PHC_IDENT\users" scope="subtree">
>>> <search-class class-name="User"/>
>>> <search-attr attr-name="Given Name">
>>> <value type="string">
>>> <xsl:value-of select="$firstName"/>
>>> </value>
>>> </search-attr>
>>> <search-attr attr-name="Surname">
>>> <value type="string">
>>> <xsl:value-of select="$lastName"/>
>>> </value>
>>> </search-attr>
>>> </query>
>>> </xsl:variable>
>>> <xsl:variable name="query-result"
>>> select="query:query($destQueryProcessor,$query-users)"/>
>>> <xsl:choose>
>>> <xsl:when test="count($query-result//instance) > 0">
>>>
>>>
>
>
|
|
0 |
|
Father
5/23/2006 2:08:17 PM
I have reread your comment, but am still left with questions of how.
The association before my find-matching-object rule looks like this:
<input>
<add class-name="User" event-id="301036"
src-dn="EMPNBR=191222,table=IDM,schema=DIRXML">
<association>EMPNBR=191222,table=IDM,schema=DIRXML</association>
The find-matching-object returns with the matching instance, and after the
rule the association looks like this...
<input>
<add class-name="User" dest-dn="\PHCSSO\Users\u56361"
dest-entry-id="43113" event-id="301036"
src-dn="EMPNBR=191222,table=IDM,schema=DIRXML">
<association>EMPNBR=191222,table=IDM,schema=DIRXML</association>
The association doesn't change... though I note that there is now a dest-dn.
Could I test this for "If DestDN exists, then there is a match, so therefore
the Dest-DN has to be reformatted, to place the user in the "pending
investigation" container?
I wish it were transparent and obvious to me, but could you elaborate any
further on what you mean, and how it's done? If it turns out to be
embarrassingly simple and obvious, I'll apologize profusely and take you to
dinner next time I'm in Utah. :-)
Rob.
"Father Ramon" <devforums@novell.com> wrote in message
news:lHEcg.1770$Mr.936@prv-forum2.provo.novell.com...
> Re-read the part of my previous post that begins with "The way you would
> check the result would be to ..."
> --
>
> Father Ramon
>
>
> Rob wrote:
> > I'm not catching your drift. How can I take action on the results of an
> > action?
> >
> > Here's some output of a rule like you suggest. I assume I have to
somehow
> > act on the status notification that an instance was found. If not,
then I
> > don't know what you mean when you say to check the association? There
will
> > be no association on these users.
> >
> > This is in the create rule, prior to a rule I have that vetoes on
missing
> > mandatory attributes.
> >
> > Thanks for any clarity you can add to my understanding.
> >
> > [05/22/06 13:39:44.132]: @#@#@# PT: No match found.
> > [05/22/06 13:39:44.132]: @#@#@# PT: Applying object creation policies.
> > [05/22/06 13:39:44.132]: @#@#@# PT: Applying policy: %+C%14CDetermine if
> > PENDING Status required%-C.
> > [05/22/06 13:39:44.133]: @#@#@# PT: Applying to add #1.
> > [05/22/06 13:39:44.133]: @#@#@# PT: Evaluating selection criteria
for
> > rule 'Find users with Duplicate Given and Sur Names'.
> > [05/22/06 13:39:44.133]: @#@#@# PT: (if-class-name equal "User") =
> > TRUE.
> > [05/22/06 13:39:44.133]: @#@#@# PT: Rule selected.
> > [05/22/06 13:39:44.133]: @#@#@# PT: Applying rule 'Find users with
> > Duplicate Given and Sur Names'.
> > [05/22/06 13:39:44.133]: @#@#@# PT: Action:
> > do-find-matching-object(arg-match-attr("Surname"),arg-match-attr("Given
> > Name")).
> > [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Surname")
> > [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Given Name")
> > [05/22/06 13:39:44.133]: @#@#@# PT: Query from policy
> > [05/22/06 13:39:44.133]: @#@#@# PT:
> > <nds dtdversion="3.0" ndsversion="8.x">
> > <source>
> > <product version="3.0.0.20051118 ">DirXML</product>
> > <contact>Novell, Inc.</contact>
> > </source>
> > <input>
> > <query class-name="User" scope="subtree">
> > <search-class class-name="User"/>
> > <search-attr attr-name="Surname">
> > <value type="string">Schneider</value>
> > </search-attr>
> > <search-attr attr-name="Given Name">
> > <value type="string">Robert</value>
> > </search-attr>
> > <read-attr/>
> > </query>
> > </input>
> > </nds>
> > [05/22/06 13:39:44.134]: @#@#@# PT: Pumping XDS to eDirectory.
> > [05/22/06 13:39:44.134]: @#@#@# PT: Performing operation query
for .
> > [05/22/06 13:39:44.136]: @#@#@# PT: Query from policy result
> > [05/22/06 13:39:44.136]: @#@#@# PT:
> > <nds dtdversion="3.0" ndsversion="8.x">
> > <source>
> > <product version="3.0.0.20051118 ">DirXML</product>
> > <contact>Novell, Inc.</contact>
> > </source>
> > <output>
> > <instance class-name="User" event-id="0"
> > qualified-src-dn="O=Users\CN=u56361" src-dn="\SSO\Users\u56361"
> > src-entry-id="43113"/>
> > <status event-id="0" level="success"></status>
> > </output>
> > </nds>
> >
> >
> > "Father Ramon" <devforums@novell.com> wrote in message
> > news:BnIag.34$nw3.0@prv-forum2.provo.novell.com...
> >> Currently the only way to query on multiple attributes in Policy
Builder
> >> is to use do-find-matching-object. It doesn't have to be used in a
> >> matching policy, but it can be used if the current operation is an add.
> >> The way you would check the result would be to check the association on
> >> the current operation and then remove the association so it doesn't
> >> interfere.
> >>
> >> --
> >>
> >> Father Ramon
> >>
> >>
> >> Rob wrote:
> >>> I'm trying to write a create rule that says, "If a user being added
has
> > the
> >>> same first and last name as an existing user, create the user with a
> >>> "pendingXXX" CN." Then, admins can manually determine if the user
> > should
> >>> have been matched to a pre-existing record, or if this is indeed just
a
> > case
> >>> of similar names. (For business reasons too complex to cover, I can't
> >>> implement this in a matching rule and we have to leave the manual
> >>> reconciliation in place.)
> >>>
> >>> I have a piece of XSLT (see below) that queries the directory to find
a
> >>> count of existing users who have the same first and last name as a new
> > user
> >>> being added.
> >>>
> >>> I'm wondering if there is an easy conversion of this to policy
> > builder...
> >>> basically making all of the below into my " Conditions." If you know
of
> > one
> >>> could you point me in the right direction?
> >>>
> >>> Thanks,
> >>> Rob.
> >>>
> >>> <xsl:template match="add[@class-name='User']">
> >>> <xsl:variable name="firstName" select="./add-attr[@attr-name='Given
> >>> Name']/value"/>
> >>> <xsl:variable name="lastName"
> >>> select="./add-attr[@attr-name='Surname']/value"/>
> >>> <!-- query ID tree for any user objects that may match the current
> >>> record -->
> >>> <xsl:variable name="query-users">
> >>> <query dest-dn="\PHC_IDENT\users" scope="subtree">
> >>> <search-class class-name="User"/>
> >>> <search-attr attr-name="Given Name">
> >>> <value type="string">
> >>> <xsl:value-of select="$firstName"/>
> >>> </value>
> >>> </search-attr>
> >>> <search-attr attr-name="Surname">
> >>> <value type="string">
> >>> <xsl:value-of select="$lastName"/>
> >>> </value>
> >>> </search-attr>
> >>> </query>
> >>> </xsl:variable>
> >>> <xsl:variable name="query-result"
> >>> select="query:query($destQueryProcessor,$query-users)"/>
> >>> <xsl:choose>
> >>> <xsl:when test="count($query-result//instance) > 0">
> >>>
> >>>
> >
> >
|
|
0 |
|
Rob
5/23/2006 5:51:54 PM
I think you've got it. The "results" of the Find Matching Object are
that the destination-dn or the association key of the current operation
are changed (or not) depending on the channel you are on and the result
of the query.
http://www.novell.com/documentation/idm/policy/data/bww6nsy.html#bwwjgo2
--
Father Ramon
Rob wrote:
> I have reread your comment, but am still left with questions of how.
>
> The association before my find-matching-object rule looks like this:
>
> <input>
> <add class-name="User" event-id="301036"
> src-dn="EMPNBR=191222,table=IDM,schema=DIRXML">
> <association>EMPNBR=191222,table=IDM,schema=DIRXML</association>
>
> The find-matching-object returns with the matching instance, and after the
> rule the association looks like this...
>
> <input>
> <add class-name="User" dest-dn="\PHCSSO\Users\u56361"
> dest-entry-id="43113" event-id="301036"
> src-dn="EMPNBR=191222,table=IDM,schema=DIRXML">
> <association>EMPNBR=191222,table=IDM,schema=DIRXML</association>
>
> The association doesn't change... though I note that there is now a dest-dn.
> Could I test this for "If DestDN exists, then there is a match, so therefore
> the Dest-DN has to be reformatted, to place the user in the "pending
> investigation" container?
>
> I wish it were transparent and obvious to me, but could you elaborate any
> further on what you mean, and how it's done? If it turns out to be
> embarrassingly simple and obvious, I'll apologize profusely and take you to
> dinner next time I'm in Utah. :-)
>
> Rob.
>
>
> "Father Ramon" <devforums@novell.com> wrote in message
> news:lHEcg.1770$Mr.936@prv-forum2.provo.novell.com...
>> Re-read the part of my previous post that begins with "The way you would
>> check the result would be to ..."
>> --
>>
>> Father Ramon
>>
>>
>> Rob wrote:
>>> I'm not catching your drift. How can I take action on the results of an
>>> action?
>>>
>>> Here's some output of a rule like you suggest. I assume I have to
> somehow
>>> act on the status notification that an instance was found. If not,
> then I
>>> don't know what you mean when you say to check the association? There
> will
>>> be no association on these users.
>>>
>>> This is in the create rule, prior to a rule I have that vetoes on
> missing
>>> mandatory attributes.
>>>
>>> Thanks for any clarity you can add to my understanding.
>>>
>>> [05/22/06 13:39:44.132]: @#@#@# PT: No match found.
>>> [05/22/06 13:39:44.132]: @#@#@# PT: Applying object creation policies.
>>> [05/22/06 13:39:44.132]: @#@#@# PT: Applying policy: %+C%14CDetermine if
>>> PENDING Status required%-C.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Applying to add #1.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Evaluating selection criteria
> for
>>> rule 'Find users with Duplicate Given and Sur Names'.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: (if-class-name equal "User") =
>>> TRUE.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Rule selected.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Applying rule 'Find users with
>>> Duplicate Given and Sur Names'.
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Action:
>>> do-find-matching-object(arg-match-attr("Surname"),arg-match-attr("Given
>>> Name")).
>>> [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Surname")
>>> [05/22/06 13:39:44.133]: @#@#@# PT: arg-match-attr("Given Name")
>>> [05/22/06 13:39:44.133]: @#@#@# PT: Query from policy
>>> [05/22/06 13:39:44.133]: @#@#@# PT:
>>> <nds dtdversion="3.0" ndsversion="8.x">
>>> <source>
>>> <product version="3.0.0.20051118 ">DirXML</product>
>>> <contact>Novell, Inc.</contact>
>>> </source>
>>> <input>
>>> <query class-name="User" scope="subtree">
>>> <search-class class-name="User"/>
>>> <search-attr attr-name="Surname">
>>> <value type="string">Schneider</value>
>>> </search-attr>
>>> <search-attr attr-name="Given Name">
>>> <value type="string">Robert</value>
>>> </search-attr>
>>> <read-attr/>
>>> </query>
>>> </input>
>>> </nds>
>>> [05/22/06 13:39:44.134]: @#@#@# PT: Pumping XDS to eDirectory.
>>> [05/22/06 13:39:44.134]: @#@#@# PT: Performing operation query
> for .
>>> [05/22/06 13:39:44.136]: @#@#@# PT: Query from policy result
>>> [05/22/06 13:39:44.136]: @#@#@# PT:
>>> <nds dtdversion="3.0" ndsversion="8.x">
>>> <source>
>>> <product version="3.0.0.20051118 ">DirXML</product>
>>> <contact>Novell, Inc.</contact>
>>> </source>
>>> <output>
>>> <instance class-name="User" event-id="0"
>>> qualified-src-dn="O=Users\CN=u56361" src-dn="\SSO\Users\u56361"
>>> src-entry-id="43113"/>
>>> <status event-id="0" level="success"></status>
>>> </output>
>>> </nds>
>>>
>>>
>>> "Father Ramon" <devforums@novell.com> wrote in message
>>> news:BnIag.34$nw3.0@prv-forum2.provo.novell.com...
>>>> Currently the only way to query on multiple attributes in Policy
> Builder
>>>> is to use do-find-matching-object. It doesn't have to be used in a
>>>> matching policy, but it can be used if the current operation is an add.
>>>> The way you would check the result would be to check the association on
>>>> the current operation and then remove the association so it doesn't
>>>> interfere.
>>>>
>>>> --
>>>>
>>>> Father Ramon
>>>>
>>>>
>>>> Rob wrote:
>>>>> I'm trying to write a create rule that says, "If a user being added
> has
>>> the
>>>>> same first and last name as an existing user, create the user with a
>>>>> "pendingXXX" CN." Then, admins can manually determine if the user
>>> should
>>>>> have been matched to a pre-existing record, or if this is indeed just
> a
>>> case
>>>>> of similar names. (For business reasons too complex to cover, I can't
>>>>> implement this in a matching rule and we have to leave the manual
>>>>> reconciliation in place.)
>>>>>
>>>>> I have a piece of XSLT (see below) that queries the directory to find
> a
>>>>> count of existing users who have the same first and last name as a new
>>> user
>>>>> being added.
>>>>>
>>>>> I'm wondering if there is an easy conversion of this to policy
>>> builder...
>>>>> basically making all of the below into my " Conditions." If you know
> of
>>> one
>>>>> could you point me in the right direction?
>>>>>
>>>>> Thanks,
>>>>> Rob.
>>>>>
>>>>> <xsl:template match="add[@class-name='User']">
>>>>> <xsl:variable name="firstName" select="./add-attr[@attr-name='Given
>>>>> Name']/value"/>
>>>>> <xsl:variable name="lastName"
>>>>> select="./add-attr[@attr-name='Surname']/value"/>
>>>>> <!-- query ID tree for any user objects that may match the current
>>>>> record -->
>>>>> <xsl:variable name="query-users">
>>>>> <query dest-dn="\PHC_IDENT\users" scope="subtree">
>>>>> <search-class class-name="User"/>
>>>>> <search-attr attr-name="Given Name">
>>>>> <value type="string">
>>>>> <xsl:value-of select="$firstName"/>
>>>>> </value>
>>>>> </search-attr>
>>>>> <search-attr attr-name="Surname">
>>>>> <value type="string">
>>>>> <xsl:value-of select="$lastName"/>
>>>>> </value>
>>>>> </search-attr>
>>>>> </query>
>>>>> </xsl:variable>
>>>>> <xsl:variable name="query-result"
>>>>> select="query:query($destQueryProcessor,$query-users)"/>
>>>>> <xsl:choose>
>>>>> <xsl:when test="count($query-result//instance) > 0">
>>>>>
>>>>>
>>>
>
>
|
|
0 |
|
Father
5/23/2006 9:48:50 PM
Similar Artilces:
Cn't find matching user.id and permission.Id
Working on webpart, finding the what permission a user has on the objects. I use following code to find the matching user and permission. It seems there is no matching between user.ID and permission.member.Id. Please look at my code. Let me know this is the right way. It is kind of urgent. Please help and thanks in advance. SPWeb site = SPControl.GetContextWeb(Context); SPUserCollection users = site.Users; foreach (SPUser user in users) { SPPermissionCollection perms = list.Permissions; foreach (SPPermission perm in perms) { if (user.ID == perm.Member.ID) { Response.Write("Matched"); } } } ...
match not matching
Can somebody help me understand this? Given this loop, and the logged output following ... my $found; for( @$products ) {; $found = $$_ =~ m|$project|; $dump = Data::Dumper->Dump([$_, $project, $$_, $found]); $logger->trace(qq(dump=$dump)); } I can't explain why $found is not true on the 3rd pass. Does this have something to do with the way I'm dereferencing the blessed object? SVN.Hooks - dump=$VAR1 = bless( do{\(my $o = 'FS1100-S1')}, 'RPC::XML::string' ); $VAR2 = 'STABLE/FS1100-S3/RSLOGIX_5000/'; $VAR3 = 'FS1100-S1'...
Find Matching User
I am trying to associate a user. LDAP directory on the destination. The CN is what I want to match; but i want to search on the last 5 characters of that CN and then when that is found, verify the SN's are matching as well. Can it be done?? Any hint on where I should be creating this policy? Thanks in advance. -- lisawilliams ------------------------------------------------------------------------ On 1/14/2011 12:06 PM, lisawilliams wrote: > > I am trying to associate a user. LDAP directory on the destination. The > CN is what I want to match; but i wa...
Finding out matching and not matching entries between two files !
--000e0cd2c14aec28cd046ecf10b6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi all, I need help regarding the approach to find out matched and unmatched entries between two files using perl. As the number of lines in the files would be around 10k-50k, I don't want to load entire file contents into memory. The first file (file1 also known as superset file) contains all the data in 4 columns in a format like country, state, city and id. The second file (file2 also known as subset file) contains some of the data from superset file with add...
[perl6/specs] 8efa3a: Correct Match.start/Match.end -> Match.from/Match....
----==_mimepart_51421864a530e_53794451388849a Date: Thu, 14 Mar 2013 11:35:16 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-ID: <51421864aceb8_537944513888528@hookshot-fe6-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/perl6/specs Commit: 8efa3ac10649401dbbcb6488975bc65d6b501326 https://github.com/perl6/specs/commit/8efa3ac10649401dbbcb6488975bc65d6b501326 Author: Rob Hoelz <rob@hoelz.ro> Date: 2013-03-14 (Thu, 14 Mar 2013) Changed paths: M S28-spe...
howto simplfy this regex if ($string =~/^$match | $match | $match$/g){
------=_NextPart_000_004C_01C8ADE9.8884D110 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi, How do I simplify the regex below so that it matches only the number 1, = henceforth it should return false if I match $string with $match. use strict; use warnings; my $string =3D "10 11 12 13 40"; my $match =3D 1; if ($string =3D~/^$match | $match | $match$/g){ print "match"; }else{ print "unmatch"; }; ------=_NextPart_000_004C_01C8ADE9.8884D110-- On Sun, May 4, 2008 at 1:19 AM, &l...
Does "do-find-matching-object" match if the source and dest has different case?
Source has workforceID = abcdef Destination has workforceID = AbCDeF Will "do-find-matching-object" match these two? I can't find this documented anywhere :) Regards, Toralf Lote Hello, That depends on the attribute syntax. If syntax is case ignore string the match is case insensitive and case exact string is case sensitive. Check the schema documentation for more information: http://developer.novell.com/documentation/ndslib/index.html workforceID is not case sensitive. Best regards, Tobias Toralf Lote wrote: > Source has workforceID = abcdef &...
LDAP driver missing associations and no matching rule !
Help! I have an LDAP driver that populates an OpenLDAP system from my idvault, This system is a subscriber only. The only change I have made from the vanilla driver that I can think may affect this in any way it that all operations from LDAP are vetoed, expect deletes, which are converted to a remove associations. I have found that after the initial population of the system via Peoplesoft that the associations in the idvault for the LDAP driver are blank i.e. the the driver details are there, but the association is now empty -whereas it has been populated in the past. I ne...
Find matching user in destination AD domain
I found the below rules to check for matching users in eDir and it works great! But I want to have something similar in the matching policy of my AD driver. I have tried manuipulating these rules by substituting AD attributes, but it appears as though the driver does not evaluate the rule....I do not get an error message, but it doesn't work. Does anyone know how to manipulate this to work with AD....check for matching users in the destination AD domain? Thanks Jordan <?xml version="1.0" encoding="UTF-8"?> <policy xmlns:query="http...
IDM 3.6 AD driver matching rule
I am creating a new ActiveDirectory (v5) driver for IDM 3.6 with Designer 3.0.1. The "match users based on NT logon name" rule matches the "DirXML-ADAliasName" attribute to a sAMAccountName style value. But the Schema Mapping maps DirXML-ADAliasName to the userPrincipalName in AD, which appears to contain a user@long.nt.domain type value. My driver never matches any of my users because of this. Seems like a bug? Would I be better off matching on CN (which gets mapped to sAMAccountName), or adding the @long.nt.domain onto the end of the DirXML-ADAliasName...
matching windows logid with the user id in sql database
I created a site where i can enter user's first name, last name, user id and assign a role to that person(drop down list). All this info goes into asql database. What i want to do is, when the user enters the site, i want to take their windows id and match it with my sql database table and if it exists and is an administrator, then redirect that to another page. If not, i want that to go to another user page. I am not sure how i can code this. Any help is greatly appreciated. Are you using windows authentication? If yes, Page.User.Identity will give you the windows id for the current ...
Matching rules
Hi! I am writing a matching rule that could give several matches but I do not understand how to determine if there are several matches. My matching rules are like this: Code: -------------------- <policy> <rule> <description>Match based on brfkAGRessursnummer in Ansatt</description> <conditions> <or> <if-class-name op="equal">User</if-class-name> </or> </conditions> <actions> <do-find-matching-object scope="subtree"> <arg-d...
matching rule
I'm trying to create a matching rule for the Active directory driver in the subscriber channel I was wondering if the subtree should be set to the AD context (in what format should I enter it if the subtree is OU=Users,OU=LADHS,DC=ladhs,DC=external) If the match attributes should use the AD name for the attribute(mail) or the eDirectory name(Internet Email Address) -- miltc35 ------------------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use LDAP format like you are showing before for context for matchin...
[ID 19991110.003] another matching finding by pcre author
This is a bug report for perl from jhi@mimosa.hut.fi, generated with the help of perlbug 1.27 running under perl 5.00562. ----------------------------------------------------------------- [Please enter your report here] One more from PCRE (ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/) author Philip Hazel. If this (rightly) fails to match ../perl -wle '"a" =~ /^(a)?a$/;print $1' Use of uninitialized value at -e line 1. why does this match? ../perl -wle '"a" =~ /^(a)?(?(1)a|b)+$/;print $1' a [Please do not change anything bel...
Working on webpart, finding the what permission a user has on the objects. I use following code to find the matching user and permission. It seems there is no matching between user.ID and permission.member.Id. Please look at my code. Let me know this is the right way. It is kind of urgent. Please help and thanks in advance. SPWeb site = SPControl.GetContextWeb(Context); SPUserCollection users = site.Users; foreach (SPUser user in users) { SPPermissionCollection perms = list.Permissions; foreach (SPPermission perm in perms) { if (user.ID == perm.Member.ID) { Response.Write("Matched"); } } } ...
match not matching
Can somebody help me understand this? Given this loop, and the logged output following ... my $found; for( @$products ) {; $found = $$_ =~ m|$project|; $dump = Data::Dumper->Dump([$_, $project, $$_, $found]); $logger->trace(qq(dump=$dump)); } I can't explain why $found is not true on the 3rd pass. Does this have something to do with the way I'm dereferencing the blessed object? SVN.Hooks - dump=$VAR1 = bless( do{\(my $o = 'FS1100-S1')}, 'RPC::XML::string' ); $VAR2 = 'STABLE/FS1100-S3/RSLOGIX_5000/'; $VAR3 = 'FS1100-S1'...
Find Matching User
I am trying to associate a user. LDAP directory on the destination. The CN is what I want to match; but i want to search on the last 5 characters of that CN and then when that is found, verify the SN's are matching as well. Can it be done?? Any hint on where I should be creating this policy? Thanks in advance. -- lisawilliams ------------------------------------------------------------------------ On 1/14/2011 12:06 PM, lisawilliams wrote: > > I am trying to associate a user. LDAP directory on the destination. The > CN is what I want to match; but i wa...
Finding out matching and not matching entries between two files !
--000e0cd2c14aec28cd046ecf10b6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi all, I need help regarding the approach to find out matched and unmatched entries between two files using perl. As the number of lines in the files would be around 10k-50k, I don't want to load entire file contents into memory. The first file (file1 also known as superset file) contains all the data in 4 columns in a format like country, state, city and id. The second file (file2 also known as subset file) contains some of the data from superset file with add...
[perl6/specs] 8efa3a: Correct Match.start/Match.end -> Match.from/Match....
----==_mimepart_51421864a530e_53794451388849a Date: Thu, 14 Mar 2013 11:35:16 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-ID: <51421864aceb8_537944513888528@hookshot-fe6-pe1-prd.aws.github.net.mail> Branch: refs/heads/master Home: https://github.com/perl6/specs Commit: 8efa3ac10649401dbbcb6488975bc65d6b501326 https://github.com/perl6/specs/commit/8efa3ac10649401dbbcb6488975bc65d6b501326 Author: Rob Hoelz <rob@hoelz.ro> Date: 2013-03-14 (Thu, 14 Mar 2013) Changed paths: M S28-spe...
howto simplfy this regex if ($string =~/^$match | $match | $match$/g){
------=_NextPart_000_004C_01C8ADE9.8884D110 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi, How do I simplify the regex below so that it matches only the number 1, = henceforth it should return false if I match $string with $match. use strict; use warnings; my $string =3D "10 11 12 13 40"; my $match =3D 1; if ($string =3D~/^$match | $match | $match$/g){ print "match"; }else{ print "unmatch"; }; ------=_NextPart_000_004C_01C8ADE9.8884D110-- On Sun, May 4, 2008 at 1:19 AM, &l...
Does "do-find-matching-object" match if the source and dest has different case?
Source has workforceID = abcdef Destination has workforceID = AbCDeF Will "do-find-matching-object" match these two? I can't find this documented anywhere :) Regards, Toralf Lote Hello, That depends on the attribute syntax. If syntax is case ignore string the match is case insensitive and case exact string is case sensitive. Check the schema documentation for more information: http://developer.novell.com/documentation/ndslib/index.html workforceID is not case sensitive. Best regards, Tobias Toralf Lote wrote: > Source has workforceID = abcdef &...
LDAP driver missing associations and no matching rule !
Help! I have an LDAP driver that populates an OpenLDAP system from my idvault, This system is a subscriber only. The only change I have made from the vanilla driver that I can think may affect this in any way it that all operations from LDAP are vetoed, expect deletes, which are converted to a remove associations. I have found that after the initial population of the system via Peoplesoft that the associations in the idvault for the LDAP driver are blank i.e. the the driver details are there, but the association is now empty -whereas it has been populated in the past. I ne...
Find matching user in destination AD domain
I found the below rules to check for matching users in eDir and it works great! But I want to have something similar in the matching policy of my AD driver. I have tried manuipulating these rules by substituting AD attributes, but it appears as though the driver does not evaluate the rule....I do not get an error message, but it doesn't work. Does anyone know how to manipulate this to work with AD....check for matching users in the destination AD domain? Thanks Jordan <?xml version="1.0" encoding="UTF-8"?> <policy xmlns:query="http...
IDM 3.6 AD driver matching rule
I am creating a new ActiveDirectory (v5) driver for IDM 3.6 with Designer 3.0.1. The "match users based on NT logon name" rule matches the "DirXML-ADAliasName" attribute to a sAMAccountName style value. But the Schema Mapping maps DirXML-ADAliasName to the userPrincipalName in AD, which appears to contain a user@long.nt.domain type value. My driver never matches any of my users because of this. Seems like a bug? Would I be better off matching on CN (which gets mapped to sAMAccountName), or adding the @long.nt.domain onto the end of the DirXML-ADAliasName...
matching windows logid with the user id in sql database
I created a site where i can enter user's first name, last name, user id and assign a role to that person(drop down list). All this info goes into asql database. What i want to do is, when the user enters the site, i want to take their windows id and match it with my sql database table and if it exists and is an administrator, then redirect that to another page. If not, i want that to go to another user page. I am not sure how i can code this. Any help is greatly appreciated. Are you using windows authentication? If yes, Page.User.Identity will give you the windows id for the current ...
Matching rules
Hi! I am writing a matching rule that could give several matches but I do not understand how to determine if there are several matches. My matching rules are like this: Code: -------------------- <policy> <rule> <description>Match based on brfkAGRessursnummer in Ansatt</description> <conditions> <or> <if-class-name op="equal">User</if-class-name> </or> </conditions> <actions> <do-find-matching-object scope="subtree"> <arg-d...
matching rule
I'm trying to create a matching rule for the Active directory driver in the subscriber channel I was wondering if the subtree should be set to the AD context (in what format should I enter it if the subtree is OU=Users,OU=LADHS,DC=ladhs,DC=external) If the match attributes should use the AD name for the attribute(mail) or the eDirectory name(Internet Email Address) -- miltc35 ------------------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use LDAP format like you are showing before for context for matchin...
[ID 19991110.003] another matching finding by pcre author
This is a bug report for perl from jhi@mimosa.hut.fi, generated with the help of perlbug 1.27 running under perl 5.00562. ----------------------------------------------------------------- [Please enter your report here] One more from PCRE (ftp://ftp.cus.cam.ac.uk/pub/software/programs/pcre/) author Philip Hazel. If this (rightly) fails to match ../perl -wle '"a" =~ /^(a)?a$/;print $1' Use of uninitialized value at -e line 1. why does this match? ../perl -wle '"a" =~ /^(a)?(?(1)a|b)+$/;print $1' a [Please do not change anything bel...
Web resources about - Finding Matching Users... but NOT for a Matching rule - novell.id-manager.drivers
Tile-matching video game - Wikipedia, the free encyclopediaA version of Tetris , an early tile-matching game. Tiles drop from above, and the matching criterion is filling a horizontal line. In many recent ...
RentalRoost Brings Facebook Into Process Of Matching Up Home Seekers, Available PropertiesA wide range of opinions exists on whether all of the data Facebook has on its users is a good thing, but it could turn out to be a very good ...
SPMD Kenshoo launches Intent-Driven Audiences, matching search ads to FacebookKenshoo , a Facebook Strategic Preferred Marketing Developer, announced Wednesday the launch of Intent-Driven Audiences . This new tool matches ...
Magic Match - All in One Memory Matching game for kids with 180+ items HD for iPhone, iPod touch, and ...Get Magic Match - All in One Memory Matching game for kids with 180+ items HD on the App Store. See screenshots and ratings, and read customer ...
Facebook Adds Multiple Matching Options for Custom Audiences
Facebook has added real-time matching across multiple data types to its custom audiences ad-targeting tool. The social network said in a Facebook ...
Facebook has added real-time matching across multiple data types to its custom audiences ad-targeting tool. The social network said in a Facebook ...
Recycling: Matching high-tech materials science with economics that work
Video by Jennifer Hahn. (video link) BROOKLYN, New York—A conveyor belt is keeping material flying past at speeds that require both concentration ...
Video by Jennifer Hahn. (video link) BROOKLYN, New York—A conveyor belt is keeping material flying past at speeds that require both concentration ...
Black Friday 2015 price matching: Which stores do it and how does it work?... products you want at the prices you've seen advertised, as long as you’re willing to do a little research to take advantage of the price matching ...
... Rubio offer. One of Blue America's most generous annual contributors over the course of many years is putting $2,000 on the table as a matching ...
LOOK: Steph Curry's family wearing matching footie pajamas on ChristmasThe Curry family gets in the holiday spirit with matching footie pajamas.
Bob Beers: Bruins ‘didn’t come close’ to matching Canadiens intensity in Winter Classic
... 32° Main menu Home Celtics Patriots Red Sox Bruins Revolution More WRITERS Watch Shop NECN Bob Beers: Bruins ‘didn’t come close’ to matching ...
... 32° Main menu Home Celtics Patriots Red Sox Bruins Revolution More WRITERS Watch Shop NECN Bob Beers: Bruins ‘didn’t come close’ to matching ...
Resources last updated: 1/11/2016 6:19:45 AM