I'm looking for a way to transform the NDS uniqueid in a DN to the uid
value for ldap directories. The attribute is in schema mapping, etc., I
even thought about using another attribute for the placement - like
SeeAlso flag with the uid=username - but the driver is also converting
that into uniqueID from uid - I'm hoping you guys have some ideas....

Here is the trace:


[03/27/13 08:44:24.323]:AUTHDIR1 ST:Policy returned:
[03/27/13 08:44:24.323]:AUTHDIR1 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add cached-time="20130327124424.123Z" class-name="User"
event-id="lxisdqa06#20130327124424#7#1:45ee48eb-35cc-47bb-a89f-eb48ee45cc35"
qualified-src-dn="O=isd\OU=Applications\uniqueID=b2b-sterlingcert"
src-dn="\ISD-QA\isd\Applications\b2b-sterlingcert" src-entry-id="295358"
timestamp="1364388264#2">
<add-attr attr-name="carLicense">
<value timestamp="1364221386#2"
type="string">uid=b2b-sterlingcert,ou=Applications,o=isd</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1361813869#5"
type="string">b2b-sterlingcert</value>
</add-attr>
<add-attr attr-name="Description">
<value timestamp="1364388264#2" type="string">The application
user has not submitted a 409 Waiver</value>
</add-attr>
<add-attr attr-name="nspmDistributionPassword"><!-- content
suppressed -->
</add-attr>
<add-attr attr-name="See Also">
<value timestamp="1364215498#2"
type="dn">\ISD-QA\isd\Applications\b2b-sterlingcert</value>
</add-attr>
<add-attr attr-name="Surname">
<value timestamp="1361813869#7"
type="string">b2b-sterlingcert</value>
</add-attr>
<add-attr attr-name="uniqueID">
<value naming="true" timestamp="1361813869#23"
type="string">b2b-sterlingcert</value>
</add-attr>
</add>
</input>
</nds>
[03/27/13 08:44:24.326]:AUTHDIR1 ST:Applying object placement policies.
[03/27/13 08:44:24.326]:AUTHDIR1 ST:Applying policy: %+C%14CPlacement
Rule for Users%-C.
[03/27/13 08:44:24.326]:AUTHDIR1 ST: Applying to add #1.
[03/27/13 08:44:24.326]:AUTHDIR1 ST: Evaluating selection criteria
for rule 'SubscriberPlacementRuleforUsers'.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: (if-class-name equal "User") =
TRUE.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: (if-src-dn in-container
"isd\People") = FALSE.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: Rule rejected.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: Evaluating selection criteria
for rule 'SubscriberPlacementRuleforApplicationUsers'.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: (if-class-name equal "User") =
TRUE.
[03/27/13 08:44:24.327]:AUTHDIR1 ST: (if-src-dn in-container
"isd\Applications") = TRUE.
[03/27/13 08:44:24.328]:AUTHDIR1 ST: Rule selected.
[03/27/13 08:44:24.328]:AUTHDIR1 ST: Applying rule
'SubscriberPlacementRuleforApplicationUsers'.
[03/27/13 08:44:24.328]:AUTHDIR1 ST: Action:
do-set-op-dest-dn(arg-dn(token-xpath("DNConverter:convert($dnConverter,@src-dn,
"slash","ldap")"))).
[03/27/13 08:44:24.328]:AUTHDIR1 ST:
arg-dn(token-xpath("DNConverter:convert($dnConverter,@src-dn,
"slash","ldap")"))
[03/27/13 08:44:24.329]:AUTHDIR1 ST:
token-xpath("DNConverter:convert($dnConverter,@src-dn,
"slash","ldap")")
[03/27/13 08:44:24.329]:AUTHDIR1 ST: Token Value:
"uniqueID=b2b-sterlingcert,OU=Applications,O=isd".
[03/27/13 08:44:24.329]:AUTHDIR1 ST: Arg Value:
"uniqueID=b2b-sterlingcert,OU=Applications,O=isd".


Here is the policy:


<rule>
<description>SubscriberPlacementRuleforApplication Users</description>
<comment name="version" xml:space="preserve">9</comment>
<comment name="lastchanged" xml:space="preserve">2013-03-27</comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-src-dn op="in-container">isd\Applications</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-xpath expression='DNConverter:convert($dnConverter,@src-dn,
"slash","ldap")'/>
</arg-dn>
</do-set-op-dest-dn>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">########Sent Audit Alert of
AUTHDIR Application Account Creation#########</token-text>
</arg-string>
</do-trace-message>
<do-generate-event id="1120" level="log-notice">
<arg-string name="target">
<token-dest-attr name="CN"/>
</arg-string>
<arg-string name="text1">
<token-text xml:space="preserve">AUTH DIR Application Account
Created Successfully</token-text>
</arg-string>
<arg-string name="text2">
<token-text xml:space="preserve">Following Application User Was
Successfully Created in AUTH Directory :</token-text>
<token-text xml:space="preserve">User DN Account Name in AUTHDIR -
</token-text>
<token-src-attr name="dn">
<arg-association>
<token-xpath expression="self::add-association/text()"/>
</arg-association>
</token-src-attr>
<token-text xml:space="preserve">AUTHDIR Account Unique Identifier
-</token-text>
<token-xpath expression="self::add-association/text()"/>
<token-text xml:space="preserve">Event Time User Was
Created</token-text>
<token-time format="!MEDIUM.TIME" lang="en-US" tz="Etc/GMT+5"/>
</arg-string>
<arg-string name="text3">
<token-text xml:space="preserve">AUTH DIR Account Unique Identifier
- </token-text>
<token-xpath expression="self::add-association/text()"/>
<token-text xml:space="preserve">IDV Account Creator
-</token-text>
<token-dest-attr name="creatorsName">
<arg-dn>
<token-dest-dn/>
</arg-dn>
</token-dest-attr>
<token-text xml:space="preserve">IDV Account Modifier
-</token-text>
<token-dest-attr name="modifiersName">
<arg-dn>
<token-dest-dn/>
</arg-dn>
</token-dest-attr>
</arg-string>
<arg-string name="value1">
<token-text xml:space="preserve">1120</token-text>
</arg-string>
</do-generate-event>
<do-break/>
</actions>
</rule>


--
el_triad
------------------------------------------------------------------------
el_triad's Profile: https://forums.netiq.com/member.php?userid=1777
View this thread: https://forums.netiq.com/showthread.php?t=47417