Geoffrey Carman;37561 Wrote:
> belaie wrote:
> > Hello
> >
> > Argument Builder for Resolve() shows only two possibilities:
> >
> > DN to Association
> > Association to DN
> >
> >
> > Where do u see the option for resolving "GUID to DN" ? or "DN to

> GUID"
> > in the argument builder?

>
> Hehe. Good point. I may have not read your comment 100% before
> spouting off from the mouth.
>
> Regardless, for the eDir driver, the association value, IS the GUID.
>
> Other wise, Query token for GUID... here is an example, used a variable
> for the value of the GUID.
>
> <do-set-local-variable name="USER-BY-GUID" scope="policy">
> <arg-node-set>
> <token-query datastore="src">
> <arg-match-attr name="GUID">
> <arg-value type="string">
> <token-local-variable name="PLACE-GUID-HERE"/>
> </arg-value>
> </arg-match-attr>
> <arg-string>
> <token-text xml:space="preserve">Object Class</token-text>
> </arg-string>
> </token-query>
> </arg-node-set>
> </do-set-local-variable>
>
> Once you have the nodeset lets assume you only get one returned value
> (better! GUIDs darn well better be unique! If not, you have bigger
> issues) you can then pick it out of the nodeset with:
>
> <do-set-local-variable name="USER-BY-GUID" scope="policy">
> <arg-string>
> <token-xpath expression="$USER-BY-GUID/@src-dn"/>
> </arg-string>
> </do-set-local-variable>
>
> Do note, that during a move the user can appear in either of the two
> locations, or BOTH depending on the timing!!!
>
>
>
> > Regards
> >
> > Maqsood.
> >
> > Geoffrey Carman;1636702 Wrote:
> >> belaie wrote:
> >>> Hi
> >>>
> >>> Novell Identity Manager 3.6.1
> >>> Windows Server 2003 R2
> >>>
> >>> I have users in the Identity Vault which moves alot from and within
> >>> containers . I want to perform some actions in the policy builder
> >> lets
> >>> Move a specific user Object based on his known GUID and not knwon
> >> DN!
> >>
> >> Resolve Token in Arguement Builder can resolve a DN to GUID or a

> GUID
> >> toa DN... Enjoy. (New in 3.5.x and higher).

> >
> >


Hi Geoffrey,
Are you sure, that this code can work?

I have a similar requirements: find object based on GUID (or GUID-like)
information.
All my attempts to make similar query failed (JAVA error).

Google gave me link to this old post.
I tried to use your code (to avoid my own errors), but I got exactly
same error (like I had in my another code).

> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <modify cached-time="20140917010257.204Z" class-name="user"
> event-id="fc-iv#20140917010257#1#1:9a8e8ef6-3a31-41b9-be96-f68e8e9a313a"
> qualified-src-dn="O=AD\OU=fs\CN=Administrator"
> src-dn="\FC-TREE\AD\fs\Administrator" src-entry-id="689235"
> timestamp="1410915777#2">
> <modify-attr attr-name="Description">
> <remove-value>
> <value timestamp="1410906823#2" type="string">1Built-in account for
> administering the computer/domain2</value>
> </remove-value>
> <add-value>
> <value timestamp="1410915777#2" type="string">1Built-in account for
> administering the computer/domain</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:Applying event transformation
> policies.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:Applying policy: 10 SET GUID.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Applying to modify #1.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Evaluating selection criteria for
> rule 'QUERY GUID'.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: (if-op-attr 'Description'
> available) = TRUE.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Rule selected.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Applying rule 'QUERY GUID'.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Action:
> do-set-local-variable("PLACE-GUID-HERE",scope="policy",token-src-attr("GUID")).
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> arg-string(token-src-attr("GUID"))
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: token-src-attr("GUID")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Query from policy
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query class-name="user" dest-dn="\FC-TREE\AD\fs\Administrator"
> dest-entry-id="689235" scope="entry">
> <read-attr attr-name="GUID"/>
> </query>
> </input>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Pumping XDS to eDirectory.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Performing operation query for
> \FC-TREE\AD\fs\Administrator.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: --JCLNT--
> \FC-TREE\system\driverset1\guid-drv : Duplicating : context =
> 1839333497, tempContext = 1839333531
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: --JCLNT--
> \FC-TREE\system\driverset1\guid-drv : Calling free on tempContext =
> 1839333531
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Query from policy result
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="user"
> qualified-src-dn="O=AD\OU=fs\CN=Administrator"
> src-dn="\FC-TREE\AD\fs\Administrator" src-entry-id="689235">
> <attr attr-name="GUID">
> <value timestamp="1410820367#25"
> type="octet">K/hvDHKwLUNsuSv4bwxysA==</value>
> </attr>
> </instance>
> <status level="success"></status>
> </output>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Token Value:
> "K/hvDHKwLUNsuSv4bwxysA==".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Arg Value:
> "K/hvDHKwLUNsuSv4bwxysA==".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Action:
> do-set-local-variable("USER-BY-GUID",scope="policy",arg-node-set(token-query(datastore="src",arg-match-attr("GUID",token-local-variable("PLACE-GUID-HERE")),"Object
> Class"))).
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> arg-node-set(token-query(datastore="src",arg-match-attr("GUID",token-local-variable("PLACE-GUID-HERE")),"Object
> Class"))
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> token-query(datastore="src",arg-match-attr("GUID",token-local-variable("PLACE-GUID-HERE")),"Object
> Class")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> arg-match-attr("GUID",token-local-variable("PLACE-GUID-HERE"))
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> arg-string(token-local-variable("PLACE-GUID-HERE"))
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> token-local-variable("PLACE-GUID-HERE")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Token Value:
> "K/hvDHKwLUNsuSv4bwxysA==".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Arg Value:
> "K/hvDHKwLUNsuSv4bwxysA==".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: arg-string("Object Class")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: token-text("Object Class")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Arg Value: "Object Class".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Query from policy
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query scope="subtree">
> <search-attr attr-name="GUID">
> <value type="string">K/hvDHKwLUNsuSv4bwxysA==</value>
> </search-attr>
> <read-attr attr-name="Object Class"/>
> </query>
> </input>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Pumping XDS to eDirectory.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Performing operation query for .
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: --JCLNT--
> \FC-TREE\system\driverset1\guid-drv : Duplicating : context =
> 1839333497, tempContext = 1839333531
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: --JCLNT--
> \FC-TREE\system\driverset1\guid-drv : Calling free on tempContext =
> 1839333531
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Query from policy result
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status level="error">Code(-9010) An exception occurred:
> novell.jclient.JCException: initVlistIterator -613
> ERR_SYNTAX_VIOLATION</status>
> </output>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Token Value: {}.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Arg Value: {}.
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Action:
> do-set-local-variable("USER-BY-GUIDdn",scope="policy",token-xpath("$USER-BY-GUID/@src-dn")).
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> arg-string(token-xpath("$USER-BY-GUID/@src-dn"))
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> token-xpath("$USER-BY-GUID/@src-dn")
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Token Value: "".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Arg Value: "".
> 21:02:57 DBC9B700 Drvrs: guid-drv ST: Action: do-veto().
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:Policy returned:
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.5">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input/>
> </nds>
> 21:02:57 DBC9B700 Drvrs: guid-drv ST:End transaction.



--
al_b
------------------------------------------------------------------------
al_b's Profile: https://forums.netiq.com/member.php?userid=209
View this thread: https://forums.netiq.com/showthread.php?t=8041