Hello all. I have a need to re-enable a disabled account if the login
expiration time is extended. Below are some snippets of the semi-working
code. I am able to set the local variable "now" to the current time but
in the next condition that looks for the login expiration time changing
and the time is greater than "now" it doesn't see it and returns false.
What am I missing here? Everything works except for the "greater than"
part. Thank you for looking.

<description>Login Expiration Extended</description>
<comment xml:space="preserve">Checks to see if the expiration time is
being extended on a disabled account.</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-attr mode="nocase" name="Login Disabled"
op="equal">TRUE</if-src-attr>
<if-op-attr name="Login Expiration Time" op="changing"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="now" scope="driver">
<arg-string>
<token-time format="yyyyMMddHHmmssZ"/>
</arg-string>
</do-set-local-variable>
</actions>
</rule>
<rule>
<description>Enable Account</description>
<comment xml:space="preserve">If the login expiration time is changing
to a date in the future - enable the account.</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-op-attr name="Login Expiration Time" op="changing"/>
<if-src-attr mode="nocase" name="Login Disabled"
op="equal">TRUE</if-src-attr>
<if-op-attr mode="nocase" name="Login Expiration Time"
op="gt">$now$</if-op-attr>
</and>
</conditions>
<actions>
<do-set-src-attr-value class-name="User" name="Login Disabled">
<arg-value type="string">
<token-text xml:space="preserve">FALSE</token-text>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>

THE USER WAS SET TO EXPIRE ON SEP 24, 2014 10:14:00 AM EDT
(20140924141400Z)
Small bit of the trace:

Applying rule 'Login Expiration Extended'.
Action:
do-set-local-variable("now",scope="driver",token-time(format="yyyyMMddHHmmssZ")).
arg-string(token-time(format="yyyyMMddHHmmssZ"))
token-time(format="yyyyMMddHHmmssZ")
Token Value: "20140320071520-0400".
Arg Value: "20140320071520-0400".
Evaluating selection criteria for rule 'Enable Account'.
(if-class-name equal "User") = TRUE.
(if-op-attr 'Login Expiration Time' changing) = TRUE.
(if-src-attr 'Login Disabled' equal "TRUE") = TRUE.
Expanded variable reference '$now$' to '20140320071520-0400'.
(if-op-attr 'Login Expiration Time' gt "$now$") = FALSE.
Rule rejected.


--
jpoisson
------------------------------------------------------------------------
jpoisson's Profile: https://forums.netiq.com/member.php?userid=845
View this thread: https://forums.netiq.com/showthread.php?t=50324