I ran into some pretty painful headaches while trying to use the Parse
DN verb token. Basically, I can't get it to work as advertised. I
tried to covert the result of the Source DN noun token to a qualified
LDAP DN. It doesn't work.

Here is my rule;


Code:
--------------------

<do-set-local-variable name="user-dn-ldap" scope="policy">
<arg-string>
<token-parse-dn dest-dn-format="qualified-slash" length="-1" src-dn-format="slash" start="0">
<token-src-dn/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>

--------------------


And here is the level 3 trace;


[07/06/15 12:16:47.464]:labLoop ST: Action:
do-set-local-variable("user-dn-ldap",scope="policy",token-parse-dn(dest-dn-format="qualified-slash",length="-1",src-dn-format="slash",start="0",token-src-dn())).
[07/06/15 12:16:47.466]:labLoop ST:
arg-string(token-parse-dn(dest-dn-format="qualified-slash",length="-1",src-dn-format="slash",start="0",token-src-dn()))
[07/06/15 12:16:47.466]:labLoop ST:
token-parse-dn(dest-dn-format="qualified-slash",length="-1",src-dn-format="slash",start="0",token-src-dn())
[07/06/15 12:16:47.467]:labLoop ST:
token-parse-dn(dest-dn-format="qualified-slash",length="-1",src-dn-format="slash",start="0",token-src-dn())
[07/06/15 12:16:47.467]:labLoop ST: token-src-dn()
[07/06/15 12:16:47.467]:labLoop ST: Token Value:
"\TREE\org\users\student".
[07/06/15 12:16:47.468]:labLoop ST: Arg Value:
"\TREE\org\users\student".
[07/06/15 12:16:47.468]:labLoop ST: Token Value:
"\TREE\org\users\student".
[07/06/15 12:16:47.468]:labLoop ST: Arg Value:
"\TREE\org\users\student".


Essentially, there is no change. I was expecting
"\T=TREE\O=org\OU=users\CN=student" for the final output.

Is this a known issue? I have tried examples in IDM 4.5, 4.0.2, and
3.6.1 and they all behave the same way. The conversion works if you
start with a qualified DN but how can you get from an "unqualified"
format to a qualified format? I've see some articles that show how to
rebuild the qualified DN piece by piece but it seems that the Parse DN
token should be able to do this as well. It seems less than complete
having "qualified slash" or "qualified dot" options that only work under
special circumstances.

There isn't really any reference in the documentation that mentions this
requirement. Am I doing something wrong?

Thanks in advance for you replies.


--
rhettplace
------------------------------------------------------------------------
rhettplace's Profile: https://forums.netiq.com/member.php?userid=876
View this thread: https://forums.netiq.com/showthread.php?t=53841