Hello Forums,

I'm relatively new to IDM and I haven't been able to figure out the
answer to my problem through normal internet searches.
Basically, what I'm trying to do, is query the vault for users on a
loopback driver and for each user, use a timestamp attribute that is
saved to their account to compare to a self built timestamp that is
stored in a local variable. Upon this comparison, If conditions are met,
I want the function to be able to disable/clear some variables on the
IDM account, per account.

My policy as it stands now is as follows:

<do-set-local-variable name="varAllTimestampedUsers" scope="policy">
<arg-node-set>
<token-query class-name="User" max-result-count="10000">
<arg-dn>
<token-text xml:space="preserve">data\users</token-text>
</arg-dn>
<arg-match-attr name="CN">
<arg-value>
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">CN</token-text>
</arg-string>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="$varAllTimestampedUsers$"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="varTimestamp" scope="policy">
<arg-string>
<token-query class-name="user" datastore="src"
max-result-count="1" scope="subtree">
<arg-dn>
<token-text xml:space="preserve">data\users</token-text>
</arg-dn>
<arg-match-attr name="CN">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">xTimestamp</token-text>
</arg-string>
</token-query>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-attr mode="nocase" name="$varTimestamp$"
op="lt">$varConvertTime$</if-attr>
</and>
</arg-conditions>
<arg-actions>
<do-clear-dest-attr-value name="xEmployeeFlag"/>
<do-clear-dest-attr-value name="xAppointment"/>
<do-set-dest-attr-value name="xStatusRemoval">
<arg-value type="string">
<token-text xml:space="preserve">true</token-text>
</arg-value>
</do-set-dest-attr-value>
<do-append-xml-text before="./@modify"
expression="self::instance">
<arg-string/>
</do-append-xml-text>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>

The problems that I'm having are as follows:
--I'm unable to get a valid timestamp compare. The comparison always
registers as false unless I select "not-equal"
--If I skip the timestamp compare, I'm unable to get the actions to act
upon the current user object. I tried to setup an XPATH expression to
add the instance document to the beginning of the actions, but that
doesn't seem to be appending where desired either.

Any pointers, suggestions, or documentation to read would be greatly
appreciated. Thank y'all very much.


--
briggle
------------------------------------------------------------------------
briggle's Profile: https://forums.netiq.com/member.php?userid=11714
View this thread: https://forums.netiq.com/showthread.php?t=56741