In the document 'Cool Tricks using XPATH on nodesets'
'Cool tricks using XPATH on nodesets | Novell User Communities'

a way of removing unwanted ACLs is discussed.

Thus, the following is said to remove all instances of the ACL that has
'WM:Registered Workstation' in its protectedname component.

<do-strip-xpath expression="$ACLS//value[(component[@name =
'protectedname'] = 'WM:Registered Workstation')]"/>

ACLS is a nodeset.

So, I think ...
Create a nodeset and apply the above.
My code is below.

<do-set-local-variable name="lv-Nodes" scope="policy">
<token-query class-name="$lv-ObjectClass$" datastore="src">
<token-local-variable name="lv-SearchRoot"/>
<token-text xml:space="preserve">ACL</token-text>
<do-strip-xpath expression="$lv-Nodes//value[(component[@name =
'protectedname'] = $lv-ACL)]"/>

Nothing happens !

Can someone let me know where I have gone wrong.

As an aside. Every time I have to use XPATH I run into problems. I
think I understand the above code. On and off, I have been involved
with DirXML/ IDM for 10 years yet I feel that I am no further forward in
understanding XPATH. I have read a vast number of threads on the
subject over the years which I 'sort of' understand. I can explain what
the code above is meant to do, but when I try to implement something it
always fails me. Also, this forum is really the only place to find
information. There are no books, Novell's documentation does not
address these issues, so we are left to muddle our way through it in the
hope that trial and error will prevail. So my thanks to all those who
spend their time trying to sort out problems for the likes of me.

chall's Profile:
View this thread: