I need to write a policy to query roles in the directory and call add
role for the user selected in the operation.
The query is already working and returning nrfRole objects to the
$current-node$ variable, but for adding the role, I must pass the DN of
the role to the action.
How can I extract the DN of the role from the $current-node$ object?
All nouns I tryed works over the selected object, and not over the
query response. I am sorry if this is abasic question, but I am a newbie
in policies.
The rule follows:
<rule>
<description>Atribui Kit Minimo</description>
<comment xml:space="preserve">Atribui o kit mínimo de acesso de acordo
com a lotação do usuário</comment>
<conditions>
<and>
<if-attr name="OU" op="available"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="rolesKitBasico" scope="policy">
<arg-node-set>
<token-query class-name="nrfRole" datastore="src">
<arg-dn>
<token-text
xml:space="preserve">O=XXXX\OU=XXXXX\CN=Driverset\ CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=R oleDefs</token-text>
</arg-dn>
<arg-match-attr name="CN">
<arg-value type="string">
<token-attr name="OU"/>
<token-text xml:space="preserve"> Basico</token-text>
</arg-value>
</arg-match-attr>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="rolesKitBasico"/>
</arg-node-set>
<arg-actions>
<do-add-role id="CN=XXXXX,OU=contasservico,OU=usuarios,O=XXXX"
role-id="$current-node$" url="https://10.0.0.43/IDM">
<arg-password>
<token-text xml:space="preserve">XXXXXX</token-text>
</arg-password>
</do-add-role>
</arg-actions>
</do-for-each>
</actions>
</rule>


--
jluizberg
------------------------------------------------------------------------
jluizberg's Profile: http://forums.novell.com/member.php?userid=82541
View this thread: http://forums.novell.com/showthread.php?t=406862