Move User with a future Date - UA WorkFlow to ManTask

I created a UA WorkFlow that allows a user to initiate a Move at a
future date. The WF creates the the User
in a Temp container ou=moveuser,o=org with a date-to-move attribute and
all related attributes such as
the users new: OU, Manager, telephone...

I am now using the ManTask driver to initiate a Job that will scan the
ou=moveuser,o=org container for users
that are to be moved today.
In the Policy below I have ldap finding all my users to be moved and
can find the dest-OU and parse the full DN of the user
to be moved using XPath. I have tried numerous ways to complete the
move; however, I am new to XPath and am having problems.
)


How do I find and match the real user under ou=users,o=org?

How do I write the attributes from the temp user in ou=moveusers,ou-org
to the to the real user some place under ou=deptOU,ou=users,o=org?

Can the real user and temp user be matched and the new attributes be
applied including the actual move using XPath while in the do loop? Is
there a better way?

(this is not easy! I have tried: find matching object- out of scope!,
move source/dest object - finds wrong users...).

This type of functionality would be very handy for any delayed creates,
moves, renames.

Any help or suggestions would be much appreciated.

Thank you,

Gary




<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd" "C:\Program
Files\Novell\Designer\plugins\com.novell.idm.polic ybuilder_3.5.0.200909160331\DTD\dirxmlscript3.6.1. dtd"><policy
xmlns:bufferedWriterNS="http://www.novell.com/nxsl/java/java.io.BufferedWriter"
xmlns:dateFormatNS="http://www.novell.com/nxsl/java/java.text.SimpleDateFormat"
xmlns:dateNS="http://www.novell.com/nxsl/java/java.util.Date"
xmlns:es="http://www.novell.com/nxsl/ecmascript"
xmlns:fileWriterNS="http://www.novell.com/nxsl/java/java.io.FileWriter"
xmlns:ldapUtil="http://www.novell.com/nxsl/java/com.trivir.ldap.util.LdapSearch">
<rule>
<description>Move User and Reset Attributes</description>
<comment xml:space="preserve">For each user that has
PBCTransferUserTimeStamp set to today, A job will trigger an event that
will move the user and reset attributes. </comment>
<conditions>
<and>
<if-operation mode="case" op="equal">trigger</if-operation>
<if-op-property mode="nocase" name="source"
op="equal">MoveUserUapp</if-op-property>
</and>
</conditions>
<actions>
<do-set-local-variable name="today" scope="policy">
<arg-string>
<token-convert-time dest-format="!CTIME" dest-tz="UTC"
src-format="!SHORT.DATE">
<token-time format="!SHORT.DATE"/>
</token-convert-time>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="ldapToday" scope="policy">
<arg-string>
<token-convert-time dest-format="yyyyMMddHHmmss'Z'" dest-tz="UTC"
src-format="!CTIME" src-tz="UTC">
<token-local-variable name="today"/>
</token-convert-time>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="filter" scope="policy">
<arg-string>
<token-text
xml:space="preserve">(&amp;(cn=*)(PBCTransferUserT imeStamp&lt;=$ldapToday$))</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="password" scope="policy">
<arg-string>
<token-src-attr name="nspmDistributionPassword">
<arg-dn>
<token-parse-dn dest-dn-format="dest-dn" src-dn-format="ldap">
<token-global-variable name="ldap-user"/>
</token-parse-dn>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="ldapSearchUtilityInstance"
scope="policy">
<arg-object>
<token-xpath expression="ldapUtil:new()"/>
</arg-object>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-xpath
expression="ldapUtil:ldapSearch($ldapSearchUtility Instance,
'~ldap-server~', '~ldap-user~', $password, '~LDAPmovecontainer~', 'sub',
$filter, 'cn',true)"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Account </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> Will be moved to it's new
destination and an email will be sent when completed.</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="logMessage" scope="policy">
<arg-string>
<token-text xml:space="preserve">Account </token-text>
<token-parse-dn dest-dn-format="src-dn" src-dn-format="ldap">
<token-xpath expression="$current-node/@src-dn"/>
</token-parse-dn>
<token-text xml:space="preserve"> will be moved. It has reached
the initiate date to move the account.</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="format">
<arg-object>
<token-xpath expression="dateFormatNS:new('MM/dd/yyyy HH:mm:ss
')"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="date">
<arg-object>
<token-xpath expression="dateNS:new()"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="formattedTimeStamp">
<arg-object>
<token-xpath expression="dateFormatNS:format($format,$date)"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="logFileHandle" scope="policy">
<arg-object>
<token-xpath
expression="fileWriterNS:new('~moveuser-job-error-log~','true')"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="bufferedWriter">
<arg-object>
<token-xpath
expression="bufferedWriterNS:new($logFileHandle)"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="return1">
<arg-object>
<token-xpath
expression="bufferedWriterNS:write($bufferedWriter ,$formattedTimeStamp,0,string-length($formattedTimeStamp))"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="return2">
<arg-string>
<token-xpath
expression="bufferedWriterNS:write($bufferedWriter ,$logMessage,0,string-length($logMessage))"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="return3">
<arg-string>
<token-xpath
expression="bufferedWriterNS:newLine($bufferedWrit er)"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="return4">
<arg-string>
<token-xpath
expression="bufferedWriterNS:flush($bufferedWriter )"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="return5">
<arg-string>
<token-xpath expression="fileWriterNS:close($logFileHandle)"/>
</arg-string>
</do-set-local-variable>
<do-set-op-dest-dn>
<arg-dn>
<token-parse-dn dest-dn-format="src-dn" src-dn-format="ldap">
<token-xpath expression="$current-node/@src-dn"/>
</token-parse-dn>
</arg-dn>
</do-set-op-dest-dn>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Operational DN =
</token-text>
<token-dest-dn convert="false"/>
</arg-string>
</do-trace-message>
<do-set-local-variable name="destDept" scope="policy">
<arg-string>
<token-src-attr name="OU">
<arg-dn>
<token-parse-dn dest-dn-format="slash" src-dn-format="ldap">
<token-xpath expression="$current-node/@src-dn"/>
</token-parse-dn>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">### destDept contains the
department's full name = " $destDept$</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="lookupdn" scope="policy">
<arg-string>
<token-text
xml:space="preserve">~DEPTLOOKUP~\$destDept$</token-text>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">"Dept Lookup by fullname to get
ShortOU = " $lookupdn$</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="shortOU">
<arg-node-set>
<token-xpath
expression="query:readObject($srcQueryProcessor,'' ,$lookupdn,'','Description')"/>
</arg-node-set>
</do-set-local-variable>
<do-set-dest-attr-value name="ShortOU">
<arg-value type="string">
<token-local-variable name="$shortOU$"/>
</arg-value>
</do-set-dest-attr-value>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">ShortOU contains the Department
Short OU name under USERS container = $shortOU$</token-text>
</arg-string>
</do-trace-message>
<do-set-local-variable name="destOU" scope="policy">
<arg-string>
<token-text
xml:space="preserve">PBC\USERS\$shortOU$\</token-text>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">destOU contains the full path
to new Department OU = $destOU$</token-text>
</arg-string>
</do-trace-message>
<do-move-src-object class-name="User">
<arg-dn>
<token-parse-dn dest-dn-format="slash" src-dn-format="ldap">
<token-xpath expression="$current-node/@scr-dn"/>
</token-parse-dn>
</arg-dn>
<arg-dn>
<token-attr name="$destOU$"/>
</arg-dn>
</do-move-src-object>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>


--
gholdefe
------------------------------------------------------------------------
gholdefe's Profile: http://forums.novell.com/member.php?userid=35453
View this thread: http://forums.novell.com/showthread.php?t=409575