I have an AD driver where I want to set my own ADContext attribute (3 AD
drivers in this config). I have no problems with doing it on an add,
just used the destination DN value. It is on a Merge I am having
difficulties (the kinks). There does not appear to be a Destination DN
available on a merge, just an association value. Ok, so I query AD using
the association, asking for distinguishedName. Put it in a local
variable, and then write the attribute in the vault from the LV. Only
problem, by the time the write occurs, the value, which was in AD/LDAP
context is transformed into eDir/Slash context.

Here is my little rule to do this;

<description>XXX Map attributes on Merge</description>
<comment xml:space="preserve">Merge policies for XXX IDM-Auth
<if-global-variable mode="nocase" name="UpnMap"
<if-xpath op="true">.[@from-merge='true']</if-xpath>
<do-set-local-variable name="lvContext" scope="policy">
<token-query class-name="User" datastore="dest"
max-result-count="1" scope="entry">
<token-text xml:space="preserve">distinguishedName</token-text>
<do-set-src-attr-value name="XXX-DirXML-ADContext-IDMA">
<arg-value type="string">
<token-xpath expression="$lvContext//value[1]/text()"/>

What is returned by the query is an AD DN in LDAP format. By the time
it gets into the vault, it has been converted into the associated eDir
DN in slash format.

Log file should be attached...

|Filename: IDM-Auth.log.zip |
|Download: http://forums.novell.com/attachment....achmentid=4380 |

tse7147's Profile: http://forums.novell.com/member.php?userid=4730
View this thread: http://forums.novell.com/showthread.php?t=410437