I'm trying to work up an anhancement to a MAD driver to change group
membership and create groups if required based on an eDir attribute. The
rule that does the work is in command transform and looks like this.

If the AD group already exists it works fine. If the AD group doesn't
exist then the Group is created but the member attr isn't populated. I
also want to populate description and SAM account name for the group,
but these seem to be ignored.

Attached trace shows firstly a change to an existing AD group, which
works OK, and secondly creation of a new group, on which membership
doesn;t get added.

- <policy>
- <rule disabled="false" notrace="false">
<description>TestForTargetWisdomTeamGroup</description>
- <conditions>
- <and disabled="false" notrace="false">
<if-op-attr name="JimTestSwiftAttributeClass" op="changing"
mode="nocase" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-set-local-variable name="target-Wisdomgroup" scope="policy"
disabled="false" notrace="false">
- <arg-string>
<token-text xml:space="preserve" notrace="false">cn=</token-text>
<token-op-attr name="JimTestSwiftAttributeClass" notrace="false" />
<token-text xml:space="preserve" notrace="false">,</token-text>
<token-global-variable name="WisdomGroupsOU" notrace="false" />
</arg-string>
</do-set-local-variable>
- <do-set-local-variable name="does-TargetWisdomgroup-exist"
scope="policy" disabled="false" notrace="false">
- <arg-string>
- <token-dest-attr class-name="Group" name="objectClass"
notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
</token-dest-attr>
</arg-string>
</do-set-local-variable>
- <do-trace-message color="purple" level="0" disabled="false"
notrace="false">
- <arg-string>
<token-text xml:space="preserve" notrace="false">Debug
Trace:</token-text>
<token-text xml:space="preserve"
notrace="false">TargetWisdomGroupExist is :</token-text>
<token-local-variable name="does-TargetWisdomgroup-exist"
notrace="false" />
<token-text xml:space="preserve" notrace="false">.</token-text>
<token-text xml:space="preserve" notrace="false">Wisdom Group Name is
:</token-text>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
<token-text xml:space="preserve" notrace="false">.</token-text>
</arg-string>
</do-trace-message>
</actions>
</rule>
- <rule disabled="false" notrace="false">
<description>TestForSourceWisdomTeamGroup [rule removed for
space]</description>
- <rule disabled="false" notrace="false">
<description>SetUsefulOperationVariables</description>
- <conditions>
- <and disabled="false" notrace="false">
<if-op-attr name="JimTestSwiftAttributeClass" op="changing"
mode="nocase" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-set-op-dest-dn disabled="false" notrace="false">
- <arg-dn>
<token-op-property name="unmatched-src-dn" notrace="false" />
<token-text xml:space="preserve" notrace="false">,</token-text>
<token-text xml:space="preserve"
notrace="false">ou=edir,dc=prlnwdev,dc=surreycc,dc =gov,dc=uk</token-text>

</arg-dn>
</do-set-op-dest-dn>
- <do-set-local-variable name="userdn" scope="policy" disabled="false"
notrace="false">
- <arg-string>
<token-xpath expression="query:readObject($destQueryProcessor,
association, "", "User", "")/@src-dn" notrace="false" />
</arg-string>
</do-set-local-variable>
</actions>
</rule>
- <rule disabled="false" notrace="false">
<description>CreateWisdomTeamGroupIfNeeded</description>
- <conditions>
- <and disabled="false" notrace="false">
<if-local-variable name="target-Wisdomgroup" op="available"
mode="nocase" disabled="false" notrace="false" />
<if-local-variable mode="nocase" name="does-TargetWisdomgroup-exist"
op="equal" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-add-dest-object class-name="Group" direct="true" when="auto"
disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
</do-add-dest-object>
- <do-trace-message color="grey" level="0" disabled="false"
notrace="false">
- <arg-string>
<token-text xml:space="preserve" notrace="false">Creatiing new Wisdom
group</token-text>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
<token-text xml:space="preserve" notrace="false">.</token-text>
</arg-string>
</do-trace-message>
- <do-set-dest-attr-value name="sAMAccountName" when="after"
direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
- <token-substring length="20" start="0" notrace="false">
- <token-replace-all regex="" replace-with="" notrace="false">
<token-op-attr name="JimTestSwiftAttributeClass" notrace="false" />
</token-replace-all>
</token-substring>
</arg-value>
</do-set-dest-attr-value>
- <do-set-dest-attr-value name="description" when="after"
direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
<token-text xml:space="preserve" notrace="false">New Wisdom Group
created by IDM at</token-text>
<token-time format="!FULL.DATETIME" tz="Europe/London"
notrace="false" />
</arg-value>
</do-set-dest-attr-value>
</actions>
</rule>
- <rule disabled="false" notrace="false">
<description>Set New Wisdom Group Membership</description>
- <conditions>
- <and disabled="false" notrace="false">
<if-local-variable name="target-Wisdomgroup" op="available"
mode="nocase" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-trace-message color="grey" level="0" disabled="false"
notrace="false">
- <arg-string>
<token-text xml:space="preserve" notrace="false">Adding membership of
Wisdom group</token-text>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
<token-text xml:space="preserve" notrace="false">to DN</token-text>
<token-local-variable name="userdn" notrace="false" />
</arg-string>
</do-trace-message>
- <do-add-dest-attr-value class-name="Group" name="Member" when="after"
direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
<token-local-variable name="userdn" notrace="false" />
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
- <rule disabled="false" notrace="false">
<description>Remove Wisdom Group Membership</description>
- <conditions>
- <and disabled="false" notrace="false">
<if-local-variable name="does-SourceWisdomgroup-exist" op="available"
mode="nocase" disabled="false" notrace="false" />
<if-local-variable name="Source-Wisdomgroup" op="available"
mode="nocase" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-trace-message color="grey" level="0" disabled="false"
notrace="false">
- <arg-string>
<token-text xml:space="preserve" notrace="false">Removing membership
of old Wisdom group</token-text>
<token-local-variable name="Source-Wisdomgroup" notrace="false" />
<token-text xml:space="preserve" notrace="false">from DN</token-text>

<token-local-variable name="userdn" notrace="false" />
</arg-string>
</do-trace-message>
- <do-remove-dest-attr-value class-name="Group" name="Member"
when="after" direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="Source-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
<token-local-variable name="userdn" notrace="false" />
</arg-value>
</do-remove-dest-attr-value>
</actions>
</rule>
- <rule disabled="false" notrace="false">
<description>SetWisdomGroupAttributes</description>
<comment xml:space="preserve">Test Rule to try group attrs seprately
from Group creation</comment>
- <conditions>
- <and disabled="false" notrace="false">
<if-local-variable name="target-Wisdomgroup" op="available"
mode="nocase" disabled="false" notrace="false" />
</and>
</conditions>
- <actions>
- <do-set-dest-attr-value name="sAMAccountName" when="after"
direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
- <token-substring length="20" start="0" notrace="false">
- <token-replace-all regex="" replace-with="" notrace="false">
<token-op-attr name="JimTestSwiftAttributeClass" notrace="false" />
</token-replace-all>
</token-substring>
</arg-value>
</do-set-dest-attr-value>
- <do-set-dest-attr-value name="description" when="after"
direct="false" disabled="false" notrace="false">
- <arg-dn>
<token-local-variable name="target-Wisdomgroup" notrace="false" />
</arg-dn>
- <arg-value type="string">
<token-text xml:space="preserve" notrace="false">New Wisdom Group
created by IDM at</token-text>
<token-time format="!FULL.DATETIME" tz="Europe/London"
notrace="false" />
</arg-value>
</do-set-dest-attr-value>
</actions>
</rule>
</policy>


+----------------------------------------------------------------------+
|Filename: trace.zip |
|Download: http://forums.novell.com/attachment....achmentid=4687 |
+----------------------------------------------------------------------+

--
jimc
------------------------------------------------------------------------
jimc's Profile: http://forums.novell.com/member.php?userid=6130
View this thread: http://forums.novell.com/showthread.php?t=417459