Hi,

We have created a Timed Job Null driver, to do a secure LDAP bind to
the vault and query for an attribute and act if the value is more than 2
weeks old.

However I'm unsure on the values of some of the GCVs that are required
by the driver.

The required GCVs are listed below with my understanding of what the
values should be. However I'm not sure of the $gcv_keypass value. Our
Root.CA certificate does not have a password set on it so can this value
be left blank?

$gcv_ldap_host = IP address of IdM server
$gcv_ldap_port = secure port for connection
$gcv_use_tls = set to yes, as the vault is set to use TLS
$gcv_keystore = path to the Vault.CA certificate
$gcv_keypass = ????
$gcv_ldap_user = FQDN of user with rights to browse the tree
$np_ldap_password = clear text password of gcv_ldap_user
$gcv_ldap_base = base DN of the OU to be searched in the tree

The code for the driver is listed below:


<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd"
"/root/designer/plugins/com.novell.idm.policybuilder_3.5.0.200909160331/DTD/dirxmlscript3.6.1.dtd"><policy
xmlns:es="http://www.novell.com/nxsl/ecmascript">
<rule>
<description>not heartbeat</description>
<comment xml:space="preserve">not heartbeat</comment>
<conditions>
<and>
<if-operation disabled="true" mode="case"
op="not-equal">status</if-operation>
<if-xpath op="not-true">.//@type ='heartbeat'</if-xpath>
</and>
</conditions>
<actions>
<do-break/>
</actions>
</rule>
<rule>
<description>get info</description>
<conditions>
<and/>
</conditions>
<actions>
<do-set-local-variable name="lvCurrentTime" scope="policy">
<arg-string>
<token-time format="!CTIME" lang="en-GB" tz="Etc/GMT+0"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lv2weeksago" scope="policy">
<arg-string>
<token-convert-time dest-format="!FULL.DATETIME" dest-lang="en-GB"
dest-tz="Etc/GMT+0" offset="-14" offset-unit="day" src-format="!CTIME"
src-lang="en-GB" src-tz="Etc/GMT+0">
<token-local-variable name="lvCurrentTime"/>
</token-convert-time>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvAccounts" scope="policy">
<arg-node-set>
<token-xpath expression="es:ldapSearch($gcv_ldap_host,
$gcv_ldap_port, $gcv_use_tls, $gcv_keystore, $gcv_keypass,
$gcv_ldap_user, $np_ldap_password, $gcv_ldap_base, 'sub',
'(&amp;(className=user)(mojLastModifiedDate > $lv2weeksago))', '',
maxResultSet) "/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-text xml:space="preserve">lvAccounts</token-text>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-xpath expression="$current-node/@src-dn&#xd;&#xa;"/>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>

the driver seems to start fine, but never processes the rules listed
above, so I don't think it is binding successfully to the tree.

Does anybody have any ideas?

Thanks


--
Johnmad6
------------------------------------------------------------------------
Johnmad6's Profile: http://forums.novell.com/member.php?userid=77554
View this thread: http://forums.novell.com/showthread.php?t=425698