Recently I've been tasked with modifying an existing eDir to eDir driver
that exists between my Identity Vault (IDV) and my Authorization (AUTH)
trees. Specifically I was asked to take an existing attribute that is
already synced in it's entirety and only sync a substring of it's value.
Well being that I'm no IDM driver expert (I work on maybe 1 simple
driver a year) the solution that I reached seemed too simple... or too
good to be true. Thus I'm looking for advice from those with far more
expertise then I. Is there anything I'm missing, or other things that I
need to take into consideration, etc..


Driver modification requirements:
The attribute in question (Attribute1) gets populated into the IDV
through a separate driver (ODBC to be specific) which is the source of
authority. This data is only pushed from the ODBC driver into the IDV,
it is not a two way sync. Anyhow upon the creation, modification, or
sync of Attribute1 in the IDV... I need it's corresponding eDir to eDir
driver to pick up the change and only provision a substring of it's
value (the last 6 characters of the string to be exact) to the AUTH
tree. If a delete operation occurs then I need the attribute deleted
from the AUTH tree. Lastly Attribute1 should never be modified in the
AUTH tree therefore the eDir to eDir Driver Filter does not allow the
value to sync back to the IDV. Those are the conditions that I was
trying to met.

What I did... is it really this simple:
I basically added the following rules to the Event Transformation
Policies on my IDV's Subscriber channel. Obviously the watch points can
be killed when this goes production.

<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>Watch Point 1</description>
<comment xml:space="preserve">This rule is used to trace the value of
Attribute1.</comment>
<conditions>
<or/>
</conditions>
<actions>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Attribute1 trace value
=</token-text>
<token-op-attr name="Attribute1"/>
</arg-string>
</do-trace-message>
</actions>
</rule>
<rule>
<description>Change Attribute1</description>
<conditions>
<and>
<if-op-attr name="Attribute1" op="available"/>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="Attribute1">
<arg-value type="string">
<token-substring length="6" start="-6">
<token-op-attr name="Attribute1"/>
</token-substring>
</arg-value>
</do-reformat-op-attr>
</actions>
</rule>
<rule>
<description>Watch Point 2</description>
<comment xml:space="preserve">This rule is used to trace the value of
Attribute1.</comment>
<conditions>
<or/>
</conditions>
<actions>
<do-trace-message level="3">
<arg-string>
<token-text xml:space="preserve">Attribute1 trace value
=</token-text>
<token-op-attr name="Attribute1"/>
</arg-string>
</do-trace-message>
</actions>
</rule>
</policy>


--
jeschaff
------------------------------------------------------------------------
jeschaff's Profile: http://forums.novell.com/member.php?userid=8222
View this thread: http://forums.novell.com/showthread.php?t=444264