Greetings,

Trying to set a condition in a rule so that if a move initiates from
anywhere other than a specific container, the move will be vetoed. I think
I'm just making a mistake in the regex. Can you do a regex in an XPATH
statement?. Here's the rule and the XML input. Anyone see where I'm going
astray??

thanks,

Rob

<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>Block User Moves, unless originating in Deleted Users
Container</description>
<conditions>
<and>
<if-operation op="equal">move</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-xpath op="true">self::move[@old-src-dn !=
'PHC_IDENT\Users\deleted(.*)']</if-xpath>
</and>
</conditions>
<actions>
<do-veto/>
</actions>
</rule>

Here's the XML Input
====================================
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.0.20051118 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<sync class-name="User" event-id="RWD5#20060401080208#1#19"
qualified-src-dn="O=wrkstn-service-ids\CN=aghw6"
src-dn="\PHC_IDENT\wrkstn-service-ids\aghw6" src-entry-id="36427"
timestamp="0#0">
<association
state="associated">9746e84aa3d15245808344b7a9d1f16 b</association>
</sync>
<move class-name="User" event-id="RWD5#20060401080208#1#19"
old-src-dn="\PHC_IDENT\Users\deleted\aghw6"
qualified-old-src-dn="O=Users\OU=deleted\CN=aghw6"
qualified-src-dn="O=wrkstn-service-ids\CN=aghw6"
src-dn="\PHC_IDENT\wrkstn-service-ids\aghw6" src-entry-id="36427"
timestamp="1143878528#19">
<association
state="associated">9746e84aa3d15245808344b7a9d1f16 b</association>
<parent qualified-src-dn="O=wrkstn-service-ids"
src-dn="\PHC_IDENT\wrkstn-service-ids" src-entry-id="32978"/>
</move>
</input>
</nds>