Some event XML follows. In the Command Transform of a driver, I have one
policy for removing a User from all groups that he is in, and another for
evaluating what groups he should be in. So I thought I would remove him
from all of his groups first, then reevaluate him. That is pretty simple.
Then I thought it would be nice if I could evaluate him first, and then
only remove him from the groups which I am not adding him to (as an
optimization). So - this is the removal policy I am applying to the event
at the bottom:

<do-for-each>
<arg-node-set>
<token-src-attr class-name="User" name="Group Membership"/>
</arg-node-set>
<arg-actions>
<do-remove-dest-attr-value class-name="Group" name="Member">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value>
<token-src-dn/>
</arg-value>
</do-remove-dest-attr-value>
<do-remove-dest-attr-value class-name="Group" name="Equivalent To Me">
<arg-dn>
<token-local-variable name="current-node"/>
</arg-dn>
<arg-value>
<token-src-dn/>
</arg-value>
</do-remove-dest-attr-value>
</arg-actions>
</do-for-each>

I would like to add an if condition over the do-remove-dest-attrs, to see
if there is a
modify[@dest-dn='$current-node']/modify-attr[@name='Member']/add-value

I don't think I need to actually check the value node against the current
object because there shouldn't be any way for another object's value to
make its way in there. Anyway I cannot get the syntax right on the xpath
to perform the above check - getting the $current-node in there is my first
problem.

Any help will be much appreciated.

<?xml version="1.0" encoding="UTF-8"?><nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.1.20070411 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add class-name="User" qualified-src-dn="O=Users\OU=Staff\CN=khead"
src-dn="\VAULT-IDV\Users\Staff\khead" src-entry-id="72004">
<add-attr attr-name="GUID">
<value timestamp="1184277461#27" type="octet">YKyc6cIw3AGABAATclgZnA==</value>
</add-attr>
<add-attr attr-name="jobCode">
<value timestamp="1185251292#1" type="string">000042</value>
</add-attr>
</add>
<modify class-name="Group" dest-dn="Users\Groups\VAULTSTAFF"
event-id="VAULT-IDV2#20070724050336#1#1">
<modify-attr attr-name="Member">
<add-value>
<value>\VAULT-IDV\Users\Staff\khead</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Equivalent To Me">
<add-value>
<value>\VAULT-IDV\Users\Staff\khead</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>