Hello ther,
Below is a rule that I wrote to give group membership to Teachers. This is a modify to capture the group membership based on the OU the
user is in.If the group membership alrady exist, I get an LDAP error 68. I want to be able to have the rule check if the group
memebership already exist for the user A user can have anywhere from 4-8 group memberships based on their title. I ask for help because
I cannot find very little information on the syntax for XPATH.I have looked a lot of palces to include this forum. I can figure out
some of it but not enough. What makes it harder is the local variables that are needed to complete the peicing together of the group
names.I figured I would need a for each statement to read all of the group memberships the user has and compare it to the one that is to be
added..I have OES sp3 IDM 3.0.1 and remote Loader on Win2003 server.Nothing in Netware Tree structure mirrors or even is named the same in
AD. Can it all be done in one rule or split into more? Would someone please help me out on this. I would appreciate it. Thank you.
Bob

<rule>
<description>Modify teacher to default local groups (SUB)</description>
<conditions>
<and>
<if-src-dn op="in-subtree">nisd\Schools</if-src-dn>
<if-operation op="equal">modify</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-attr name="Title" op="equal">teacher</if-attr>
</and>
<and>
<if-src-dn op="in-subtree">nisd\Schools</if-src-dn>
<if-operation op="equal">modify</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-attr name="Title" op="equal">CIT</if-attr>
</and>
</conditions>
<actions>
<do-set-local-variable name="schoolContainer" scope="policy">
<arg-string>
<token-parse-dn dest-dn-format="ldap" length="-3"src-dn-format="ldap">
<token-src-attr name="L">
<arg-dn>
<token-src-dn length="-2"/>
</arg-dn>
</token-src-attr>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="schoolOU">
<arg-string>
<token-parse-dn dest-dn-format="ldap" src-dn-format="ldap"start="3">
<token-local-variable name="schoolContainer"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="Group" name="Member">
<arg-dn>
<token-text xml:space="preserve">CN=</token-text>
<token-substring start="3">
<token-local-variable name="schoolOU"/>
</token-substring>
<token-text xml:space="preserve">Teachers-GS</token-text>
<token-text xml:space="preserve">,OU=Groups,</token-text>
<token-local-variable name="schoolContainer"/>
<token-textxml:space="preserve">,dc=northside,dc=isd,dc=t enet,dc=edu</token-text>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>