I know I'm missing something obvious here...

I have an EMPLID value, and am using it via query to resolve it to an
object DN. I'm also reading attribute employeeStatus to be used inthe
next rule. Results of the query go to a nodeset, because there could be
more than one object with the same EMPLID value. Rule:

<rule>
<description>Resolve EmplId</description>
<comment xml:space="preserve">Resolve EmplId value to
accounts</comment>
<conditions>
<and>
<if-op-attr name="EMPLID" op="available"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="UserDNNS" scope="policy">
<arg-node-set>
<token-query>
<arg-match-attr name="workforceid">
<arg-value type="string">
<token-op-attr name="EMPLID"/>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">employeeStatus</token-text>
</arg-string>
</token-query>
</arg-node-set>
</do-set-local-variable>
</actions>
</rule>


That works, and I get back an <instance> like I'd expect:

<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0"
qualified-src-dn="O=NIU\OU=Users\CN=A132028"
src-dn="\NIU-FLAT-DEVELOPMENT\NIU\Users\A132028" src-entry-id="907316">
<attr attr-name="employeeStatus">
<value timestamp="1221806933#10" type="string">A</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>

Now I need to know if employeeStatus is actually present on the
object(s) in the nodeset. So, loop through the nodeset and look for ...
and that's where I'm stuck. I know what doesn't work, but how do I
access the current-node/attr/attr-name=employeeStatus/value correctly in
XPath?


<rule>
<description>Add Account to Group</description>
<comment xml:space="preserve">Add Employee accounts to Group</comment>
<conditions>
<and>
<if-local-variable name="GroupDN" op="available"/>
<if-local-variable name="UserDNNS" op="available"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-local-variable name="UserDNNS"/>
</arg-node-set>
<arg-actions>
<do-if>
<arg-conditions>
<and>
<if-xpath
op="true">$current-node/attr/@attr-name[employeeStatus]/value/text()='.+'</if-xpath>
</and>
</arg-conditions>
<arg-actions>
[-snip-]
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
</actions>
</rule>


I found a way around this by doing another query, using the DN in the
nodeset, to read employeeStatus in to a local variable, then testing
that. It works, but seems wrong to do that when I could just read the
attribute in the query and should, I think, be able to use it in the
results I already havein the nodeset from that.


---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Support Forums Volunteer SysOp http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.