I'm trying to do something that I dont think is possible...but am happy
to be proven wrong.

Basically i'm trying to query a success status message and retrieve the
DN that the message if for. Thats fine and I can do that and reformat
the DN to be correct.

I then want to use that DN to query for Group Memberships and thats
where I come unstuck.

As the status message doesnt have a DN, i'm using the one I obtained and
trying to force the DN of the Group Memberships query to be the local
variable ($var_sourceobject). The variable doesnt get expanded and hence
it doesnt work, so I assume I cant do this...

Any thoughts?

<if-operation op="equal">status</if-operation>
<if-xpath op="true">self::status[@level = 'success']</if-xpath>
<do-set-local-variable name="var_sourceobject" scope="policy">
<token-xpath expression="self::status[@level = 'success']/object-dn"/>
<do-set-local-variable name="var_cleansourceobj" scope="policy">
<token-xpath expression="substring-before($var_sourceobject,' (')"/>
<do-set-local-variable name="members" scope="policy">
<token-src-attr name="Group Membership">
<token-text xml:space="preserve">$var_sourceobject</token-text>