I think im just being bone-headed here, and this has to be simpler than
im making it.. so, i come to the forum for some help .

We have a custom driver that we are implementing to manage our RSA
database (ACE server). For the sake of my question, that really doesn't

Im having some trouble scoping out certain attributes. When a user
gets added or modified and their groupmembership is changing, my driver
cares about that of course, but I only want to syncronize group
memberships that are in the \O\RSA container. Whats happening, is that
my driver is trying to syncronize group memberships that are from any
other container including the RSA OU.

So, I know I need to scope this out with some kind of xpath expression
with a contains or not(contains) kind of thing. The problem im running
into, is since this is a multi-valued attribute, its possible that a
single modify event might contain groups from the \O\RSA container, and
from any other container. I really want to filter out anything that
is *not* \O\RSA based. And let the document flow on through.

I've tried all sorts of itterations of this. Ive tried doing an
Strip-Xpath on a certain attribute, I've trid stripping the op-attr, but
that of course removes everything. so, then I tried counting the # of
groups in the noeeset, and if it is only 1 - then i strip the op-attr,
if its more than one, I attempted doing an strip-xpath on it. So far, I
have had no luck.

Here is another example:

A modify of the groupmembership attribute comes in that contains and
add-value for the following...


I want my output document that gets sent to our RSA system to have just
the add-values for \O\RSA\GROUP1 and \O\RSA\GROUP2 I need the others
to be dropped.

Im certain this is way more simple than im making it.. Anyone have
any thouhgts or gentle nudges in the right direction?


mabatche's Profile: http://forums.novell.com/member.php?userid=2004
View this thread: http://forums.novell.com/showthread.php?t=359541