Trying to add a user to a group in AD. Problem is that the user *may*
already exist in the group. If they do we will get an
LDAP_ALREADY_EXISTS error from AD. So far no mystery.

So I query for the group members:

[03/05/09 10:47:53.854]:Active Directory ST: Applying schema
mapping policies to input.
[03/05/09 10:47:53.854]:Active Directory ST: Applying
policy: %+C%14CSchemaMapping%-C.
[03/05/09 10:47:53.854]:Active Directory ST: Mapping
class-name 'group' to 'Group'.
[03/05/09 10:47:53.855]:Active Directory ST: Mapping
attr-name 'member' to 'Member'.
[03/05/09 10:47:53.855]:Active Directory ST: Resolving
association references.
[03/05/09 10:47:53.868]:Active Directory ST: Query from
policy result
[03/05/09 10:47:53.868]:Active Directory ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20080229_143300"
instance="\DBCTREE1\CBS\IDM\DRIVERS\Active Directory"
version="3.5.3">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="Group" event-id="0"
src-dn="cn=All,ou=sa,ou=hous,ou=tx_hub,ou=ce,ou=cbs,dc =addomain1,dc=local">
<association>4fa624ed2707f644bfcfecee2075d084</association>
<attr attr-name="Member">
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03890</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03876</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03857</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03841</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03818</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03786</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03784</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03767</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03755</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03740</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03609</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03911</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03907</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03812</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03734</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03661</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03642</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03553</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03537</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03523</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03522</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03466</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03167</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K03066</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K02604</value>
<value naming="true"
type="dn">\DBCTREE1\CBS\USERS\K02489</value>
</attr>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[03/05/09 10:47:53.871]:Active Directory ST:

I put this in a node-set variable (I use a token-dest-attr to do
this).

Now I want to test if the src-dn is in the node set.

[03/05/09 10:47:53.879]:Active Directory ST: Action:
do-trace-message("***DEBUG src-dn = "+token-xpath("@src-dn")+"
["+token-xpath("contains($ALL-GROUP-MEMBERS,@src-dn)")+"]").
[03/05/09 10:47:53.880]:Active Directory ST:
arg-string("***DEBUG src-dn = "+token-xpath("@src-dn")+"
["+token-xpath("contains($ALL-GROUP-MEMBERS,@src-dn)")+"]")
[03/05/09 10:47:53.880]:Active Directory ST:
token-text("***DEBUG src-dn = ")
[03/05/09 10:47:53.880]:Active Directory ST:
token-xpath("@src-dn")
[03/05/09 10:47:53.881]:Active Directory ST: Token Value:
"CBS\USERS\K03876".
[03/05/09 10:47:53.881]:Active Directory ST: token-text("
[")
[03/05/09 10:47:53.881]:Active Directory ST:
token-xpath("contains($ALL-GROUP-MEMBERS,@src-dn)")
[03/05/09 10:47:53.881]:Active Directory ST: Token Value:
"false".
[03/05/09 10:47:53.882]:Active Directory ST: token-text("]")
[03/05/09 10:47:53.882]:Active Directory ST: Arg Value:
"***DEBUG src-dn = CBS\USERS\K03876 [false]".
[03/05/09 10:47:53.882]:Active Directory ST:***DEBUG src-dn =
CBS\USERS\K03876 [false]
[03/05/09 10:47:53.882]:Active Directory ST: Action:
do-trace-message("***DEBUG src-dn =
"+token-xpath("concat('\DBCTREE1\',@src-dn)")+"
["+token-xpath("contains($ALL-GROUP-MEMBERS,concat('\DBCTREE1\'
,@src-dn))")+"]").
[03/05/09 10:47:53.883]:Active Directory ST:
arg-string("***DEBUG src-dn =
"+token-xpath("concat('\DBCTREE1\',@src-dn)")+"
["+token-xpath("contains($ALL-GROUP-MEMBERS,concat('\DBCTREE1\',@src-dn))")
+"]")
[03/05/09 10:47:53.883]:Active Directory ST:
token-text("***DEBUG src-dn = ")
[03/05/09 10:47:53.883]:Active Directory ST:
token-xpath("concat('\DBCTREE1\',@src-dn)")
[03/05/09 10:47:53.883]:Active Directory ST: Token Value:
"\DBCTREE1\CBS\USERS\K03876".
[03/05/09 10:47:53.884]:Active Directory ST: token-text("
[")
[03/05/09 10:47:53.884]:Active Directory ST:
token-xpath("contains($ALL-GROUP-MEMBERS,concat('\DBCTREE1\',@src-dn))")
[03/05/09 10:47:53.884]:Active Directory ST: Token Value:
"false".
[03/05/09 10:47:53.884]:Active Directory ST: token-text("]")
[03/05/09 10:47:53.885]:Active Directory ST: Arg Value:
"***DEBUG src-dn = \DBCTREE1\CBS\USERS\K03876 [false]".
[03/05/09 10:47:53.885]:Active Directory ST:***DEBUG src-dn =
\DBCTREE1\CBS\USERS\K03876 [false]

From what I could see at least one if not both of these trace messages
should have returned true using the xpath contains() function to
determine if the src-dn is in the node set.

Can one of the XPath gurus recommend a better expression?

thanx
Rob


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: http://forums.novell.com/member.php?userid=4898
View this thread: http://forums.novell.com/showthread.php?t=362887