Code(-8014) Error processing attribute

I'm using IDM 4.7. I wrote the following policy in the loopback driver in order to add users on entitlement assignment.
The entitlement is valued.
<do-add-src-attr-value class-name="User" name="Group Membership">
<arg-dn>
<token-src-dn/>
</arg-dn>
<arg-value type="string">
<token-local-variable name="current-node"/>
</arg-value>
</do-add-src-attr-value>

When assigning an entitlement to a user i have the following error: Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY

The Trace file is as follows:
[11/15/18 11:13:13.024]:Group Membership Control ST:Applying policy: % CCACMELBACKENT-maintain Group Membership based on Entitlements%-C.
[11/15/18 11:13:13.024]:Group Membership Control ST: Applying to modify #1.
[11/15/18 11:13:13.024]:Group Membership Control ST: Evaluating selection criteria for rule 'Only allow add and modify operations'.
[11/15/18 11:13:13.024]:Group Membership Control ST: (if-operation not-equal "add") = TRUE.
[11/15/18 11:13:13.024]:Group Membership Control ST: (if-operation not-equal "modify") = FALSE.
[11/15/18 11:13:13.024]:Group Membership Control ST: Rule rejected.
[11/15/18 11:13:13.024]:Group Membership Control ST: Evaluating selection criteria for rule 'Group add or remove on entitlement'.
[11/15/18 11:13:13.024]:Group Membership Control ST: (if-class-name equal "User") = TRUE.
[11/15/18 11:13:13.024]:Group Membership Control ST: (if-entitlement 'ACMELBACKENT-Assign Group Membership' changing) = TRUE.
[11/15/18 11:13:13.024]:Group Membership Control ST: Rule selected.
[11/15/18 11:13:13.024]:Group Membership Control ST: Applying rule 'Group add or remove on entitlement'.
[11/15/18 11:13:13.024]:Group Membership Control ST: Action: do-for-each(arg-node-set(token-added-entitlement("ACMELBACKENT-Assign Group Membership"))).
[11/15/18 11:13:13.024]:Group Membership Control ST: arg-node-set(token-added-entitlement("ACMELBACKENT-Assign Group Membership"))
[11/15/18 11:13:13.024]:Group Membership Control ST: token-added-entitlement("ACMELBACKENT-Assign Group Membership")
[11/15/18 11:13:13.024]:Group Membership Control ST: Token Value: {<entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1"}.
[11/15/18 11:13:13.024]:Group Membership Control ST: Arg Value: {<entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1"}.
[11/15/18 11:13:13.040]:Group Membership Control ST: Performing actions for local-variable(current-node) = <entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1".
[11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-add-src-attr-value("Group Membership",class-name="User",arg-dn(token-src-dn()),token-local-variable("current-node")).
[11/15/18 11:13:13.040]:Group Membership Control ST: arg-dn(token-src-dn())
[11/15/18 11:13:13.040]:Group Membership Control ST: token-src-dn()
[11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: "\IDVAULT-TREE\data\users\VKhoury".
[11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: "\IDVAULT-TREE\data\users\VKhoury".
[11/15/18 11:13:13.040]:Group Membership Control ST: arg-string(token-local-variable("current-node"))
[11/15/18 11:13:13.040]:Group Membership Control ST: token-local-variable("current-node")
[11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: "{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}".
[11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: "{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}".
[11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-for-each(arg-node-set(token-removed-entitlement("ACMELBACKENT-Assign Group Membership"))).
[11/15/18 11:13:13.040]:Group Membership Control ST: arg-node-set(token-removed-entitlement("ACMELBACKENT-Assign Group Membership"))
[11/15/18 11:13:13.040]:Group Membership Control ST: token-removed-entitlement("ACMELBACKENT-Assign Group Membership")
[11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: {}.
[11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: {}.
[11/15/18 11:13:13.040]:Group Membership Control ST: Evaluating selection criteria for rule 'Terminate Further Operation Processing'.
[11/15/18 11:13:13.040]:Group Membership Control ST: Rule selected.
[11/15/18 11:13:13.040]:Group Membership Control ST: Applying rule 'Terminate Further Operation Processing'.
[11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-veto().
[11/15/18 11:13:13.040]:Group Membership Control ST: Direct command from policy
[11/15/18 11:13:13.040]:Group Membership Control ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.7.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" dest-dn="\IDVAULT-TREE\data\users\VKhoury" event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d">
<modify-attr attr-name="Group Membership">
<add-value>
<value type="string">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</value>
</add-value>
</modify-attr>
<operation-data>
<entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
</operation-data>
</modify>
</input>
</nds>
[11/15/18 11:13:13.040]:Group Membership Control ST: Stripping operation data from input document
[11/15/18 11:13:13.040]:Group Membership Control ST: Pumping XDS to eDirectory.
[11/15/18 11:13:13.040]:Group Membership Control ST: Performing operation modify for \IDVAULT-TREE\data\users\VKhoury.
[11/15/18 11:13:13.040]:Group Membership Control ST: --JCLNT-- \IDVAULT-TREE\system\driverset1\Group Membership Control : Duplicating : context = 656867519, tempContext = 656867482
[11/15/18 11:13:13.040]:Group Membership Control ST: --JCLNT-- \IDVAULT-TREE\system\driverset1\Group Membership Control : Calling free on tempContext = 656867482
[11/15/18 11:13:13.040]:Group Membership Control ST: Restoring operation data to output document
[11/15/18 11:13:13.040]:Group Membership Control ST: Processing returned document.
[11/15/18 11:13:13.040]:Group Membership Control ST: Processing operation <status> for .
[11/15/18 11:13:13.040]:Group Membership Control ST:
DirXML Log Event -------------------
Driver: \IDVAULT-TREE\system\driverset1\Group Membership Control
Channel: Subscriber
Status: Success
[11/15/18 11:13:13.117]:Group Membership Control ST: Processing operation <status> for .
[11/15/18 11:13:13.117]:Group Membership Control ST:
DirXML Log Event -------------------
Driver: \IDVAULT-TREE\system\driverset1\Group Membership Control
Channel: Subscriber
Status: Warning
Message: Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY
[11/15/18 11:13:13.180]:Group Membership Control ST: Direct command from policy result
[11/15/18 11:13:13.180]:Group Membership Control ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.7.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d" level="success"><operation-data>
<entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
</operation-data>
<application>DirXML</application>
<module>Group Membership Control</module>
<object-dn></object-dn>
<component>Subscriber</component>
</status>
<status event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d" level="warning">Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY<operation-data>
<entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
</operation-data>
<application>DirXML</application>
<module>Group Membership Control</module>
<object-dn></object-dn>
<component>Subscriber</component>
</status>
</output>
</nds>
[11/15/18 11:13:13.180]:Group Membership Control ST:Policy returned:
[11/15/18 11:13:13.180]:Group Membership Control ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.7.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input/>
</nds>
[11/15/18 11:13:13.180]:Group Membership Control ST:End transaction.
Parents
  • vkhoury;2490852 wrote:
    I'm using IDM 4.7. I wrote the following policy in the loopback driver in order to add users on entitlement assignment.
    The entitlement is valued.
    <do-add-src-attr-value class-name="User" name="Group Membership">
    <arg-dn>
    <token-src-dn/>
    </arg-dn>
    <arg-value type="string">
    <token-local-variable name="current-node"/>
    </arg-value>
    </do-add-src-attr-value>

    When assigning an entitlement to a user i have the following error: Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY

    The Trace file is as follows:
    [11/15/18 11:13:13.024]:Group Membership Control ST:Applying policy: % CCACMELBACKENT-maintain Group Membership based on Entitlements%-C.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Applying to modify #1.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Evaluating selection criteria for rule 'Only allow add and modify operations'.
    [11/15/18 11:13:13.024]:Group Membership Control ST: (if-operation not-equal "add") = TRUE.
    [11/15/18 11:13:13.024]:Group Membership Control ST: (if-operation not-equal "modify") = FALSE.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Rule rejected.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Evaluating selection criteria for rule 'Group add or remove on entitlement'.
    [11/15/18 11:13:13.024]:Group Membership Control ST: (if-class-name equal "User") = TRUE.
    [11/15/18 11:13:13.024]:Group Membership Control ST: (if-entitlement 'ACMELBACKENT-Assign Group Membership' changing) = TRUE.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Rule selected.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Applying rule 'Group add or remove on entitlement'.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Action: do-for-each(arg-node-set(token-added-entitlement("ACMELBACKENT-Assign Group Membership"))).
    [11/15/18 11:13:13.024]:Group Membership Control ST: arg-node-set(token-added-entitlement("ACMELBACKENT-Assign Group Membership"))
    [11/15/18 11:13:13.024]:Group Membership Control ST: token-added-entitlement("ACMELBACKENT-Assign Group Membership")
    [11/15/18 11:13:13.024]:Group Membership Control ST: Token Value: {<entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1"}.
    [11/15/18 11:13:13.024]:Group Membership Control ST: Arg Value: {<entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1"}.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Performing actions for local-variable(current-node) = <entitlement-impl> @id = "" @name = "ACMELBACKENT-Assign Group Membership" @qualified-src-dn = "O=data\OU=users\CN=VKhoury" @src = "UA" @src-dn = "\IDVAULT-TREE\data\users\VKhoury" @src-entry-id = "34380" @state = "1".
    [11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-add-src-attr-value("Group Membership",class-name="User",arg-dn(token-src-dn()),token-local-variable("current-node")).
    [11/15/18 11:13:13.040]:Group Membership Control ST: arg-dn(token-src-dn())
    [11/15/18 11:13:13.040]:Group Membership Control ST: token-src-dn()
    [11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: "\IDVAULT-TREE\data\users\VKhoury".
    [11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: "\IDVAULT-TREE\data\users\VKhoury".
    [11/15/18 11:13:13.040]:Group Membership Control ST: arg-string(token-local-variable("current-node"))
    [11/15/18 11:13:13.040]:Group Membership Control ST: token-local-variable("current-node")
    [11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: "{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}".
    [11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: "{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}".
    [11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-for-each(arg-node-set(token-removed-entitlement("ACMELBACKENT-Assign Group Membership"))).
    [11/15/18 11:13:13.040]:Group Membership Control ST: arg-node-set(token-removed-entitlement("ACMELBACKENT-Assign Group Membership"))
    [11/15/18 11:13:13.040]:Group Membership Control ST: token-removed-entitlement("ACMELBACKENT-Assign Group Membership")
    [11/15/18 11:13:13.040]:Group Membership Control ST: Token Value: {}.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Arg Value: {}.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Evaluating selection criteria for rule 'Terminate Further Operation Processing'.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Rule selected.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Applying rule 'Terminate Further Operation Processing'.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Action: do-veto().
    [11/15/18 11:13:13.040]:Group Membership Control ST: Direct command from policy
    [11/15/18 11:13:13.040]:Group Membership Control ST:
    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Standard" version="4.7.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <input>
    <modify class-name="User" dest-dn="\IDVAULT-TREE\data\users\VKhoury" event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d">
    <modify-attr attr-name="Group Membership">
    <add-value>
    <value type="string">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</value>
    </add-value>
    </modify-attr>
    <operation-data>
    <entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
    </operation-data>
    </modify>
    </input>
    </nds>
    [11/15/18 11:13:13.040]:Group Membership Control ST: Stripping operation data from input document
    [11/15/18 11:13:13.040]:Group Membership Control ST: Pumping XDS to eDirectory.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Performing operation modify for \IDVAULT-TREE\data\users\VKhoury.
    [11/15/18 11:13:13.040]:Group Membership Control ST: --JCLNT-- \IDVAULT-TREE\system\driverset1\Group Membership Control : Duplicating : context = 656867519, tempContext = 656867482
    [11/15/18 11:13:13.040]:Group Membership Control ST: --JCLNT-- \IDVAULT-TREE\system\driverset1\Group Membership Control : Calling free on tempContext = 656867482
    [11/15/18 11:13:13.040]:Group Membership Control ST: Restoring operation data to output document
    [11/15/18 11:13:13.040]:Group Membership Control ST: Processing returned document.
    [11/15/18 11:13:13.040]:Group Membership Control ST: Processing operation <status> for .
    [11/15/18 11:13:13.040]:Group Membership Control ST:
    DirXML Log Event -------------------
    Driver: \IDVAULT-TREE\system\driverset1\Group Membership Control
    Channel: Subscriber
    Status: Success
    [11/15/18 11:13:13.117]:Group Membership Control ST: Processing operation <status> for .
    [11/15/18 11:13:13.117]:Group Membership Control ST:
    DirXML Log Event -------------------
    Driver: \IDVAULT-TREE\system\driverset1\Group Membership Control
    Channel: Subscriber
    Status: Warning
    Message: Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY
    [11/15/18 11:13:13.180]:Group Membership Control ST: Direct command from policy result
    [11/15/18 11:13:13.180]:Group Membership Control ST:
    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Standard" version="4.7.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <output>
    <status event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d" level="success"><operation-data>
    <entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
    </operation-data>
    <application>DirXML</application>
    <module>Group Membership Control</module>
    <object-dn></object-dn>
    <component>Subscriber</component>
    </status>
    <status event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d" level="warning">Code(-8014) Error processing attribute (\IDVAULT-TREE\data\users\VKhoury#Group Membership): novell.jclient.JCException: nameToID -601 ERR_NO_SUCH_ENTRY<operation-data>
    <entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
    </operation-data>
    <application>DirXML</application>
    <module>Group Membership Control</module>
    <object-dn></object-dn>
    <component>Subscriber</component>
    </status>
    </output>
    </nds>
    [11/15/18 11:13:13.180]:Group Membership Control ST:Policy returned:
    [11/15/18 11:13:13.180]:Group Membership Control ST:
    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Standard" version="4.7.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <input/>
    </nds>
    [11/15/18 11:13:13.180]:Group Membership Control ST:End transaction.


    Hi vkhoury,

    Are you sure, that you trying to add to Group Membership attribute information in the right format?
    Group Membership described in schema like DN.

    LDAP Name
    groupMembership
    Syntax
    Distinguished Name

    I believe, that you suppose to add to this attribute DN of your group.
    \IDVAULT-TREE\data\groups\TestGroup3 instead your current value ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"


    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Standard" version="4.7.0.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <input>
    <modify class-name="User" dest-dn="\IDVAULT-TREE\data\users\VKhoury" event-id="vanessa-netiq3-nds#20181115111312#1#7:329aff27-86a2-46bc-a3d0-b6d2a21ce95d">
    <modify-attr attr-name="Group Membership">
    <add-value>
    <value type="string">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</value>
    </add-value>
    </modify-attr>
    <operation-data>
    <entitlement-impl id="" name="ACMELBACKENT-Assign Group Membership" qualified-src-dn="O=data\OU=users\CN=VKhoury" src="UA" src-dn="\IDVAULT-TREE\data\users\VKhoury" src-entry-id="34380" state="1">{"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}</entitlement-impl>
    </operation-data>
    </modify>
    </input>
    </nds>
  • Hi ab,
    I realized the the issue was the format of the group membership DN in current-node.
    I dunno the reason but i tried to adjust it the DN by using Replace and substring tokens.
    It works fine now. But i still want to figure out why it is written in this format.
  • On 11/15/2018 8:54 AM, vkhoury wrote:
    >
    > Hi ab,
    > I realized the the issue was the format of the group membership DN in
    > current-node.
    > I dunno the reason but i tried to adjust it the DN by using Replace and
    > substring tokens.
    > It works fine now. But i still want to figure out why it is written in
    > this format.


    When you use a Token-Entitlement, Token-AddedEntitlement,
    Token-RemovedEntitlement and loop over the values, $current-node is the
    contents of the <param> node, inside the component[@name='path.xml'].

    So in a IDM4 format entitlement it is a JSON string.

    {"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}

    Thus you can treat it as JSON and get the value back. So use the ECMA
    function I referenced.

    Or you can treat it as a string and process it to what you want, in
    XPATH you could:

    substring-before(substring-after($current-node,'{"ID":"),'"}')

    In Policy you could do the same.
Reply
  • On 11/15/2018 8:54 AM, vkhoury wrote:
    >
    > Hi ab,
    > I realized the the issue was the format of the group membership DN in
    > current-node.
    > I dunno the reason but i tried to adjust it the DN by using Replace and
    > substring tokens.
    > It works fine now. But i still want to figure out why it is written in
    > this format.


    When you use a Token-Entitlement, Token-AddedEntitlement,
    Token-RemovedEntitlement and loop over the values, $current-node is the
    contents of the <param> node, inside the component[@name='path.xml'].

    So in a IDM4 format entitlement it is a JSON string.

    {"ID":"\\IDVAULT-TREE\\data\\groups\\TestGroup3"}

    Thus you can treat it as JSON and get the value back. So use the ECMA
    function I referenced.

    Or you can treat it as a string and process it to what you want, in
    XPATH you could:

    substring-before(substring-after($current-node,'{"ID":"),'"}')

    In Policy you could do the same.
Children
No Data