I am trying to write a rule which will, when it receives a password
change event for a user, query a specific group in AD to see if that
user is a member... or else query the'memberOf' pseudo-attribute for
the user and see if the specific group is listed.
I know that if I use either approach, I will need to use XPATH and a
For the first approach, I would query for all members of the specific
group and iterate over them looking for the user in question, and for
the second approach I would iterate over all groups the user is a member
of until it finds a match. I'm stuck on which is the better approach and
exactly how to construct the query.
Can someone steer me toward a useful XPATH tutorial with gobs of examples?