Regex DN matching woes

I'm feeling abit stupid here, but I simply cannot see what the problem is:

The following code, should in my opinion match, and thus set the local variable lOK to "false".
But it does not..... why oh why, here is the rule:

<do-for-each>
<arg-node-set>
<token-src-attr name="nrfAssociatedRoles"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lcurrChild" scope="policy">
<arg-node-set>
<token-query datastore="src">
<arg-dn>
<token-xpath expression="$current-node/component[@name='volume']/text()"/>
</arg-dn>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="lcurrChild"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lOK" scope="policy">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lCurrentRole" scope="policy">
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-global-variable name="drv.except"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lContainer" scope="policy">
<arg-string>
<token-xpath expression='$current-node/definition[@name="container"]/value/text()'/>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="regex" name="lCurrentRole" op="equal">.*$lContainer$.*</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="lOK" scope="policy">
<arg-string>
<token-text xml:space="preserve">false</token-text>
</arg-string>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="lOK" op="equal">true</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="lAssignments" scope="policy">
<arg-string>
<token-local-variable name="lAssignments"/>
<token-parse-dn dest-dn-format="ldap" src-dn-format="qualified-slash">
<token-xpath expression="$current-node/@qualified-src-dn"/>
</token-parse-dn>
<token-text xml:space="preserve">|</token-text>
</arg-string>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
</arg-actions>
</do-for-each>


And here is the relevant portion of the trace:

Action: do-set-local-variable("lOK",scope="policy","true").
arg-string("true")
token-text("true")
Arg Value: "true".
Action: do-set-local-variable("lCurrentRole",scope="policy",token-xpath("$current-node/@src-dn")).
arg-string(token-xpath("$current-node/@src-dn"))
token-xpath("$current-node/@src-dn")
Token Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
Arg Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
Action: do-for-each(arg-node-set(token-global-variable("drv.except"))).
arg-node-set(token-global-variable("drv.except"))
token-global-variable("drv.except")
Token Value: {<instance>}.
Arg Value: {<instance>}.
Performing actions for local-variable(current-node) = <instance>.
Action: do-set-local-variable("lContainer",scope="policy",token-xpath("$current-node/definition[@name="container"]/value/text()")).
arg-string(token-xpath("$current-node/definition[@name="container"]/value/text()"))
token-xpath("$current-node/definition[@name="container"]/value/text()")
Token Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
Arg Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
Action: do-if().
Evaluating conditions.
Expanded variable reference '$lContainer$' to 'system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
(if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.
Performing else actions.
Action: do-if().
Evaluating conditions.
(if-local-variable 'lOK' equal "true") = TRUE.


Why does it not match? Anyone?

-Nicolai
  • 6525036 wrote:

    > Expanded variable reference '$lContainer$' to 'system\driverset1\User
    > Application
    > Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
    > (if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.


    Probably because the backslashes in your expanded variable value are no literal
    backslashes in a regex context but an escape char. You'd have to escape them
    with another backslash for the regex to match.

    Why don't you use if-xpath with:

    contains($lCurrentRole, $lContainer)

    or even more reliable:

    starts-with($lCurrentRole, concat('\',$dirxml.auto.treename,'\',$lContainer))

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • Nothing short of brilliant.
    Thanks a lot.
  • On 4/22/2019 6:14 AM, 6525036 wrote:
    >
    > I'm feeling abit stupid here, but I simply cannot see what the problem
    > is:
    >
    > The following code, should in my opinion match, and thus set the local
    > variable lOK to "false".
    > But it does not..... why oh why, here is the rule:
    >
    >
    > Code:
    > --------------------
    > <do-for-each>
    > <arg-node-set>
    > <token-src-attr name="nrfAssociatedRoles"/>
    > </arg-node-set>
    > <arg-actions>
    > <do-set-local-variable name="lcurrChild" scope="policy">
    > <arg-node-set>
    > <token-query datastore="src">
    > <arg-dn>
    > <token-xpath expression="$current-node/component[@name='volume']/text()"/>
    > </arg-dn>
    > </token-query>
    > </arg-node-set>
    > </do-set-local-variable>
    > <do-for-each>
    > <arg-node-set>
    > <token-local-variable name="lcurrChild"/>
    > </arg-node-set>
    > <arg-actions>
    > <do-set-local-variable name="lOK" scope="policy">
    > <arg-string>
    > <token-text xml:space="preserve">true</token-text>
    > </arg-string>
    > </do-set-local-variable>
    > <do-set-local-variable name="lCurrentRole" scope="policy">
    > <arg-string>
    > <token-xpath expression="$current-node/@src-dn"/>
    > </arg-string>
    > </do-set-local-variable>
    > <do-for-each>
    > <arg-node-set>
    > <token-global-variable name="drv.except"/>
    > </arg-node-set>
    > <arg-actions>
    > <do-set-local-variable name="lContainer" scope="policy">
    > <arg-string>
    > <token-xpath expression='$current-node/definition[@name="container"]/value/text()'/>
    > </arg-string>
    > </do-set-local-variable>
    > <do-if>
    > <arg-conditions>
    > <and>
    > <if-local-variable mode="regex" name="lCurrentRole" op="equal">.*$lContainer$.*</if-local-variable>
    > </and>
    > </arg-conditions>
    > <arg-actions>
    > <do-set-local-variable name="lOK" scope="policy">
    > <arg-string>
    > <token-text xml:space="preserve">false</token-text>
    > </arg-string>
    > </do-set-local-variable>
    > </arg-actions>
    > <arg-actions/>
    > </do-if>
    > </arg-actions>
    > </do-for-each>
    > <do-if>
    > <arg-conditions>
    > <and>
    > <if-local-variable mode="nocase" name="lOK" op="equal">true</if-local-variable>
    > </and>
    > </arg-conditions>
    > <arg-actions>
    > <do-set-local-variable name="lAssignments" scope="policy">
    > <arg-string>
    > <token-local-variable name="lAssignments"/>
    > <token-parse-dn dest-dn-format="ldap" src-dn-format="qualified-slash">
    > <token-xpath expression="$current-node/@qualified-src-dn"/>
    > </token-parse-dn>
    > <token-text xml:space="preserve">|</token-text>
    > </arg-string>
    > </do-set-local-variable>
    > </arg-actions>
    > <arg-actions/>
    > </do-if>
    > </arg-actions>
    > </do-for-each>
    > </arg-actions>
    > </do-for-each>
    > --------------------
    >
    >
    > And here is the relevant portion of the trace:
    >
    >
    > Code:
    > --------------------
    > Action: do-set-local-variable("lOK",scope="policy","true").
    > arg-string("true")
    > token-text("true")
    > Arg Value: "true".
    > Action: do-set-local-variable("lCurrentRole",scope="policy",token-xpath("$current-node/@src-dn")).
    > arg-string(token-xpath("$current-node/@src-dn"))
    > token-xpath("$current-node/@src-dn")
    > Token Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
    > Arg Value: "\BLACKPILL\system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation\Struct\Dept\956e45e0-b465-ce28-5ee0-c54a6ae8229e".
    > Action: do-for-each(arg-node-set(token-global-variable("drv.except"))).
    > arg-node-set(token-global-variable("drv.except"))
    > token-global-variable("drv.except")
    > Token Value: {<instance>}.
    > Arg Value: {<instance>}.
    > Performing actions for local-variable(current-node) = <instance>.
    > Action: do-set-local-variable("lContainer",scope="policy",token-xpath("$current-node/definition[@name="container"]/value/text()")).
    > arg-string(token-xpath("$current-node/definition[@name="container"]/value/text()"))
    > token-xpath("$current-node/definition[@name="container"]/value/text()")
    > Token Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
    > Arg Value: "system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation".
    > Action: do-if().
    > Evaluating conditions.
    > Expanded variable reference '$lContainer$' to 'system\driverset1\User Application Driver\AppConfig\RoleConfig\RoleDefs\Level20\NonRequestable\Organisation'.
    > (if-local-variable 'lCurrentRole' match ".*$lContainer$.*") = FALSE.
    > Performing else actions.
    > Action: do-if().
    > Evaluating conditions.
    > (if-local-variable 'lOK' equal "true") = TRUE.


    Since you know the engine is going to return the TREE at the root ofthe
    path, why not just add it with a leading backslash, for your compare?
    Designer's simulator will NOT show the tree name but the engine will.