How I can query attribute value from policy (Text Driver) to validate parent and child relationship

I need to validate that an object (parent) exist in the eDir before create a new  child object.

Example:

I create the parent, manually from Identity Console / Object Management.

Parent Object:

CN: 00001

Name: unit 1

ParentID: 0000

The next  objects will be create using a Text Driver

But, if in the text file the user copy a ParentID that not exits in the eDir,I need validate it and abort the operation.

Child Object

CN: 000010

Name: unit 10

ParentID: 0001

Process OK

Child Object

CN: 000010

Name: unit 10

ParentID: 9999

Process abort

I tried using a "find matchin" in a match policy but dont work.

Where CustIDPresidenciaJefa is a parten and must exists to create the CustIDUnidadLaboral

I tried using "destination atribute" but dont work.

Exists anyway to do its?

Best,

Cesar.

Parents
  • Verified Answer

    +1  

    So you know, Find Matching Object is only useful in the Matching policies.  When it is done it sets the operation destination target.  I.e. There is no association, this is an add event, and you set the @dest-dn value with this token.  So will not help in your case.

    What you would do is something like:

    <rule>
    	<description>Check for object before creating</description>
    	<comment name="author" xml:space="preserve">Geoffrey Carman</comment>
    	<comment name="version" xml:space="preserve">1</comment>
    	<comment name="lastchanged" xml:space="preserve">Sept 30, 2024</comment>
    	<conditions>
    		<and/>
    	</conditions>
    	<actions>
    		<do-set-local-variable name="Object1" scope="policy">
    			<arg-string>
    				<token-text xml:space="preserve">Some Value1</token-text>
    			</arg-string>
    		</do-set-local-variable>
    		<do-set-local-variable name="Search-For-Object1" scope="policy">
    			<arg-node-set>
    				<token-query>
    					<arg-match-attr name="CN">
    						<arg-value type="string">
    							<token-local-variable name="Object1"/>
    						</arg-value>
    					</arg-match-attr>
    				</token-query>
    			</arg-node-set>
    		</do-set-local-variable>
    		<do-if>
    			<arg-conditions>
    				<and>
    					<if-xpath op="true">$Search-For-Object1/@src-dn</if-xpath>
    				</and>
    			</arg-conditions>
    			<arg-actions>
    				<do-set-local-variable name="Object1-DN" scope="policy">
    					<arg-string>
    						<token-xpath expression="$Search-For-Object1/@src-dn"/>
    					</arg-string>
    				</do-set-local-variable>
    			</arg-actions>
    			<arg-actions/>
    		</do-if>
    	</actions>
    </rule>

    Couple of points.  The Variable Search-For-Object1 has to be a nodeset variable, that will store the XML nodesets result of the Query token.  (Also the Query token is searching the destination, switch to source if you needed that, it is looking for CN=Object1 variable value, change that as needed).   Then you can use XPATH on the variable.

    I am assuming you only ever find 1 value. So if there is ANY value, then must be the one.  If you could have more than one, and need to know you can use an If XPATH test of count($Search-for-Object1)>1 and you know you have more than one.  And you can do something else with it,

Reply
  • Verified Answer

    +1  

    So you know, Find Matching Object is only useful in the Matching policies.  When it is done it sets the operation destination target.  I.e. There is no association, this is an add event, and you set the @dest-dn value with this token.  So will not help in your case.

    What you would do is something like:

    <rule>
    	<description>Check for object before creating</description>
    	<comment name="author" xml:space="preserve">Geoffrey Carman</comment>
    	<comment name="version" xml:space="preserve">1</comment>
    	<comment name="lastchanged" xml:space="preserve">Sept 30, 2024</comment>
    	<conditions>
    		<and/>
    	</conditions>
    	<actions>
    		<do-set-local-variable name="Object1" scope="policy">
    			<arg-string>
    				<token-text xml:space="preserve">Some Value1</token-text>
    			</arg-string>
    		</do-set-local-variable>
    		<do-set-local-variable name="Search-For-Object1" scope="policy">
    			<arg-node-set>
    				<token-query>
    					<arg-match-attr name="CN">
    						<arg-value type="string">
    							<token-local-variable name="Object1"/>
    						</arg-value>
    					</arg-match-attr>
    				</token-query>
    			</arg-node-set>
    		</do-set-local-variable>
    		<do-if>
    			<arg-conditions>
    				<and>
    					<if-xpath op="true">$Search-For-Object1/@src-dn</if-xpath>
    				</and>
    			</arg-conditions>
    			<arg-actions>
    				<do-set-local-variable name="Object1-DN" scope="policy">
    					<arg-string>
    						<token-xpath expression="$Search-For-Object1/@src-dn"/>
    					</arg-string>
    				</do-set-local-variable>
    			</arg-actions>
    			<arg-actions/>
    		</do-if>
    	</actions>
    </rule>

    Couple of points.  The Variable Search-For-Object1 has to be a nodeset variable, that will store the XML nodesets result of the Query token.  (Also the Query token is searching the destination, switch to source if you needed that, it is looking for CN=Object1 variable value, change that as needed).   Then you can use XPATH on the variable.

    I am assuming you only ever find 1 value. So if there is ANY value, then must be the one.  If you could have more than one, and need to know you can use an If XPATH test of count($Search-for-Object1)>1 and you know you have more than one.  And you can do something else with it,

Children