Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product build="4.0.0" instance="Managed System Gateway Driver" version="4.0.0">Identity Manager Managed System Gateway Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="DirXML-Resource" dest-dn="\IDM4-IDV-01\system\driverset1\acme domain" scope="subtree">
<search-class class-name="DirXML-Resource"/>
<search-attr attr-name="CN">
<value>EntitlementConfiguration</value>
</search-attr>
<read-attr attr-name="DirXML-Data"/>
</query>
</input>
</nds>
[11/17/10 16:30:04.273]:Managed System Gateway Driver :
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="4.0.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Resource" event-id="0" qualified-src-dn="O=system\CN=driverset1\CN=ACME Domain\CN=EntitlementConfiguration" src-dn="\IDM4-IDV-01\system\driverset1\ACME Domain\EntitlementConfiguration" src-entry-id="33803">
<attr attr-name="DirXML-Data">
<value timestamp="1290031576#36" type="octet">PGVudGl0bGVtZW50LWNvbmZpZ3VyYXRpb24gbW9kaWZpZWQ9IjIwMTAxMTE3MTAwNjE2Ij4KCTxlbnRpdGxlbWVudHM CgkJPGVudGl0bGVtZW50IGRhdGEtY29sbGVjdGlvbj0idHJ1ZSIgZG49IkNOPUV4Y2hhbmdlTWFpbGJveCxDTj1BQ01FIERvbWFpbixDTj1kcml2ZXJzZXQxLE89c3lzdGVtIiBwYXJhbWV0ZXItZm9ybWF0PSJpZG00IiByZXNvdXJjZS1tYXBwaW5nPSJ0cnVlIiByb2xlLW1hcHBpbmc9InRydWUiPgoJCQk8dHlwZSBjYXRlZ29yeT0ib3RoZXIgYWNjb3VudCIgaWQ9Im1haWxib3giIG5hbWU9Im1haWxib3giPgoJCQkJPGRpc3BsYXktbmFtZT4KCQkJCQk8dmFsdWUgbGFuZ0NvZGU9ImRlIj5Qb3N0ZmFjaDwvdmFsdWU CgkJCQkJPHZhbHVlIGxhbmdDb2RlPSJlbiI TWFpbGJveDwvdmFsdWU CgkJCQk8L2Rpc3BsYXktbmFtZT4KCQkJPC90eXBlPgoJCTwvZW50aXRsZW1lbnQ CgkJPGVudGl0bGVtZW50IGRhdGEtY29sbGVjdGlvbj0idHJ1ZSIgZG49IkNOPUdyb3VwLENOPUFDTUUgRG9tYWluLENOPWRyaXZlcnNldDEsTz1zeXN0ZW0iIHBhcmFtZXRlci1mb3JtYXQ9ImlkbTQiIHJlc291cmNlLW1hcHBpbmc9InRydWUiIHJvbGUtbWFwcGluZz0idHJ1ZSI CgkJCTx0eXBlIGNhdGVnb3J5PSJzZWN1cml0eSBncm91cGluZyIgaWQ9Imdyb3VwIiBuYW1lPSJncm91cCI CgkJCQk8ZGlzcGxheS1uYW1lPgoJCQkJCTx2YWx1ZSBsYW5nQ29kZT0iZGUiPkdydXBwZTwvdmFsdWU CgkJCQkJPHZhbHVlIGxhbmdDb2RlPSJlbiI R3JvdXA8L3ZhbHVlPgoJCQkJPC9kaXNwbGF5LW5hbWU CgkJCTwvdHlwZT4KCQkJPHBhcmFtZXRlcnM Cgk8cGFyYW1ldGVyIG1hbmRhdG9yeT0idHJ1ZSIgbmFtZT0iSUQiIHNvdXJjZT0iYXNzb2NpYXRpb24iLz4KCTxwYXJhbWV0ZXIgbWFuZGF0b3J5PSJ0cnVlIiBuYW1lPSJJRDIiIHNvdXJjZT0ic3JjLWRuIi8 CjwvcGFyYW1ldGVycz4KCTxtZW1iZXItYXNzaWdubWVudC1leHRlbnNpb25zPgoJCTxxdWVyeS14bWw CgkJCTxyZWFkLWF0dHIgYXR0ci1uYW1lPSJtZW1iZXIiLz4KCQk8L3F1ZXJ5LXhtbD4KCTwvbWVtYmVyLWFzc2lnbm1lbnQtZXh0ZW5zaW9ucz4KCTxxdWVyeS1leHRlbnNpb25zPgoJCTxxdWVyeS14bWw CgkJCTxyZWFkLWF0dHIgYXR0ci1uYW1lPSJvd25lciIvPgoJCQk8cmVhZC1hdHRyIGF0dHItbmFtZT0ic0FNQWNjb3VudE5hbWUiLz4KCQkJPG9wZXJhdGlvbi1kYXRhIGRhdGEtY29sbGVjdGlvbi1xdWVyeT0idHJ1ZSIvPgoJCTwvcXVlcnkteG1sPgoJPC9xdWVyeS1leHRlbnNpb25zPgo8L2VudGl0bGVtZW50PgoJCTxlbnRpdGxlbWVudCBkYXRhLWNvbGxlY3Rpb249InRydWUiIGRuPSJDTj1Vc2VyQWNjb3VudCxDTj1BQ01FIERvbWFpbixDTj1kcml2ZXJzZXQxLE89c3lzdGVtIiBwYXJhbWV0ZXItZm9ybWF0PSJpZG00IiByZXNvdXJjZS1tYXBwaW5nPSJ0cnVlIiByb2xlLW1hcHBpbmc9InRydWUiPgoJCQk8dHlwZSBjYXRlZ29yeT0ic2VjdXJpdHkgYWNjb3VudCIgaWQ9InVzZXIiIG5hbWU9ImFjY291bnQiPgoJCQkJPGRpc3BsYXktbmFtZT4KCQkJCQk8dmFsdWUgbGFuZ0NvZGU9ImRlIj5CZW51dHplcjwvdmFsdWU CgkJCQkJPHZhbHVlIGxhbmdDb2RlPSJlbiI VXNlcjwvdmFsdWU CgkJCQk8L2Rpc3BsYXktbmFtZT4KCQkJPC90eXBlPgoJCQk8cGFyYW1ldGVycz4KCTxwYXJhbWV0ZXIgbWFuZGF0b3J5PSJ0cnVlIiBuYW1lPSJJRCIgc291cmNlPSJyZWFkLWF0dHIiIHNvdXJjZS1uYW1lPSJBRERvbWFpblZhbHVlIi8 CjwvcGFyYW1ldGVycz4KCTxtZW1iZXItYXNzaWdubWVudC1xdWVyeT4KCQk8cXVlcnkteG1sPgoJCQk8bmRzIGR0ZHZlcnNpb249IjIuMCI CgkJCQk8aW5wdXQ CgkJCQkJPHF1ZXJ5IGNsYXNzLW5hbWU9IlVzZXIiIHNjb3BlPSJzdWJ0cmVlIj4KCQkJCQkJPHNlYXJjaC1jbGFzcyBjbGFzcy1uYW1lPSJVc2VyIi8 CgkJCQkJCTxyZWFkLWF0dHIvPgoJCQkJCTwvcXVlcnk CgkJCQk8L2lucHV0PgoJCQk8L25kcz4KCQk8L3F1ZXJ5LXhtbD4KCTwvbWVtYmVyLWFzc2lnbm1lbnQtcXVlcnk Cgk8cXVlcnktZXh0ZW5zaW9ucz4KCQk8cXVlcnkteG1sPgoJCQk8cmVhZC1hdHRyIGF0dHItbmFtZT0iZGlyeG1sLXVBQ0FjY291bnREaXNhYmxlIi8 CgkJCTxyZWFkLWF0dHIgYXR0ci1uYW1lPSJ1c2VyUHJpbmNpcGFsTmFtZSIvPgoJCQk8cmVhZC1hdHRyIGF0dHItbmFtZT0ic0FNQWNjb3VudE5hbWUiLz4KCQkJPG9wZXJhdGlvbi1kYXRhIGRhdGEtY29sbGVjdGlvbi1xdWVyeT0idHJ1ZSIvPgoJCTwvcXVlcnkteG1sPgoJPC9xdWVyeS1leHRlbnNpb25zPgoJPGFjY291bnQ CgkJPGFjY291bnQtaWQgc291cmNlPSJyZWFkLWF0dHIiIHNvdXJjZS1uYW1lPSJzQU1BY2NvdW50TmFtZSIvPgoJCTxhY2NvdW50LWlkIHNvdXJjZT0icmVhZC1hdHRyIiBzb3VyY2UtbmFtZT0idXNlclByaW5jaXBhbE5hbWUiLz4KCQk8YWNjb3VudC1pZCBzb3VyY2U9InNyYy1kbiIvPgoJCTxhY2NvdW50LWlkIHNvdXJjZT0iYXNzb2NpYXRpb24iLz4KCQk8YWNjb3VudC1zdGF0dXMgYWN0aXZlPSJmYWxzZSIgaW5hY3RpdmU9InRydWUiIHNvdXJjZT0icmVhZC1hdHRyIiBzb3VyY2UtbmFtZT0iZGlyeG1sLXVBQ0FjY291bnREaXNhYmxlIi8 Cgk8L2FjY291bnQ CjwvZW50aXRsZW1lbnQ Cgk8L2VudGl0bGVtZW50cz4KPC9lbnRpdGxlbWVudC1jb25maWd1cmF0aW9uPg==</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
<entitlement-configuration modified="20101117100616">
<entitlements>
<entitlement data-collection="true" dn="CN=ExchangeMailbox,CN=ACME Domain,CN=driverset1,O=system" parameter-format="idm4" resource-mapping="true" role-mapping="true">
<type category="other account" id="mailbox" name="mailbox">
<display-name>
<value langCode="de">Postfach</value>
<value langCode="en">Mailbox</value>
</display-name>
</type>
</entitlement>
<entitlement data-collection="true" dn="CN=Group,CN=ACME Domain,CN=driverset1,O=system" parameter-format="idm4" resource-mapping="true" role-mapping="true">
<type category="security grouping" id="group" name="group">
<display-name>
<value langCode="de">Gruppe</value>
<value langCode="en">Group</value>
</display-name>
</type>
<parameters>
<parameter mandatory="true" name="ID" source="association"/>
<parameter mandatory="true" name="ID2" source="src-dn"/>
</parameters>
<member-assignment-extensions>
<query-xml>
<read-attr attr-name="member"/>
</query-xml>
</member-assignment-extensions>
<query-extensions>
<query-xml>
<read-attr attr-name="owner"/>
<read-attr attr-name="sAMAccountName"/>
<operation-data data-collection-query="true"/>
</query-xml>
</query-extensions>
</entitlement>
<entitlement data-collection="true" dn="CN=UserAccount,CN=ACME Domain,CN=driverset1,O=system" parameter-format="idm4" resource-mapping="true" role-mapping="true">
<type category="security account" id="user" name="account">
<display-name>
<value langCode="de">Benutzer</value>
<value langCode="en">User</value>
</display-name>
</type>
<parameters>
<parameter mandatory="true" name="ID" source="read-attr" source-name="ADDomainValue"/>
</parameters>
<member-assignment-query>
<query-xml>
<nds dtdversion="2.0">
<input>
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<read-attr/>
</query>
</input>
</nds>
</query-xml>
</member-assignment-query>
<query-extensions>
<query-xml>
<read-attr attr-name="dirxml-uACAccountDisable"/>
<read-attr attr-name="userPrincipalName"/>
<read-attr attr-name="sAMAccountName"/>
<operation-data data-collection-query="true"/>
</query-xml>
</query-extensions>
<account>
<account-id source="read-attr" source-name="sAMAccountName"/>
<account-id source="read-attr" source-name="userPrincipalName"/>
<account-id source="src-dn"/>
<account-id source="association"/>
<account-status active="false" inactive="true" source="read-attr" source-name="dirxml-uACAccountDisable"/>
</account>
</entitlement>
</entitlements>
</entitlement-configuration>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product build="4.0.0" instance="Managed System Gateway Driver" version="4.0.0">Identity Manager Managed System Gateway Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="DirXML-Entitlement" dest-dn="system\driverset1\ACME Domain\ExchangeMailbox" scope="subtree">
<search-class class-name="DirXML-Entitlement"/>
<read-attr attr-name="XmlData"/>
</query>
</input>
</nds>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="4.0.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="DirXML-Entitlement" event-id="0" qualified-src-dn="O=system\CN=driverset1\CN=ACME Domain\CN=ExchangeMailbox" src-dn="\IDM4-IDV-01\system\driverset1\ACME Domain\ExchangeMailbox" src-entry-id="33782">
<attr attr-name="XmlData">
<value timestamp="1290031547#65" type="octet">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48ZW50aXRsZW1lbnQgY29uZmxpY3QtcmVzb2x1dGlvbj0idW5pb24iIGRlc2NyaXB0aW9uPSJUaGUgRXhjaGFuZ2UgTWFpbGJveCBFbnRpdGxlbWVudCBncmFudHMgb3IgZGVuaWVzIGFuIEV4Y2hhbmdlIG1haWxib3ggZm9yIHRoZSB1c2VyIGluIE1pY3Jvc29mdCBFeGNoYW5nZS4iIGRpc3BsYXktbmFtZT0iRXhjaGFuZ2UgTWFpbGJveCBFbnRpdGxlbWVudCI DQoJPHZhbHVlcyBtdWx0aS12YWx1ZWQ9InRydWUiPg0KCQk8cXVlcnktYXBwPg0KCQkJPHF1ZXJ5LXhtbD4NCgkJCQk8bmRzIGR0ZHZlcnNpb249IjIuMCI DQoJCQkJCTxpbnB1dD4NCgkJCQkJCTxxdWVyeSBjbGFzcy1uYW1lPSJtc0V4Y2hQcml2YXRlTURCIiBzY29wZT0ic3VidHJlZSI DQoJCQkJCQkJPHNlYXJjaC1jbGFzcyBjbGFzcy1uYW1lPSJtc0V4Y2hQcml2YXRlTURCIi8 DQoJCQkJCQkJPHJlYWQtYXR0ciBhdHRyLW5hbWU9IkRlc2NyaXB0aW9uIi8 DQoJCQkJCQkJPHJlYWQtYXR0ciBhdHRyLW5hbWU9IkNOIi8 DQoJCQkJCQk8L3F1ZXJ5Pg0KCQkJCQk8L2lucHV0Pg0KCQkJCTwvbmRzPg0KCQkJPC9xdWVyeS14bWw DQoJCQk8cmVzdWx0LXNldD4NCgkJCQk8ZGlzcGxheS1uYW1lPg0KCQkJCQk8dG9rZW4tYXR0ciBhdHRyLW5hbWU9IkNOIi8 DQoJCQkJPC9kaXNwbGF5LW5hbWU DQoJCQkJPGRlc2NyaXB0aW9uPg0KCQkJCQk8dG9rZW4tYXR0ciBhdHRyLW5hbWU9IkRlc2NyaXB0aW9uIi8 DQoJCQkJPC9kZXNjcmlwdGlvbj4NCgkJCQk8ZW50LXZhbHVlPg0KCQkJCQk8dG9rZW4tc3JjLWRuLz4NCgkJCQk8L2VudC12YWx1ZT4NCgkJCTwvcmVzdWx0LXNldD4NCgkJPC9xdWVyeS1hcHA DQoJPC92YWx1ZXM DQo8L2VudGl0bGVtZW50Pg==</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
<?xml version="1.0" encoding="UTF-8"?><entitlement conflict-resolution="union" description="The Exchange Mailbox Entitlement grants or denies an Exchange mailbox for the user in Microsoft Exchange." display-name="Exchange Mailbox Entitlement">
<values multi-valued="true">
<query-app>
<query-xml>
<nds dtdversion="2.0">
<input>
<query class-name="msExchPrivateMDB" scope="subtree">
<search-class class-name="msExchPrivateMDB"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="CN"/>
</query>
</input>
</nds>
</query-xml>
<result-set>
<display-name>
<token-attr attr-name="CN"/>
</display-name>
<description>
<token-attr attr-name="Description"/>
</description>
<ent-value>
<token-src-dn/>
</ent-value>
</result-set>
</query-app>
</values>
</entitlement>
<nds dtdversion="2.0">
<input>
<query class-name="msExchPrivateMDB" scope="subtree">
<search-class class-name="msExchPrivateMDB"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="CN"/>
</query>
</input>
</nds>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product build="4.0.0" instance="Managed System Gateway Driver" version="4.0.0">Identity Manager Managed System Gateway Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="MS_ACCOUNT_INFO" dest-dn="\IDM4-IDV-01\system\driverset1\acme domain" scope="subtree">
<search-class class-name="MS_ACCOUNT_INFO"/>
<association>eb647c235a7f2343854e31134ba3f217</association>
<read-attr/>
</query>
</input>
</nds>
<do-set-local-variable name="accInfo" scope="policy">
<arg-node-set>
<token-query class-name="User">
<arg-match-attr name="DirXML-Associations">
<arg-value type="structured">
<arg-component name="nameSpace">
<token-text xml:space="preserve">1</token-text>
</arg-component>
<arg-component name="volume">
<token-local-variable name="drvDn"/>
</arg-component>
<arg-component name="path">
<token-local-variable name="accountAssociation"/>
</arg-component>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">GUID</token-text>
</arg-string>
<arg-string>
<token-text xml:space="preserve">Dirxml-Accounts</token-text>
</arg-string>
</token-query>
</arg-node-set>
</do-set-local-variable>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="4.0.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="DirXML-Associations">
<value type="structured">
<component name="nameSpace">1</component>
<component name="volume">\IDM4-IDV-01\system\driverset1\acme domain</component>
<component name="path">eb647c235a7f2343854e31134ba3f217</component>
</value>
</search-attr>
<read-attr attr-name="GUID"/>
<read-attr attr-name="Dirxml-Accounts"/>
</query>
</input>
</nds>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="4.0.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0" qualified-src-dn="O=data\OU=users\CN=ccentral" src-dn="\IDM4-IDV-01\data\users\ccentral" src-entry-id="33439">
<attr attr-name="GUID">
<value timestamp="1287434878#2579" type="octet">f8FZpifW0ELblX/BWaYn1g==</value>
</attr>
</instance>
<status event-id="0" level="success"></status>
</output>
</nds>
es:guid2string($current-node/attr[@attr-name="GUID"]/value/text())
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product build="4.0.0" instance="Managed System Gateway Driver" version="4.0.0">Identity Manager Managed System Gateway Driver</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="MS_ACCOUNT_INFO" dest-dn="\IDM4-IDV-01\system\driverset1\acme domain" scope="subtree">
<search-class class-name="MS_ACCOUNT_INFO"/>
<read-attr/>
<operation-data api-name="MS_ACCOUNT_INFO">
<instance class-name="MS_ACCOUNT_INFO" src-dn="O=data\OU=users\CN=ccentral">
<attr attr-name="idv.account.guid">
<value type="string">7FC159A6-27D6-d042-DB95-7FC159A627D6</value>
</attr>
<attr attr-name="idv.dirxml.account"/>
</instance>
</operation-data>
</query>
</input>
</nds>
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="4.0.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="MS_ACCOUNT_INFO" src-dn="O=data\OU=users\CN=ccentral">
<attr attr-name="idv.account.guid">
<value type="string">7FC159A6-27D6-d042-DB95-7FC159A627D6</value>
</attr>
<attr attr-name="idv.dirxml.account"/>
</instance>
</output>
</nds>