Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
IDM allow running queries.
You can run queries using the “Query” noun from the policy builder.
For example, you can query all users from department number 8 and get some attributes for each one of them:
<do-set-local-variable name="lv.queryResultNS" scope="policy"> <arg-node-set> <token-query> <arg-match-attr name="departmentNumber"> <arg-value type="string"> <token-text xml:space="preserve">8</token-text> </arg-value> </arg-match-attr> <arg-string> <token-text xml:space="preserve">mobile</token-text> </arg-string> </token-query> </arg-node-set> </do-set-local-variable>
The query noun is that it only allow you to use a simple query condition based on “and” values. If for example we want to query all users from department 8 or 9, we cannot do that.
The IDM NDS DTD of query allows to use the query operation with options that are not available on the policy builder.
The following example policy runs a query with an “or” condition using XdsQueryProcessor:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "D:\netiq\idm\apps\Designer\plugins\com.novell.idm.policybuilder_4.0.0.201802280016\DTD\dirxmlscript4.7.dtd"><policy> <rule> <description>Query example</description> <conditions> <and/> </conditions> <actions> <do-set-local-variable name="lv.queryResultNS" scope="policy"> <arg-node-set> <token-xml-parse> <token-text xml:space="preserve"><nds dtdversion="4.0" ndsversion="8.x"> </token-text> <token-text xml:space="preserve"><source> </token-text> <token-text xml:space="preserve"><product edition="Advanced" version="4.7.3.0">DirXML</product> </token-text> <token-text xml:space="preserve"><contact>NetIQ Corporation</contact></token-text> <token-text xml:space="preserve"></source> </token-text> <token-text xml:space="preserve"><input> </token-text> <token-text xml:space="preserve"><query scope="subtree" dest-dn="\ </token-text> <token-global-variable name="dirxml.auto.treename"/> <token-text xml:space="preserve">\</token-text> <token-global-variable name="gcv.usersOU"/> <token-text xml:space="preserve">"> </token-text> <token-text xml:space="preserve"><search-class class-name="User"/> </token-text> <token-text xml:space="preserve"><read-attr attr-name="mobile"/> </token-text> <token-text xml:space="preserve"><search-condition name="or"> </token-text> <token-text xml:space="preserve"><search-attr attr-name="departmentNumber"> </token-text> <token-text xml:space="preserve"><value type="string">1</value></token-text> <token-text xml:space="preserve"></search-attr> </token-text> <token-text xml:space="preserve"><search-attr attr-name="departmentNumber"> </token-text> <token-text xml:space="preserve"><value type="string">1</value></token-text> <token-text xml:space="preserve"></search-attr> </token-text> <token-text xml:space="preserve"></search-condition> </token-text> <token-text xml:space="preserve"></query> </token-text> <token-text xml:space="preserve"></input> </token-text> <token-text xml:space="preserve"></nds></token-text> </token-xml-parse> </arg-node-set> </do-set-local-variable> <do-set-local-variable name="lv.queryResultNS" scope="policy"> <arg-node-set> <token-xpath expression="query:query($srcQueryProcessor,$lv.queryNS)"/> </arg-node-set> </do-set-local-variable> <do-trace-message> <arg-string> <token-text xml:space="preserve">Got query result: </token-text> <token-xml-serialize> <token-local-variable name="lv.queryResultNS"/> </token-xml-serialize> </arg-string> </do-trace-message> <do-if> <arg-conditions> <and> <if-xpath op="true">count($lv.queryResultNS//*[@class-name="User"]/@qualified-src-dn) > 0</if-xpath> </and> </arg-conditions> <arg-actions> <do-trace-message> <arg-string> <token-text xml:space="preserve">Here you can handle the results</token-text> </arg-string> </do-trace-message> </arg-actions> <arg-actions/> </do-if> </actions> </rule> </policy>
** If you want to query destination instead of source datastore, use destQueryProcessor instead of srcQueryProcessor.
** There are much other options available in the query command which are well documented in the DTD, for example, using "not" condition, scope and more.