Related Tips & Info

Modify Password Stylesheet

MigrationDeletedUser
0 Likes

DirXML 1.1 introduced a new feature that allows an event on the publisher channel to trigger a password modification on a user in eDirectory. Typically, this would be used to synchronize the eDirectory password with an application password. The application passes the password to DirXML in clear text and DirXML will generate the eDirectory password based on the clear-text value passed to it. To use this functionality a stylesheet must be written to detect the clear-text value coming into the publisher channel and then use that value to set the password accordingly. In addition to stylesheet changes, a number of other changes must be made to allow the clear-text value to be passed.

  1. First we must choose an attribute to store the password in. This should be an attribute that is not used in either the application or eDirectory since DirXML will assume that each time this attribute is set it is meant as a password change. For our example we will choose the Description attribute.
  2. Note: the password is never actually stored in eDirectory. The Stylesheet simply use that attribute to generate the password and then drop the event so that it never reaches eDirectory.
  3. Once we've selected the "Description" attribute we must make sure that the attribute name in eDirectory matches the attribute name in the application. If not, a Schema Mapping rule must be implemented or updated to match the attribute names.
  4. Next we must edit to the Publisher Filter to allow the "Description" attribute to pass through it.
  5. Lastly we will implement a stylesheet using the Command Transformation Rule on the Publisher Channel to detect all modifications to the "Description" attribute and change that event to a modify-password event.

The Stylesheet
There are many ways to accomplish this transformation. We've chosen to do it using the Command Transformation rule for a few reasons, the primary being the Command Transformation Rule's ability to act on Merge events.

There are two templates in our stylesheet that detect events on the "Description" attribute. One detects every time a user is added with a description attribute. When this is detected the value is taken from the Description attribute and inserted into a <password> element. The template looks like this:

  <xsl:template match="add[@class-name='User']/add-attr[@attr-name='Description']">
     <password><xsl:value-of select="value"/></password>
  </xsl:template>

The second template detects every time the description attribute is modified on an existing user. When this action is detected, the value is taken from the Description attribute and inserted into a <modify-password> element. The <modify-password> element is then sent to eDirectory using the Channel Write-Back feature of DirXML. The template looks like this:

  <xsl:template match="modify[@class-name='User']/modify-attr[@attr-name='Description']">
     <!-- First we generate the XDS fragment with the password Change -->
     <xsl:variable name="cmd-change-pw">
          <modify-password class-name="User" dest-dn="{../@dest-dn}">
               <password><xsl:value-of select="add-value/value"/></password>
          </modify-password>
     </xsl:variable>

     <!-- Now we send the XDS fragment generated above to the dest Directory -->
     <xsl:variable name="results" select="cmd:execute($destCommandProcessor, $cmd-change-pw)"/>
  </xsl:template>

The entire stylesheet looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" exclude-result-prefixes="cmd"
xmlns:xsl ="http://www.w3.org/1999/XSL/Transform"
xmlns:cmd="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsCommandProcessor">

  <!--These are the two parameters that are needed for Channel Write-Back -->
  <xsl:param name="srcCommandProcessor"/>
  <xsl:param name="destCommandProcessor"/>

  <!-- This is the identity template that copies otherwise unmatched items to the result -->
  <xsl:template match="node()|@*">
     <xsl:copy>
          <xsl:apply-templates select="@*|node()"/>
     </xsl:copy>
  </xsl:template>

  <xsl:template match="modify[@class-name='User']/modify-attr[@attr-name='Description']">
     <!-- First we generate the XDS fragment with the password Change -->
      <xsl:variable name="cmd-change-pw">
           <modify-password class-name="User" dest-dn="{../@dest-dn}">
                <password><xsl:value-of select="add-value/value"/></password>
          </modify-password>
     </xsl:variable>

     <!-- Now we send the XDS fragment generated above to the dest Directory -->
     <xsl:variable name="results" select="cmd:execute($destCommandProcessor, $cmd-change-pw)"/>
  </xsl:template>

  <xsl:template match="add[@class-name='User']/add-attr[@attr-name='Description']">
     <password><xsl:value-of select="value"/></password>
  </xsl:template>
</xsl:stylesheet>

Tags:

Labels:

Collateral
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.