Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
935 views

Any real difference between do-strip-op-attr name="X" and do-strip-xpath expression='./modify-attr[@attr-name="X"]' ?

I'm tweaking an O365 driver and noticed that in the
"sub-ctp-HandleAttributes" the netiq packages use:

do-strip-xpath expression='./modify-attr[@attr-name="CN"]'

I know if the event was an add or instance, do-strip-op-attr would
still kick in. However in this case the rule is already scoped to only
apply to modifies.

So is there any reason why they didn't use do-strip-op-attr here
instead?

Both will remove the remove-all-values child element, which they
selectively add back in.
Labels (1)
0 Likes
13 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Alex McHugh wrote:

> As this token should strip the entire operation attribute, I think it
> should only look for an element with matching @attr-name and then a
> value child node (can be empty, but must be present).


IDM is a bit more generous, it seems, stripping *[@attr-name="..."]:

<?xml version="1.0" encoding="UTF-8"?><nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" qualified-src-dn="o=dirXML Test\ou=Users\cn=User1">
<association>o=dirXML Test\ou=Users\cn=User1</association>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value type="string">Last Name1</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname">
<remove-all-values/>
<add-value>
<value type="string"/>
</add-value>
</modify-attr>
<modify-attr attr-name="Surname"/>
</modify>
</input>
</nds>
Driver :Applying policy: %+C%14CTest%-C.
Driver : Applying to modify #1.
Driver : Evaluating selection criteria for rule 'Test'.
Driver : Rule selected.
Driver : Applying rule 'test'.
Driver : Action: do-strip-op-attr("Surname").
Driver :Policy returned:
Driver :
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="User" qualified-src-dn="o=dirXML
Test\ou=Users\cn=User1">
<association>o=dirXML Test\ou=Users\cn=User1</association>
</modify>
</input>
</nds>

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Absent Member.
Absent Member.

Lothar Haeger wrote:

> Alex McHugh wrote:
>
> > As this token should strip the entire operation attribute, I think
> > it should only look for an element with matching @attr-name and
> > then a value child node (can be empty, but must be present).

>
> IDM is a bit more generous, it seems, stripping *[@attr-name="..."]:
>


Indeed, which means it strips both search-attr and read-attr with
matching attr-name.

I disagree with that behaviour for read-attr. That almost feels like a
bug.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.