How to evaluate query result from multi-value attribute - Micro Focus Community

Anonymous_User · ‎2015-04-28

I am sure this has been answered before but "Search Forums" doesn't
yield to much positive result...so I am going to ask again.

Working on querying an attribute called directReports, which is
multivalued in AD. I am not sure how to put it inside a variable and
use a for-each loop to interprete/manipulate each value based of the
result of the query (assuming it is called output doc). For example, it
will provide a trace when there is something in directReports attribute,
and I have tried the following:

<do-set-local-variable name="DirectReports" scope="policy">
<arg-node-set>
<token-src-attr name="directReports"/>
</arg-node-set>
</do-set-local-variable>

<do-for-each>
<arg-node-set>
<token-xpath expression="$DirectReports//instance"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-xpath
expression='$DirectReports/attr[@attr-name="directReports"]/value'/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">dumbTrace</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

Based on the trace, it came back with empty token value and will not
loop...I must be making a very silly mistake or my knowledge on token is
a bit weak... But please help correct me...Thank you very much.

--
vzlchan
------------------------------------------------------------------------
vzlchan's Profile: https://forums.netiq.com/member.php?userid=4473
View this thread: https://forums.netiq.com/showthread.php?t=53405

geoffc · ‎2015-04-28

On 4/28/2015 5:30 PM, vzlchan wrote:
>
> I am sure this has been answered before but "Search Forums" doesn't
> yield to much positive result...so I am going to ask again.
>
> Working on querying an attribute called directReports, which is
> multivalued in AD. I am not sure how to put it inside a variable and
> use a for-each loop to interprete/manipulate each value based of the
> result of the query (assuming it is called output doc). For example, it
> will provide a trace when there is something in directReports attribute,
> and I have tried the following:
>
> <do-set-local-variable name="DirectReports" scope="policy">
> <arg-node-set>
> <token-src-attr name="directReports"/>
> </arg-node-set>
> </do-set-local-variable>
>
> <do-for-each>
> <arg-node-set>
> <token-xpath expression="$DirectReports//instance"/>
> </arg-node-set>
> <arg-actions>
> <do-trace-message>
> <arg-string>
> <token-xpath
> expression='$DirectReports/attr[@attr-name="directReports"]/value'/>
> </arg-string>
> </do-trace-message>
> <do-trace-message>
> <arg-string>
> <token-text xml:space="preserve">dumbTrace</token-text>
> </arg-string>
> </do-trace-message>
> </arg-actions>
> </do-for-each>
>
> Based on the trace, it came back with empty token value and will not
> loop...I must be making a very silly mistake or my knowledge on token is
> a bit weak... But please help correct me...Thank you very much.

Your issue is an understanding of what the Source Attr/Dest Attr/Op
Attr/Attr tokens return, vs a Query tokens result. It is confusing
since the query can look identical, the result identical, but the
nodeset in the variable very different.

As silly as it sounds, it is just loop over the varibale DirectReports,
using the XPATH is fine, or the Local Variable token is fine as well.

Then current-node is the value.

I have written about this several times. Specifically here:

http://www.novell.com/communities/node/5818/different-attribute-options-identity-manager
http://www.novell.com/communities/node/5920/ism-more-thoughts-sourcedestinationoperation-attribute-tokens-identity-manager
http://www.novell.com/communities/node/4906/the-query-token-identity-manager

And I have a series on things beginners need to know about IDM. (Start
at the last one, for a table of contents of the 11 articles to see if
there is a topic that interests you).

https://www.netiq.com/communities/cool-solutions/common-mistakes-newcomers-idm-make-part-1/
http://www.novell.com/communities/node/13057/common-mistakes-newcomers-idm-make-part-2
http://www.novell.com/communities/node/13058/common-mistakes-newcomers-idm-make-part-3
http://www.novell.com/communities/node/13125/common-mistakes-newcomers-idm-make-part-4
http://www.novell.com/communities/node/13126/common-mistakes-newcomers-idm-make-part-5
http://www.novell.com/communities/node/13302/common-mistakes-newcomers-idm-make-part-6
http://www.novell.com/communities/node/13316/common-mistakes-newcomers-idm-make-part-7
http://www.novell.com/communities/node/13347/common-mistakes-newcomers-idm-make-part-8
http://www.novell.com/communities/node/13383/common-mistakes-newcomers-idm-make-part-9
http://www.novell.com/communities/node/13486/common-mistakes-newcomers-idm-make-part-10
http://www.netiq.com/communities/coolsolutions/common-mistakes-newcomers-to-idm-make-part-11/

aburgemeister · ‎2015-04-28

When you put a nodeset in a foreach loop you can access the current node
with the $current-node local variable (NOT $current-value, which is only
used relative to the reformat-op-attr token). See if that works for you.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

lhaeger · ‎2015-04-29

ab wrote:

> When you put a nodeset in a foreach loop you can access the current node
> with the $current-node local variable

Anf there's no need to read directReports into a variable first, just loop over
token-src-attr directly:

<do-for-each>
<arg-node-set>
<token-src-attr name="directReports"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

If you feel like using a variable, though, $DirectReports//instance will not
work, but you can use either of the following:

<do-for-each>
<arg-node-set>
<token-local-variable name="DirectReports"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">$current-node$</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

<do-for-each>
<arg-node-set>
<token-xpath expression="$DirectReports"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">$current-node$</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

Designer's simulator makes it easy to test scenarios like this without the
overhead of deploy/restart driver/simulate event/cleanup etc.

______________________________________________
https://www.is4it.de/identity-access-management

lhaeger · ‎2015-04-29

Lothar Haeger wrote:

> $DirectReports//instance will not work

Why is this?

Because token-src-attr does not return instance nodes (those would be one
instance per object, not one per value of an object's attribute) but just the
value nodes. Good to see in trace:

test : Action:
do-set-local-variable("DirectReports",scope="policy",arg-node-set(token-src-attr
("directReports"))).
test : arg-node-set(token-src-attr("directReports"))
test : token-src-attr("directReports")
test : Query from policy
test :
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="?.?.?.?">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="o=dirXML Test\ou=Users\cn=User1"
scope="entry">
<read-attr attr-name="directReports"/>
</query>
</input>
</nds>
test : Query from policy result
test :
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="?.?.?.?">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" src-dn="data\user1">
<association>123</association>
<attr attr-name="directReports">
<value type="dn">data\user2</value>
<value type="dn">data\user3</value>
<value type="dn">data\user4</value>
</attr>
</instance>
</output>
</nds>
test : Token Value: {<value> @type = "dn",<value> @type = "dn",<value>
@type = "dn"}.
test : Arg Value: {<value> @type = "dn",<value> @type = "dn",<value>
@type = "dn"}.

Now when you try to loop over instance subnodes of your variable you get an
empty nodeset as argument:

test : Action:
do-for-each(arg-node-set(token-xpath("$DirectReports//instance"))).
test : arg-node-set(token-xpath("$DirectReports//instance"))
test : token-xpath("$DirectReports//instance")
test : Token Value: {}.
test : Arg Value: {}.

While looping over the plain variable looks better:

test : Action:
do-for-each(arg-node-set(token-local-variable("DirectReports"))).
test : arg-node-set(token-local-variable("DirectReports"))
test : token-local-variable("DirectReports")
test : Token Value: {<value> @type = "dn",<value> @type = "dn",<value>
@type = "dn"}.
test : Arg Value: {<value> @type = "dn",<value> @type = "dn",<value>
@type = "dn"}.

______________________________________________
https://www.is4it.de/identity-access-management

Anonymous_User · ‎2015-05-01

Thank you very much...works perfectly...

--
vzlchan
------------------------------------------------------------------------
vzlchan's Profile: https://forums.netiq.com/member.php?userid=4473
View this thread: https://forums.netiq.com/showthread.php?t=53405