Highlighted
Absent Member.
Absent Member.
201 views

How to write a structured attribute into local variables?


I'm trying to write a structured attribute into a local variable for
further processing of the attribute. I've never worked with sending a
multi-valued out from the IDM driver, only from an input. The policy
below is only outputting one value, with all of the other values getting
Invalid data.

Any suggestions on how I can write the value out into the local
variable? There should always be exactly 3 of the attributes being
sent.



Policy


<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd" "C:\Program Files
(x86)\Novell\Designer\plugins\com.novell.idm.policybuilder_4.0.0.201210161153\DTD\dirxmlscript4.0.2.dtd"><policy
xmlns:es="http://www.novell.com/nxsl/ecmascript"
xmlns:QNAEnc="http://www.novell.com/nxsl/java/companyQnA.QNAEncrypt">
<rule>
<description>Copy Attribute into the Local Variable</description>
<comment xml:space="preserve">Copy Attribute into the Local
Variable</comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-src-attr mode="regex" name="QNAChallengesResponses"
op="equal">.+</if-src-attr>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-src-attr name="QNAChallengesResponses"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lven-QNA" scope="policy">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
</arg-actions>
</do-for-each>
</actions>
</rule>
<rule>
<description>companyQnA Function Calls</description>
<comment xml:space="preserve">Decrypt and Encrypt the
QNAChallengesResponses attributes using the QNAcipherkey.</comment>
<conditions>
<and>
<if-attr name="QNAChallengesResponses" op="available"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="lven-QNA" scope="policy">
<arg-string>
<token-attr name="QNAChallengesResponses"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvQNAcipherkey" scope="policy">
<arg-string>
<token-attr name="QNACipherKey"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="lvEncryptQNA" scope="policy">
<arg-string>
<token-xpath
expression="QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)"/>
</arg-string>
</do-set-local-variable>
<do-reformat-op-attr name="QNAChallengesResponses">
<arg-value type="string">
<token-local-variable name="lvEncryptQNA"/>
</arg-value>
</do-reformat-op-attr>
</actions>
</rule>
</policy>


Thanks


--
el_triad
------------------------------------------------------------------------
el_triad's Profile: https://forums.netiq.com/member.php?userid=1777
View this thread: https://forums.netiq.com/showthread.php?t=46872

Labels (1)
0 Likes
6 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: How to write a structured attribute into local variables?

This sounds like two issues.

1) You want a nodeset of three values.

2) Each of those values should be a structured attribute with multiple
components.

The first is easy. Set local varaible MYVar, as a nodeset to local
variable MYVar + the other data. Each line in the Argument builder will
be another node, so have the data ready to go in a single 'thing' (be it
source attr or another local variable).

For #2 it is actually lightly trickier as there is no great format for
'storing' a structured value in a variable, other than building the XDS
for an <instance> or <modify> doc in the variable. Now getting it, as
Source Attr into a nodeset variable would work fine. But building it is
likely more work than it is worth. However, you could store it as a
delimited string, then when it comes time to use, break it up into
chunks to use later.


On 2/19/2013 9:34 AM, el triad wrote:
>
> I'm trying to write a structured attribute into a local variable for
> further processing of the attribute. I've never worked with sending a
> multi-valued out from the IDM driver, only from an input. The policy
> below is only outputting one value, with all of the other values getting
> Invalid data.
>
> Any suggestions on how I can write the value out into the local
> variable? There should always be exactly 3 of the attributes being
> sent.
>
>
>
> Policy
>
>
> <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
> "policy-builder-dtd" "C:\Program Files
> (x86)\Novell\Designer\plugins\com.novell.idm.policybuilder_4.0.0.201210161153\DTD\dirxmlscript4.0.2.dtd"><policy
> xmlns:es="http://www.novell.com/nxsl/ecmascript"
> xmlns:QNAEnc="http://www.novell.com/nxsl/java/companyQnA.QNAEncrypt">
> <rule>
> <description>Copy Attribute into the Local Variable</description>
> <comment xml:space="preserve">Copy Attribute into the Local
> Variable</comment>
> <conditions>
> <and>
> <if-class-name op="equal">User</if-class-name>
> <if-src-attr mode="regex" name="QNAChallengesResponses"
> op="equal">.+</if-src-attr>
> </and>
> </conditions>
> <actions>
> <do-for-each>
> <arg-node-set>
> <token-src-attr name="QNAChallengesResponses"/>
> </arg-node-set>
> <arg-actions>
> <do-set-local-variable name="lven-QNA" scope="policy">
> <arg-string>
> <token-local-variable name="current-node"/>
> </arg-string>
> </do-set-local-variable>
> </arg-actions>
> </do-for-each>
> </actions>
> </rule>
> <rule>
> <description>companyQnA Function Calls</description>
> <comment xml:space="preserve">Decrypt and Encrypt the
> QNAChallengesResponses attributes using the QNAcipherkey.</comment>
> <conditions>
> <and>
> <if-attr name="QNAChallengesResponses" op="available"/>
> </and>
> </conditions>
> <actions>
> <do-set-local-variable name="lven-QNA" scope="policy">
> <arg-string>
> <token-attr name="QNAChallengesResponses"/>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lvQNAcipherkey" scope="policy">
> <arg-string>
> <token-attr name="QNACipherKey"/>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lvEncryptQNA" scope="policy">
> <arg-string>
> <token-xpath
> expression="QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)"/>
> </arg-string>
> </do-set-local-variable>
> <do-reformat-op-attr name="QNAChallengesResponses">
> <arg-value type="string">
> <token-local-variable name="lvEncryptQNA"/>
> </arg-value>
> </do-reformat-op-attr>
> </actions>
> </rule>
> </policy>
>
>
> Thanks
>
>


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: How to write a structured attribute into local variables?

On Tue, 19 Feb 2013 14:34:01 +0000, el triad wrote:

> I'm trying to write a structured attribute into a local variable for
> further processing of the attribute. I've never worked with sending a
> multi-valued out from the IDM driver, only from an input.


Is this a multi-valued attribute, a structured attribute, or a multi-
valued structured attribute?


> Any suggestions on how I can write the value out into the local
> variable? There should always be exactly 3 of the attributes being
> sent.


I think this means that it's multi-valued _and_ structured. Post a level
3 trace so we can see what this thing looks like. Feel free to obscure
the values in the attribute if they're sensitive.


> <description>Copy Attribute into the Local Variable</

description>

I wouldn't bother with this, but if you must have the
QNAChallengesResponses attribute in a local variable, it's going to have
to be a nodeset, not a string.


> <description>companyQnA Function Calls</description>


I'd just use token-source-attr here, instead of a variable.


> <do-set-local-variable name="lven-QNA"

scope="policy">
> <arg-string>
> <token-attr

name="QNAChallengesResponses"/>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lvQNAcipherkey"

scope="policy">
> <arg-string>
> <token-attr name="QNACipherKey"/>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="lvEncryptQNA"

scope="policy">
> <arg-string>
> <token-xpath
> expression="QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)"/>
> </arg-string>
> </do-set-local-variable>
> <do-reformat-op-attr

name="QNAChallengesResponses">
> <arg-value type="string">
> <token-local-variable

name="lvEncryptQNA"/>
> </arg-value>
> </do-reformat-op-attr>
> </actions>
> </rule>
> </policy>


What's the end result of this supposed to be?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: How to write a structured attribute into local variables?


Hey - This is a multi-valued structured attribute.

The end result is that these multi-valued structured attributes are
unencrypted from their current value in eDirectory into a AES256
encrypted string using a key. If there is only value, this works great.
I've considered if I should put this into the custom java package on
the IDM server - but then I have to move all the logic in there - which
seems like a pain...


Here is the current trace:


--
el_triad
------------------------------------------------------------------------
el_triad's Profile: https://forums.netiq.com/member.php?userid=1777
View this thread: https://forums.netiq.com/showthread.php?t=46872

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: How to write a structured attribute into local variables?


[02/19/13 13:08:21.438]:LDAPDIR1 ST:Applying policy: %+C%14CDecrypt and
Encrypt QNAChallengesResponses%-C.
[02/19/13 13:08:21.438]:LDAPDIR1 ST: Applying to modify #1.
[02/19/13 13:08:21.438]:LDAPDIR1 ST: Evaluating selection criteria
for rule 'Copy QNA Responses into a local variable'.
[02/19/13 13:08:21.438]:LDAPDIR1 ST: (if-class-name equal "User") =
TRUE.
[02/19/13 13:08:21.438]:LDAPDIR1 ST: Query from policy
[02/19/13 13:08:21.439]:LDAPDIR1 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="\XXX-QA\XXX\People\1053798"
dest-entry-id="51342" scope="entry">
<read-attr attr-name="QNAChallengesResponses"/>
</query>
</input>
</nds>

<output>
<instance class-name="User"
qualified-src-dn="O=XXX\OU=People\uniqueID=1053798"
src-dn="\XXX-QA\XXX\People\1053798" src-entry-id="51342">
<association
state="associated">uid=1053798,ou=people,o=XXX</association>
<attr attr-name="QNAChallengesResponses">
<value timestamp="1361297301#8" type="structured">
<component name="string">3|1|0|1|In what city was your Father
born?|1au9Zb/tp9E=</component>
</value>
<value timestamp="1361297301#9" type="structured">
<component name="string">3|1|0|1|What is your pet's
name?|AlL1HvWnqZLUA1xAe1ICBw==</component>
</value>
<value timestamp="1361297301#10" type="structured">
<component name="string">3|1|0|1|In what city was your Mother
born?|aZPeBHLwxehP+V/FRF1mOw==</component>
</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[02/19/13 13:08:21.444]:LDAPDIR1 ST: (if-src-attr
'QNAChallengesResponses' match ".+") = TRUE.
[02/19/13 13:08:21.444]:LDAPDIR1 ST: Rule selected.
[02/19/13 13:08:21.444]:LDAPDIR1 ST: Applying rule 'Copy QNA
Responses into a local variable'.
[02/19/13 13:08:21.445]:LDAPDIR1 ST: Action:
do-for-each(arg-node-set(token-src-attr("QNAChallengesResponses"))).
[02/19/13 13:08:21.445]:LDAPDIR1 ST:
arg-node-set(token-src-attr("QNAChallengesResponses"))
[02/19/13 13:08:21.445]:LDAPDIR1 ST:
token-src-attr("QNAChallengesResponses")
[02/19/13 13:08:21.445]:LDAPDIR1 ST: Token Value: {<value>
@timestamp = "1361297301#8" @type = "structured",<value> @timestamp =
"1361297301#9" @type = "structured",<value> @timestamp = "1361297301#10"
@type = "structured"}.
[02/19/13 13:08:21.446]:LDAPDIR1 ST: Arg Value: {<value>
@timestamp = "1361297301#8" @type = "structured",<value> @timestamp =
"1361297301#9" @type = "structured",<value> @timestamp = "1361297301#10"
@type = "structured"}.
[02/19/13 13:08:21.446]:LDAPDIR1 ST: Performing actions for
local-variable(current-node) = <value> @timestamp = "1361297301#8" @type
= "structured".
[02/19/13 13:08:21.447]:LDAPDIR1 ST: Action:
do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
[02/19/13 13:08:21.447]:LDAPDIR1 ST:
arg-string(token-local-variable("current-node"))
[02/19/13 13:08:21.447]:LDAPDIR1 ST:
token-local-variable("current-node")
[02/19/13 13:08:21.447]:LDAPDIR1 ST: Token Value:
"3|1|0|1|In what city was your Father born?|1au9Zb/tp9E=".
[02/19/13 13:08:21.447]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
what city was your Father born?|1au9Zb/tp9E=".
[02/19/13 13:08:21.448]:LDAPDIR1 ST: Performing actions for
local-variable(current-node) = <value> @timestamp = "1361297301#9" @type
= "structured".
[02/19/13 13:08:21.448]:LDAPDIR1 ST: Action:
do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
[02/19/13 13:08:21.448]:LDAPDIR1 ST:
arg-string(token-local-variable("current-node"))
[02/19/13 13:08:21.449]:LDAPDIR1 ST:
token-local-variable("current-node")
[02/19/13 13:08:21.449]:LDAPDIR1 ST: Token Value:
"3|1|0|1|What is your pet's name?|AlL1HvWnqZLUA1xAe1ICBw==".
[02/19/13 13:08:21.449]:LDAPDIR1 ST: Arg Value:
"3|1|0|1|What is your pet's name?|AlL1HvWnqZLUA1xAe1ICBw==".
[02/19/13 13:08:21.449]:LDAPDIR1 ST: Performing actions for
local-variable(current-node) = <value> @timestamp = "1361297301#10"
@type = "structured".
[02/19/13 13:08:21.450]:LDAPDIR1 ST: Action:
do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
[02/19/13 13:08:21.450]:LDAPDIR1 ST:
arg-string(token-local-variable("current-node"))
[02/19/13 13:08:21.450]:LDAPDIR1 ST:
token-local-variable("current-node")
[02/19/13 13:08:21.450]:LDAPDIR1 ST: Token Value:
"3|1|0|1|In what city was your Mother born?|aZPeBHLwxehP+V/FRF1mOw==".
[02/19/13 13:08:21.450]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
what city was your Mother born?|aZPeBHLwxehP+V/FRF1mOw==".
[02/19/13 13:08:21.451]:LDAPDIR1 ST: Evaluating selection criteria
for rule 'lowesQnA Function Calls'.
[02/19/13 13:08:21.451]:LDAPDIR1 ST: (if-attr
'QNAChallengesResponses' available) = TRUE.
[02/19/13 13:08:21.451]:LDAPDIR1 ST: Rule selected.
[02/19/13 13:08:21.451]:LDAPDIR1 ST: Applying rule 'lowesQnA Function
Calls'.
[02/19/13 13:08:21.452]:LDAPDIR1 ST: Action:
do-set-local-variable("lven-QNA",scope="policy",token-attr("QNAChallengesResponses")).
[02/19/13 13:08:21.452]:LDAPDIR1 ST:
arg-string(token-attr("QNAChallengesResponses"))
[02/19/13 13:08:21.452]:LDAPDIR1 ST:
token-attr("QNAChallengesResponses")
[02/19/13 13:08:21.452]:LDAPDIR1 ST: Token Value: "3|1|0|1|In
what city was your Father born?|1au9Zb/tp9E=".
[02/19/13 13:08:21.453]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
what city was your Father born?|1au9Zb/tp9E=".
[02/19/13 13:08:21.453]:LDAPDIR1 ST: Action:
do-set-local-variable("lvQNAcipherkey",scope="policy",token-attr("QNACipherKey")).
[02/19/13 13:08:21.453]:LDAPDIR1 ST:
arg-string(token-attr("QNACipherKey"))
[02/19/13 13:08:21.453]:LDAPDIR1 ST:
token-attr("QNACipherKey")
[02/19/13 13:08:21.454]:LDAPDIR1 ST: Query from policy
[02/19/13 13:08:21.454]:LDAPDIR1 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="\XXX-QA\XXX\People\1053798"
dest-entry-id="51342" scope="entry">
<read-attr attr-name="QNACipherKey"/>
</query>
</input>
</nds>
[02/19/13 13:08:21.457]:LDAPDIR1 ST: Query from policy
result
[02/19/13 13:08:21.457]:LDAPDIR1 ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User"
qualified-src-dn="O=XXX\OU=People\uniqueID=1053798"
src-dn="\XXX-QA\XXX\People\1053798" src-entry-id="51342">
<association
state="associated">uid=1053798,ou=people,o=XXX</association>
<attr attr-name="QNACipherKey">
<value timestamp="1361297301#2"
type="string">uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[02/19/13 13:08:21.458]:LDAPDIR1 ST: Token Value:
"uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz".
[02/19/13 13:08:21.459]:LDAPDIR1 ST: Arg Value:
"uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz".
[02/19/13 13:08:21.459]:LDAPDIR1 ST: Action:
do-set-local-variable("lvEncryptQNA",scope="policy",token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)")).
[02/19/13 13:08:21.459]:LDAPDIR1 ST:
arg-string(token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)"))
[02/19/13 13:08:21.459]:LDAPDIR1 ST:
token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)")
[02/19/13 13:08:21.461]:LDAPDIR1 ST: Token Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.461]:LDAPDIR1 ST: Arg Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.461]:LDAPDIR1 ST: Action:
do-reformat-op-attr("QNAChallengesResponses",token-local-variable("lvEncryptQNA")).
[02/19/13 13:08:21.462]:LDAPDIR1 ST:
arg-string(token-local-variable("lvEncryptQNA"))
[02/19/13 13:08:21.462]:LDAPDIR1 ST:
token-local-variable("lvEncryptQNA")
[02/19/13 13:08:21.462]:LDAPDIR1 ST: Token Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.462]:LDAPDIR1 ST: Arg Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.463]:LDAPDIR1 ST:
arg-string(token-local-variable("lvEncryptQNA"))
[02/19/13 13:08:21.463]:LDAPDIR1 ST:
token-local-variable("lvEncryptQNA")
[02/19/13 13:08:21.463]:LDAPDIR1 ST: Token Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.463]:LDAPDIR1 ST: Arg Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.464]:LDAPDIR1 ST:
arg-string(token-local-variable("lvEncryptQNA"))
[02/19/13 13:08:21.464]:LDAPDIR1 ST:
token-local-variable("lvEncryptQNA")
[02/19/13 13:08:21.464]:LDAPDIR1 ST: Token Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.464]:LDAPDIR1 ST: Arg Value:
"{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
[02/19/13 13:08:21.465]:LDAPDIR1 ST:Policy returned:


--
el_triad
------------------------------------------------------------------------
el_triad's Profile: https://forums.netiq.com/member.php?userid=1777
View this thread: https://forums.netiq.com/showthread.php?t=46872

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: How to write a structured attribute into local variables?

What syntax is the attribute?

That is a single component of type string? Why bother? Why not just
use a string?

So just set local variable, nodeset, MyVar, to Source attr
QNAChallengesResponses.

Then your nodeset will have <value> nodes, with the components under them.

Probably these articles will help you:

Attribute tokens:

http://www.novell.com/communities/node/13057/common-mistakes-newcomers-idm-make-part-2

Variables:
http://www.novell.com/communities/node/13383/common-mistakes-newcomers-idm-make-part-9

Building it by hand, if you need too:
http://www.novell.com/communities/node/13486/common-mistakes-newcomers-idm-make-part-10




On 2/19/2013 1:44 PM, el triad wrote:
>
> [02/19/13 13:08:21.438]:LDAPDIR1 ST:Applying policy: %+C%14CDecrypt and
> Encrypt QNAChallengesResponses%-C.
> [02/19/13 13:08:21.438]:LDAPDIR1 ST: Applying to modify #1.
> [02/19/13 13:08:21.438]:LDAPDIR1 ST: Evaluating selection criteria
> for rule 'Copy QNA Responses into a local variable'.
> [02/19/13 13:08:21.438]:LDAPDIR1 ST: (if-class-name equal "User") =
> TRUE.
> [02/19/13 13:08:21.438]:LDAPDIR1 ST: Query from policy
> [02/19/13 13:08:21.439]:LDAPDIR1 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query class-name="User" dest-dn="\XXX-QA\XXX\People\1053798"
> dest-entry-id="51342" scope="entry">
> <read-attr attr-name="QNAChallengesResponses"/>
> </query>
> </input>
> </nds>
>
> <output>
> <instance class-name="User"
> qualified-src-dn="O=XXX\OU=People\uniqueID=1053798"
> src-dn="\XXX-QA\XXX\People\1053798" src-entry-id="51342">
> <association
> state="associated">uid=1053798,ou=people,o=XXX</association>
> <attr attr-name="QNAChallengesResponses">
> <value timestamp="1361297301#8" type="structured">
> <component name="string">3|1|0|1|In what city was your Father
> born?|1au9Zb/tp9E=</component>
> </value>
> <value timestamp="1361297301#9" type="structured">
> <component name="string">3|1|0|1|What is your pet's
> name?|AlL1HvWnqZLUA1xAe1ICBw==</component>
> </value>
> <value timestamp="1361297301#10" type="structured">
> <component name="string">3|1|0|1|In what city was your Mother
> born?|aZPeBHLwxehP+V/FRF1mOw==</component>
> </value>
> </attr>
> </instance>
> <status level="success"></status>
> </output>
> </nds>
> [02/19/13 13:08:21.444]:LDAPDIR1 ST: (if-src-attr
> 'QNAChallengesResponses' match ".+") = TRUE.
> [02/19/13 13:08:21.444]:LDAPDIR1 ST: Rule selected.
> [02/19/13 13:08:21.444]:LDAPDIR1 ST: Applying rule 'Copy QNA
> Responses into a local variable'.
> [02/19/13 13:08:21.445]:LDAPDIR1 ST: Action:
> do-for-each(arg-node-set(token-src-attr("QNAChallengesResponses"))).
> [02/19/13 13:08:21.445]:LDAPDIR1 ST:
> arg-node-set(token-src-attr("QNAChallengesResponses"))
> [02/19/13 13:08:21.445]:LDAPDIR1 ST:
> token-src-attr("QNAChallengesResponses")
> [02/19/13 13:08:21.445]:LDAPDIR1 ST: Token Value: {<value>
> @timestamp = "1361297301#8" @type = "structured",<value> @timestamp =
> "1361297301#9" @type = "structured",<value> @timestamp = "1361297301#10"
> @type = "structured"}.
> [02/19/13 13:08:21.446]:LDAPDIR1 ST: Arg Value: {<value>
> @timestamp = "1361297301#8" @type = "structured",<value> @timestamp =
> "1361297301#9" @type = "structured",<value> @timestamp = "1361297301#10"
> @type = "structured"}.
> [02/19/13 13:08:21.446]:LDAPDIR1 ST: Performing actions for
> local-variable(current-node) = <value> @timestamp = "1361297301#8" @type
> = "structured".
> [02/19/13 13:08:21.447]:LDAPDIR1 ST: Action:
> do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
> [02/19/13 13:08:21.447]:LDAPDIR1 ST:
> arg-string(token-local-variable("current-node"))
> [02/19/13 13:08:21.447]:LDAPDIR1 ST:
> token-local-variable("current-node")
> [02/19/13 13:08:21.447]:LDAPDIR1 ST: Token Value:
> "3|1|0|1|In what city was your Father born?|1au9Zb/tp9E=".
> [02/19/13 13:08:21.447]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
> what city was your Father born?|1au9Zb/tp9E=".
> [02/19/13 13:08:21.448]:LDAPDIR1 ST: Performing actions for
> local-variable(current-node) = <value> @timestamp = "1361297301#9" @type
> = "structured".
> [02/19/13 13:08:21.448]:LDAPDIR1 ST: Action:
> do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
> [02/19/13 13:08:21.448]:LDAPDIR1 ST:
> arg-string(token-local-variable("current-node"))
> [02/19/13 13:08:21.449]:LDAPDIR1 ST:
> token-local-variable("current-node")
> [02/19/13 13:08:21.449]:LDAPDIR1 ST: Token Value:
> "3|1|0|1|What is your pet's name?|AlL1HvWnqZLUA1xAe1ICBw==".
> [02/19/13 13:08:21.449]:LDAPDIR1 ST: Arg Value:
> "3|1|0|1|What is your pet's name?|AlL1HvWnqZLUA1xAe1ICBw==".
> [02/19/13 13:08:21.449]:LDAPDIR1 ST: Performing actions for
> local-variable(current-node) = <value> @timestamp = "1361297301#10"
> @type = "structured".
> [02/19/13 13:08:21.450]:LDAPDIR1 ST: Action:
> do-set-local-variable("lven-QNA",scope="policy",token-local-variable("current-node")).
> [02/19/13 13:08:21.450]:LDAPDIR1 ST:
> arg-string(token-local-variable("current-node"))
> [02/19/13 13:08:21.450]:LDAPDIR1 ST:
> token-local-variable("current-node")
> [02/19/13 13:08:21.450]:LDAPDIR1 ST: Token Value:
> "3|1|0|1|In what city was your Mother born?|aZPeBHLwxehP+V/FRF1mOw==".
> [02/19/13 13:08:21.450]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
> what city was your Mother born?|aZPeBHLwxehP+V/FRF1mOw==".
> [02/19/13 13:08:21.451]:LDAPDIR1 ST: Evaluating selection criteria
> for rule 'lowesQnA Function Calls'.
> [02/19/13 13:08:21.451]:LDAPDIR1 ST: (if-attr
> 'QNAChallengesResponses' available) = TRUE.
> [02/19/13 13:08:21.451]:LDAPDIR1 ST: Rule selected.
> [02/19/13 13:08:21.451]:LDAPDIR1 ST: Applying rule 'lowesQnA Function
> Calls'.
> [02/19/13 13:08:21.452]:LDAPDIR1 ST: Action:
> do-set-local-variable("lven-QNA",scope="policy",token-attr("QNAChallengesResponses")).
> [02/19/13 13:08:21.452]:LDAPDIR1 ST:
> arg-string(token-attr("QNAChallengesResponses"))
> [02/19/13 13:08:21.452]:LDAPDIR1 ST:
> token-attr("QNAChallengesResponses")
> [02/19/13 13:08:21.452]:LDAPDIR1 ST: Token Value: "3|1|0|1|In
> what city was your Father born?|1au9Zb/tp9E=".
> [02/19/13 13:08:21.453]:LDAPDIR1 ST: Arg Value: "3|1|0|1|In
> what city was your Father born?|1au9Zb/tp9E=".
> [02/19/13 13:08:21.453]:LDAPDIR1 ST: Action:
> do-set-local-variable("lvQNAcipherkey",scope="policy",token-attr("QNACipherKey")).
> [02/19/13 13:08:21.453]:LDAPDIR1 ST:
> arg-string(token-attr("QNACipherKey"))
> [02/19/13 13:08:21.453]:LDAPDIR1 ST:
> token-attr("QNACipherKey")
> [02/19/13 13:08:21.454]:LDAPDIR1 ST: Query from policy
> [02/19/13 13:08:21.454]:LDAPDIR1 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query class-name="User" dest-dn="\XXX-QA\XXX\People\1053798"
> dest-entry-id="51342" scope="entry">
> <read-attr attr-name="QNACipherKey"/>
> </query>
> </input>
> </nds>
> [02/19/13 13:08:21.457]:LDAPDIR1 ST: Query from policy
> result
> [02/19/13 13:08:21.457]:LDAPDIR1 ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.2.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="User"
> qualified-src-dn="O=XXX\OU=People\uniqueID=1053798"
> src-dn="\XXX-QA\XXX\People\1053798" src-entry-id="51342">
> <association
> state="associated">uid=1053798,ou=people,o=XXX</association>
> <attr attr-name="QNACipherKey">
> <value timestamp="1361297301#2"
> type="string">uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz</value>
> </attr>
> </instance>
> <status level="success"></status>
> </output>
> </nds>
> [02/19/13 13:08:21.458]:LDAPDIR1 ST: Token Value:
> "uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz".
> [02/19/13 13:08:21.459]:LDAPDIR1 ST: Arg Value:
> "uD+B0YXyXiMgp6/RpEyz1JE/MwDnRiVz".
> [02/19/13 13:08:21.459]:LDAPDIR1 ST: Action:
> do-set-local-variable("lvEncryptQNA",scope="policy",token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)")).
> [02/19/13 13:08:21.459]:LDAPDIR1 ST:
> arg-string(token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)"))
> [02/19/13 13:08:21.459]:LDAPDIR1 ST:
> token-xpath("QNAEnc:encryptQnA($lven-QNA,$lvQNAcipherkey)")
> [02/19/13 13:08:21.461]:LDAPDIR1 ST: Token Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.461]:LDAPDIR1 ST: Arg Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.461]:LDAPDIR1 ST: Action:
> do-reformat-op-attr("QNAChallengesResponses",token-local-variable("lvEncryptQNA")).
> [02/19/13 13:08:21.462]:LDAPDIR1 ST:
> arg-string(token-local-variable("lvEncryptQNA"))
> [02/19/13 13:08:21.462]:LDAPDIR1 ST:
> token-local-variable("lvEncryptQNA")
> [02/19/13 13:08:21.462]:LDAPDIR1 ST: Token Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.462]:LDAPDIR1 ST: Arg Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.463]:LDAPDIR1 ST:
> arg-string(token-local-variable("lvEncryptQNA"))
> [02/19/13 13:08:21.463]:LDAPDIR1 ST:
> token-local-variable("lvEncryptQNA")
> [02/19/13 13:08:21.463]:LDAPDIR1 ST: Token Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.463]:LDAPDIR1 ST: Arg Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.464]:LDAPDIR1 ST:
> arg-string(token-local-variable("lvEncryptQNA"))
> [02/19/13 13:08:21.464]:LDAPDIR1 ST:
> token-local-variable("lvEncryptQNA")
> [02/19/13 13:08:21.464]:LDAPDIR1 ST: Token Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.464]:LDAPDIR1 ST: Arg Value:
> "{AES256}:9Tngiv4oKqDSfnaufc691JP9eqMWtNxADUoI4iH6ZVaNcODNgMy4PBzP4kuFquTE".
> [02/19/13 13:08:21.465]:LDAPDIR1 ST:Policy returned:
>
>


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: How to write a structured attribute into local variables?

On Tue, 19 Feb 2013 18:44:01 +0000, el triad wrote:

> Hey - This is a multi-valued structured attribute.


Weird structure. Your attributes only have one component to the
structure. It almost looks like this would be easier with a multi-valued
attribute full of strings, since the component strings are encoding some
values as well:

<component name="string">3|1|0|1|In what city was your Mother born?|
aZPeBHLwxehP+V/FRF1mOw==</component>

So it looks like you have to loop through a nodeset of the components,
get each one, then split it in to a nodeset of its sub-components. From
there, it should be easy. 😉


> The end result is that these multi-valued structured attributes are
> unencrypted from their current value in eDirectory into a AES256
> encrypted string using a key. If there is only value, this works great.


Getting the QNAChallengesResponses values and looping through them isn't
hard. This should get you started:


<rule>
<description>QNAChallengesResponses</description>
<conditions>
<and>
<if-operation mode="case" op="equal">instance</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="QNAChallengesResponses" scope="policy">
<arg-node-set>
<token-attr name="QNAChallengesResponses"/>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="QNAChallengesResponses"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="QNACRBlob" scope="policy">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="QNACRParts" scope="policy">
<arg-node-set>
<token-split delimiter="\|">
<token-local-variable name="QNACRBlob"/>
</token-split>
</arg-node-set>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 1: </token-text>
<token-xpath expression="$QNACRParts[1]"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 2: </token-text>
<token-xpath expression="$QNACRParts[2]"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 3: </token-text>
<token-xpath expression="$QNACRParts[3]"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 4: </token-text>
<token-xpath expression="$QNACRParts[4]"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 5: </token-text>
<token-xpath expression="$QNACRParts[5]"/>
</arg-string>
</do-trace-message>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">QNA Parts 6: </token-text>
<token-xpath expression="$QNACRParts[6]"/>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
</actions>
</rule>



You can't have a second rule in this policy, though. Whatever re-
encryption you're doing with this QNAEnc:encryptQnA ECMAScript needs to
be done within the for() loop, so that it gets each of the values to work
with.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.