Lieutenant
Lieutenant
329 views

IDM policy: get members of dynamics group

Jump to solution

I am trying to get dynamics group members using query from policy

I have dynamics group(not nested) with filter which set 1 member.

When I try to get members from policy query:

<do-set-local-variable name="groupQuery" scope="policy">
<arg-node-set>
<token-query datastore="src" max-result-count="1" scope="entry">
<arg-dn>
<token-local-variable name="groupDN"/>
</arg-dn>
<arg-string>
<token-text xml:space="preserve">Member</token-text>
</arg-string>
<arg-string>
<token-text xml:space="preserve">Description</token-text>
</arg-string>
</token-query>
</arg-node-set>
</do-set-local-variable>

if group is not dynamics i receive members.

if group is dynamics i not receive members.

0 Likes
1 Solution

Accepted Solutions
Knowledge Partner Knowledge Partner
Knowledge Partner

Thanks Norbert!  My Google-Fu failed me on that one... I knew I knew it but coould not remember the details.

The highlight of the thread is what Lothar wrote:



Yes, token-src-attr can do it. There's an ECV that controls how the Member
attribute of dynamic groups is read. In 3.6 Member would return dynamic
members, in 4.x that changed to only static members and [pseudo].Member was
added to access the dynamic member list. The ECVs (i) button in Designer
explains this quite well.

 


 

View solution in original post

4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

There is a specail attribute, whose name I cannot find, and I think it [pseudo] or .[pseudo] to search for.

I am not sure if the engine will return the members of a dynamic group, but you could use the LDAP ECMA search in LibLDAP that MF provides or Lothars better version.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Thanks Norbert!  My Google-Fu failed me on that one... I knew I knew it but coould not remember the details.

The highlight of the thread is what Lothar wrote:



Yes, token-src-attr can do it. There's an ECV that controls how the Member
attribute of dynamic groups is read. In 3.6 Member would return dynamic
members, in 4.x that changed to only static members and [pseudo].Member was
added to access the dynamic member list. The ECVs (i) button in Designer
explains this quite well.

 


 

View solution in original post

Lieutenant
Lieutenant

ELC for ever!!!

thanks

it's work!!!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.