manualshive.com logo in svg

Novell Designer for Identity Manager 3.5, Manual, Page: 505 / 510

Share
Download
Novell Designer for Identity Manager 3.5 Manual Download Page 505

Pre-Identity Manager 3.5 Verb Tokens

505

no

vd

ocx 

(e

n)

  

13

 Ma
y 20

09

Parse DN

Converts the enclosed token’s DN to an alternate format.

Fields

Start 

Specify the RDN index to start with:

Š

Index 0 is the root-most RDN

Š

Positive indexes are an offset from the root-most RDN

Š

Index -1 is the leaf-most segment

Š

Negative indexes are an offset from the leaf-most RDN towards the root-most RDN

Length 

Number of RDN segments to include. Negative numbers are interpreted as (total # of segments 
+ length) + 1. For example, for a DN with 5 segments a length of -1 = (5 + (-1)) + 1 = 5, -2 = (5 
+ (-2)) + 1 = 4, etc.

Source DN Format 

Specifies the format used to parse the source DN.

Destination DN Format 

Specify the format used to output the parsed DN.

Source DN Delimiter 

Specify the custom source DN delimiter set if Source DN Format is set to custom.

Destination DN Delimiter 

Specify the custom destination DN delimiter set if Destination DN Format is set to custom.

Remarks

If start and length are set to the default values {0,-1}, then the entire DN is used; otherwise, only the 
portion of the DN specified by start and length is used. 

When specifying custom DN formats, the eight characters that make up the delimiter set are defined 
as follows:

Š

Typed Name Boolean Flag: 0 means names are not typed, and 1 means names are typed

Š

Unicode No-Map Character Boolean Flag: 0 means don’t output or interpret unmappable 
Unicode characters as escaped hex digit strings, such as \FEFF. The following Unicode 
characters are not accepted by eDirectory

TM

: 0xfeff, 0xfffe, 0xfffd, and 0xffff.

Š

Relative RDN Delimiter

Š

RDN Delimiter

Š

Name Divider

Š

Name Value Delimiter

Summary of Contents for Designer for Identity Manager 3.5

Page 1: ...Novell www novell com novdocx en 13 May 2009 AUTHORIZED DOCUMENTATION Policies in Designer 3 5 Designer for Identity Manager 3 5 September 18 2009 Policies in Designer 3 5...

Page 2: ...t or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nuc...

Page 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the proper...

Page 4: ...4 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 5: ...ng an Argument 33 3 6 Variable Selector 35 3 6 1 Dynamic Variable Expansion 36 3 6 2 Accessing the Variable Selector From the Conditions Tab 36 3 6 3 Accessing the Variable Selector From the Actions T...

Page 6: ...he Schema Map Editor 78 6 1 2 Navigating the Schema Map Editor 79 6 1 3 Understanding the Schema Map Editor Toolbar 80 6 2 Editing a Schema Map Policy 81 6 2 1 Adding or Deleting Classes and Attribute...

Page 7: ...ating a Policy 114 8 3 2 Importing the Predefined Rule 115 8 3 3 How the Rule Works 116 8 4 Creation Publisher Use Template 116 8 4 1 Creating a Policy 116 8 4 2 Importing the Predefined Rule 117 8 4...

Page 8: ...1 Creating a Policy 136 8 16 2 Importing the Predefined Rule 137 8 16 3 How the Rule Works 137 8 17 Placement Subscriber Flat LDAP Format 138 8 17 1 Creating a Policy 138 8 17 2 Importing the Predefin...

Page 9: ...4 Application Objects 171 10 5 Repository Objects 171 10 6 Library Objects 171 10 6 1 Creating Library Objects 172 10 6 2 Adding Policies to the Library Objects 172 10 6 3 Using Policies in the Librar...

Page 10: ...eration Attribute 254 Delete Destination Object 255 Delete Source Object 256 Find Matching Object 257 For Each 260 Generate Event 261 If 264 Implement Entitlement 266 Move Destination Object 267 Move...

Page 11: ...t 314 Added Entitlement 316 Association 317 Attribute 318 Character 319 Class Name 320 Destination Attribute 321 Destination DN 323 Destination Name 325 Document 326 Entitlement 327 Generate Password...

Page 12: ...onent Builder 381 16 5 Condition Builder 382 16 5 1 Creating a Condition 382 16 5 2 Additional Options for the Condition Builder 382 16 6 Condition Argument Component Builder 383 16 7 Match Attribute...

Page 13: ...Entitlement 441 Move Destination Object 442 Move Source Object 443 Reformat Operation Attribute Value 444 Remove Association 445 Remove Destination Attribute Value 446 Remove Source Attribute Value 4...

Page 14: ...n Name 482 Entitlement 483 Global Configuration Value 484 Local Variable 485 Named Password 486 Operation 487 Operation Attribute 488 Operation Property 489 Password 490 Removed Attribute 491 Removed...

Page 15: ...Additional Builders and Editors on page 45 Chapter 5 Using the XPath Builder on page 71 Chapter 6 Defining Schema Map Policies on page 77 Chapter 7 Controlling the Flow of Objects with the Filter on...

Page 16: ...s see the Identity Manager Drivers Documentation Web site http www novell com documentation idm36drivers index html For documentation on using Designer see the Designer 3 0 for Identity Manager 3 6 1...

Page 17: ...ation in Resource Objects on page 169 Chapter 11 Using ECMAScript in Policies on page 175 This section also contains a detailed reference section to all of the elements in DirXML Script For more infor...

Page 18: ...icy operates on an XDS document and its primary purpose is to examine and modify that document An operation is any element in the XDS document that is a child of the input element and the output eleme...

Page 19: ...hapter 3 Managing Policies with the Policy Builder on page 21 which documents the Identity Manager 3 5 and Newer Policy Builder The only difference is an additional icon that enables and disables trac...

Page 20: ...20 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 21: ...newer and an older one that does not support these features The Policy Builder version is determined by the version of Identity Manager To set the version of Identity Manager 1 Open a project in Desi...

Page 22: ...n select the policy you want to edit 3 1 3 Policy Set 1 Open a project in Designer 2 Click the Outline view then select the Show Model Outline icon 3 Select the policy in the policy set then click Edi...

Page 23: ...tion Builder on page 45 and the Condition Builder on page 52 The following tips describe how to perform some common Policy Builder tasks Table 3 1 Common Policy Builder Tasks Tasks Description Disable...

Page 24: ...he Identity Vault Compare Compares the policy in the Policy Builder to an existing policy in the Identity Vault Policy Simulator Launches the Policy Simulator and tests the policies in the Policy Buil...

Page 25: ...on the toolbar are enabled or disabled depending upon the item you have selected The different icons are described below Table 3 2 Policy Set Toolbar Keyboard Support You can move through the policy s...

Page 26: ...Next You can also add a policy by right clicking a policy set in the Policy Flow view selecting Add Policy then selecting how to create the policy DirXML Script XSLT Link To Existing Copy Existing Sc...

Page 27: ...er You can change this setting if you want to create policies in a different container For example you can set up a policy library put all of the common policies under this driver and then simply refe...

Page 28: ...reference can be to any existing policy within the current Identity Vault It doesn t need to be contained within the current Driver object but the policy type must be valid for the policy set that it...

Page 29: ...e a rule with the details you have specified to that point 1 In Policy Builder toolbar click Rule 2 In the Name and Describe Rule dialog box specify the name of the rule then click Next 3 In the Selec...

Page 30: ...click Finish to create the rule You can expand or collapse the view of the rule by clicking the plus or minus sign Creating a Conditional Group 1 In the Policy Builder right click the Conditions tab...

Page 31: ...nsert Action Before or Insert Action After 3 4 2 Using Predefined Rules Designer includes a list of predefined rules You can import and use these rules as well as create your own rules 1 Right click i...

Page 32: ...d with the path to the policy Click OK The rule is a link to the original rule You cannot edit the rule in this location Access the original rule to make changes 3 4 4 Importing a Policy From an XML F...

Page 33: ...ents are dynamically used by actions and are derived from tokens that are expanded at run time Tokens are broken up into two classifications nouns and verbs Noun tokens expand to values that are deriv...

Page 34: ...nt set to an attribute value you select the attribute noun then select the attribute name 1 Double click Attribute in the list of noun tokens to add it to the Expression pane 2 Browse to and select th...

Page 35: ...next operation is performed See Noun Tokens on page 313 and Verb Tokens on page 353 for a detailed reference on the noun and verb tokens See Argument Builder on page 47 for more information on the Ar...

Page 36: ...L name see W3C Extensible Markup Language XML http www w3 org TR 2006 REC xml11 20060816 sec suggested names If the given variable does not exist the reference is replaced with the empty string Where...

Page 37: ...dd Role page 240 Add Source Attribute Value page 242 Add Source Object page 243 Append XML Element page 244 Append XML Text page 246 Clear Destination Attribute Value page 249 Clear Source Attribute V...

Page 38: ...variable 4 Select the variable then click OK 3 6 4 Accessing the Variable Selector From the Argument Builder 1 In the Argument Builder select one of the following noun tokens from the Nouns section T...

Page 39: ...Actions tab 2 In the Do field select the clone by XPath expressions option 3 After the Specify source XPath expression field click the Launch variable browser icon 4 Select an item and click OK Only o...

Page 40: ...e Imports a policy from the file system and appends it to the policy or replaces all the rules of the policy Launch Policy Simulator Launches the Policy Simulator Move and drop Enables you to select a...

Page 41: ...y in the Policy Name field 4 Click OK 3 7 4 Saving Your Work Do one of the following From the main menu click File Save or Save All Close the editor by clicking the X in the editor s tab Select Close...

Page 42: ...of the policy 3 Save the policy by pressing Ctrl S To add a description to a rule 1 Double click the name of the rule 2 Specify a description of the rule in the Description field 3 Save the rule by p...

Page 43: ...Managing Policies with the Policy Builder 43 novdocx en 13 May 2009 Figure 3 3 View Policy in XML...

Page 44: ...44 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 45: ...tribute Builder on page 55 Section 4 7 Action Argument Component Builder on page 57 Section 4 8 Argument Value List Builder on page 58 Section 4 9 Named String Builder on page 58 Section 4 10 Conditio...

Page 46: ...age 260 Implement Entitlement page 266 If page 264 While page 312 Option Description New Insert Action Before Adds a new action before the current action New Insert Action After Adds a new action afte...

Page 47: ...f the add destination attribute value click the Edit the actions icon This launches the Actions Builder In the Actions Builder you define the desired action In the following example the member attribu...

Page 48: ...on page 353 for more information Description Contains a brief description of the selected noun or verb token Click the Help icon to launch additional help Expression Contains the argument that is bei...

Page 49: ...m the Clipboard into the Argument Builder Move Up Moves the selected token up Move Down Moves the selected token down Help Launches the help Append noun Appends a noun token to the end of the argument...

Page 50: ...ge 276 Rename Destination Object page 277 when the selected object is DN or Association and Enter String Rename Source Object page 279 when the selected object is DN or Association and Enter String Se...

Page 51: ...tes or launch the variable browser For more information on the variable browser see Section 3 6 Variable Selector on page 35 3 Double click Substring from the list of verbs 4 Type 1 in the Length fiel...

Page 52: ...of condition groups The two condition structures are OR Conditions AND Groups AND Conditions OR Groups To create and customize a condition see the following sections Section 4 4 1 Creating a Condition...

Page 53: ...k OK Option Description New Insert Condition Before Adds a condition before the current condition New Insert Condition After Adds a condition after the current condition Edit Launches the Condition Bu...

Page 54: ...condition in the condition group Expand All Conditions Expands all conditions that are part of the selected condition group Collapse All Conditions Collapses all conditions that are part of the selec...

Page 55: ...nd a location 1 Select the action of find matching object 2 Select the scope of the search for the matching objects Select from entry subordinates or subtree 3 Specify the DN of the starting point for...

Page 56: ...Vault schema or the connected system schema 7 Click Finish The Match Attribute Builder also allows you to specify another value instead of using the value from the current object To use another value...

Page 57: ...e Value page 236 Add Source Attribute Value page 242 Reformat Operation Attribute page 270 Remove Destination Attribute Value page 273 Remove Source Attribute Value page 276 Set Destination Attribute...

Page 58: ...ult Attribute Value 1 Select the type of the value counter dn int interval octet state string structured teleNumber time 2 Create the value of the list You can type the value or click the Edit the arg...

Page 59: ...rgument Builder 3 Click Finish For a Send Email action the named strings correspond to the elements of the e mail A complete list of possible values is contained in the help file corresponding to the...

Page 60: ...condition component 2 Click Finish 4 11 Pattern Builder You can launch the Pattern Builder from the Argument Builder editor when the Unique Name page 348 token is selected The Argument Builder editor...

Page 61: ...t patterns icon to launch the Pattern Builder 2 Specify the pattern or click the Edit the arguments icon to use the Argument Builder to create the pattern 3 Click Finish 4 12 String Builder The String...

Page 62: ...tion 4 14 Mapping Table Editor The Mapping Table editor allows you to create edit and manage mapping table objects A mapping table object is used by a policy to map a set of values to another set of c...

Page 63: ...onflict message click Yes to save the project before opening the Mapping Table editor 4 In the Mapping Table editor select column_new 1 5 Specify a column name and data type then click Close Column na...

Page 64: ...page 64 4 14 2 Adding a Mapping Table Object to a Policy 1 Either create a policy to use the mapping table in or select an existing policy to edit 2 Launch the Argument Builder in the Policy Builder...

Page 65: ...ny manner at this point In this example the OU attribute is populated with the value derived from the mapping table 4 14 3 Editing a Mapping Table Object Designer provides the following options to edi...

Page 66: ...is ready to export select Export To CSV File Delete Column Deletes a column from the mapping table Delete Row Deletes a row from the mapping table Move Row Up Moves the selected row up in the mapping...

Page 67: ...pping table For more information see Chapter 9 Testing Policies with the Policy Simulator on page 145 4 15 Namespace Editor The Policy Builder enables you to use multiple XML namespaces within your XM...

Page 68: ...ing links open Javadoc references for these Java classes com novell nds dirxml driver XdsQueryProcessor http developer novell com documentation dirxml dirxmlbk api com novell nds dirxml driver XdsQuer...

Page 69: ...is defined for a specific policy or it is defined for a driver If a local variable scope is set to driver then any policy in the driver can use this variable The Policy Builder contains a Local Varia...

Page 70: ...s any local variables with a scope of driver Error Variables Lists local variables that are set if an error is encountered during the execution of the policy that contains the following actions Clear...

Page 71: ...information about XPath expression see XPath 1 0 Expressions in Understanding Policies for Identity Manager 3 6 Figure 5 1 XPath Builder To use the XPath Builder 1 In the Policy Builder select any of...

Page 72: ...ailable events Each event has different files you can select For example if you select Add you have three options Organization xml OrganizationalUnit xml and User xml The file indicates the event If y...

Page 73: ...to see the XDS document without scrolling click the Hide XPath Details icon To see the XPath Expression and Results windows click Show XPath Details icon 5 Select the current position in the document...

Page 74: ...XPath expression In this example the XPath expression is nds input add It searches the entire XML document for each instance of add Unique searches the XML document until it finds a match and then sto...

Page 75: ...the Results text area below If the XPath editor does not evaluate the expression click the Evaluate XPath expression icon to force the XPath Builder to evaluate the expression 8 Optional Click the EC...

Page 76: ...76 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 77: ...ditor is for creating and managing schema map policies If you want to manage the actual schema on the Identity Vault or Application use the Manage Schema tool which is accessible by clicking the pull...

Page 78: ...open the Schema Map editor from the Outline view 1 In an open project click the Outline tab 2 Click Show Model Outline 3 Expand the driver where you want to manage the schema map policy 4 Double clic...

Page 79: ...tes alphabetically ascending or descending To do so click either the gray Identity Vault header or the gray application datastore header that appears above the list of mapped classes If you first sele...

Page 80: ...om which you can add additional attributes to an existing Application class in the schema map For more information see Adding an Application Class or Attribute on page 83 Insert Class Row adds an empt...

Page 81: ...ects with the Filter on page 93 Adding an Identity Vault Class or Attribute on page 81 Adding an Application Class or Attribute on page 83 Adding a Non class specific Attribute Mapping on page 84 Dele...

Page 82: ...ttributes page select a class and the relevant class attributes to add to the schema map then click OK Use Shift click and Ctrl click to select multiple attributes if desired 3 In the Schema Map Edito...

Page 83: ...itional Application attributes to an existing class mapping IMPORTANT To view an application s schema classes and attributes the driver must be able to retrieve the schema information from a live appl...

Page 84: ...e you added to the schema map then specify the appropriate Identity Vault attribute to which you want to map it You can either select the attribute from the drop down list or type it in the field manu...

Page 85: ...Select the classes or attributes you want to remove then click Delete in the Schema Map editor toolbar Select the classes or attributes you want to remove then press the Delete key You can also delete...

Page 86: ...entity Vault schema click the pull down menu then select Manage Identity Vault Schema This opens the Manage Schema tool and displays information about the classes and attributes in the Identity Vault...

Page 87: ...hema Map Policy The Exported policies which were saved as XML files on the file system can be re imported to the Schema Map editor This functionality saves you the effort of redoing the class or attri...

Page 88: ...the Schema Map policy as a xml file Simulate Tests the Schema Map policy For more information see Section 6 3 Testing Schema Map Policies on page 86 Export to Configuration File Saves the Schema Map p...

Page 89: ...olicies and Schema Items from the Identity Vault in the Designer 3 0 1 for Identity Manager 3 6 Administration Guide Live Deploy Deploys the selected Schema Map policy into the Identity Vault For more...

Page 90: ...all policies in the selected policy set Remove All Set Policies Removes all policies from the selected policy set but does not delete the existing policies Option Description Edit Launches the Schema...

Page 91: ...oys the Schema Map policy into the Identity Vault Live Compare Compares the Schema Map policy in Designer to the Schema Map policy in the Identity Vault Delete Deletes the selected Schema Map policy P...

Page 92: ...92 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 93: ...d system can receive the changes or just be notified that a change has occurred Designer displays this information in the Policy Flow view as Sync and Notify filters If a filter is set to Sync then th...

Page 94: ...ilter editor allows you to edit filter policies This section includes the following topics Section 7 1 1 Accessing the Filter Editor on page 94 Section 7 1 2 Navigating the Filter Editor on page 96 Se...

Page 95: ...of Objects with the Filter 95 novdocx en 13 May 2009 3 Double click the Filter object or right click it and select Edit to launch the Filter editor Policy Flow View 1 In the Outline view select the S...

Page 96: ...r Right click and select Edit Policy Filter to launch the Filter editor Policy Set View 1 Double click the filter object in the Policy Set view 7 1 2 Navigating the Filter Editor The Filter Editor use...

Page 97: ...the selected items Esc Exits the edit mode Ctrl A Selects all classes and attributes in the Filter editor Tool Description Add Attributes opens the Schema Browser so you can select attributes from the...

Page 98: ...ractice is to completely remove the class or the attribute from the filter To remove attributes and classes from the filter do one of the following Right click the class or attribute you want to remov...

Page 99: ...om another driver and use it in the driver you are currently working with 1 Click Copy an Existing Filter You can also right click in the Filter editor then select Copy an Existing Filter 2 Browse to...

Page 100: ...3 5 novdocx en 13 May 2009 2 Change the filter settings for the selected class See Table 7 2 on page 101 for information on each of the class settings available in the Filter Editor 3 In the Filter Ed...

Page 101: ...from the Identity Vault into the connected system Ignore Does not synchronize the class from the Identity Vault into the connected system Create Home Directory Create Home Directory allows you to cre...

Page 102: ...l system and sent to the HR database the filter sends the information from the HR database back to the e mail system and the employee s address is not changed Subscribe Synchronize Changes to this obj...

Page 103: ...dd to the single side This is always valid behavior Identity Vault Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publishe...

Page 104: ...ort Filter 2 In the Export Filter dialog box specify a file name and location for the XML filter file then click Save 7 4 2 Importing a Filter File 1 Select Import Filter 2 In the Import Filter File d...

Page 105: ...tion Guide 3 In the Deployment Results page click OK The Deployments Results page notes any errors or warnings that occurred during the deployment process 7 8 Additional Filter Options When you right...

Page 106: ...ing the Filter on page 98 Save As Saves the selected Policy Set as a xml file Simulate Launches the Policy Simulator For more information see Section 7 3 Testing the Filter on page 104 Live Import All...

Page 107: ...river Restarts the driver Option Description Edit Launches the Filter editor For more information see Section 7 2 Editing the Filter on page 98 Save As Saves the filter as a xml file Simulate Launches...

Page 108: ...108 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 109: ...Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 Section 8 9 Input or Output Transformation Reformat Telephone Number from nnn nnn nnnn to nnn nnn nnnn on page 124 Section...

Page 110: ...the predefined rules creating a policy in the Command Transformation policy set and importing the predefined rule If you already have a Command Transformation policy that you want to add this rule to...

Page 111: ...changes and continue Click Yes The Policy Builder is launched and the new Command Transformation policy is saved 9 Continue with Importing the Predefined Rule 8 1 2 Importing the Predefined Rule 1 Ri...

Page 112: ...ontainer is set to the destination DN The second local variable is named does target exist The value of does target exist is set to the destination attribute value of objectclass The class is set to O...

Page 113: ...Flow view select the Publisher channel 2 Select the Command Transformation policy set in the Policy Set view then click Create or add a new policy to the policy set icon to create a new policy 3 Sele...

Page 114: ...ects to be created unless the required attributes are populated Implement the rule on the Creation policy in the driver You can implement the rule on either the Subscriber or the Publisher channel or...

Page 115: ...and continue Click Yes The Policy Builder is launched and the new Creation policy is saved 9 Continue with Importing the Predefined Rule 8 3 2 Importing the Predefined Rule 1 Right click in the Policy...

Page 116: ...he Creation policy set and importing the predefined rule If you already have a Creation policy that you want to add this rule to skip to Importing the Predefined Rule Section 8 4 1 Creating a Policy o...

Page 117: ...Identity Vault If you have attributes that are the same for different users using the template saves time You fill in the information in the template object and when the User object is created Identi...

Page 118: ...and select another location to place the policy in the driver 6 Select Open Editor after creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file confl...

Page 119: ...p 1 on page 118 through Step 11 on page 119 to assign the value to the attribute 8 6 Creation Set Default Password During the creation of user objects this rule sets a default password for user object...

Page 120: ...r then click New Predefined Rule Insert Predefined Rule Before or Insert Predefined Rule After 2 Select Creation Set Default Password then click OK 3 Expand the predefined rule 4 Save the rule by clic...

Page 121: ...olicy Flow view select the Publisher or Subscriber channel 2 Select the Event Transformation policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a...

Page 122: ...ll events that occur in a specific subtree Implement the rule on the Event Transformation policy in the driver You can implement the rule on either the Subscriber or the Publisher channel or on both c...

Page 123: ...icy Builder is launched and the new Event Transformation policy is saved 9 Continue with Importing the Predefined Rule 8 8 2 Importing the Predefined Rule 1 Right click in the Policy Builder then clic...

Page 124: ...ut or Output Transformation policy that you want to add this rule to skip to Importing the Predefined Rule Section 8 9 1 Creating a Policy on page 124 Section 8 9 2 Importing the Predefined Rule on pa...

Page 125: ...e condition that is to be met when the telephone number is reformatted 8 10 Input or Output Transformation Reformat Telephone Number from nnn nnn nnnn to nnn nnn nnnn This rule transforms the format o...

Page 126: ...7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this item you need to save Do you wish to save the editor s changes an...

Page 127: ...defined rules creating a policy in the Matching policy set and importing the predefined rule If you already have a Matching policy that you want to add this rule to skip to Importing the Predefined Ru...

Page 128: ...se of destination hierarchy from the Specify string field 9 Click the Edit the arguments icon to launch the Argument Builder 10 Select Text in the noun list 11 Double click Text to add it to the argum...

Page 129: ...or the Policy Flow view select the Subscriber channel 2 Select the Matching policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a new policy 3 Cli...

Page 130: ...k OK 13 Click Finish 14 Save the rule by clicking File Save 8 12 3 How the Rule Works This rule matches for objects in the data store by using the mirrored structure in the Identity Vault from a speci...

Page 131: ...policy to the Policy Set icon to create a new policy 3 Click Create a new policy then click Next 4 Name the policy 5 Use the default location or browse and select another location to place the policy...

Page 132: ...e rule by clicking File Save 8 13 3 How the Rule Works This rule matches for User objects by attributes When a User object is synchronized the driver uses the rule to check and see if the specified at...

Page 133: ...r creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this item you need to save Do you wis...

Page 134: ...est base unmatched source DN The rule uses the slash format 8 15 Placement Subscriber Mirrored LDAP Format This rule places objects in the data store by using the mirrored structure in the Identity Va...

Page 135: ...Predefined Rule Before or Insert Predefined Rule After 2 Select Placement Subscriber Mirrored LDAP format then click OK 3 Expand the predefined rule 4 Edit the condition by double clicking the Condit...

Page 136: ...ved in using the predefined rules creating a policy in the Placement policy set and importing the predefined rule If you already have a Placement policy that you want to add this rule to skip to Impor...

Page 137: ...Delete Enter DN of destination container from the Specify String field 6 Click the Edit the arguments icon to launch the Argument Builder 7 Select Text in the noun list 8 Double click Text to add it t...

Page 138: ...2 Select the Placement policy set in Policy Set view then click Create or add a new policy to the Policy Set icon to create a new policy 3 Click Create a new policy then click Next 4 Name the policy...

Page 139: ...e dest base The rule then sets the destination DN to be uid unique name dest base The uid attribute of the User object is the first two letters of the Given Name attribute plus the Surname attribute i...

Page 140: ...driver 6 Select Open Editor after creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this...

Page 141: ...ent containers depending upon the value that is stored in the OU attribute If a User object needs to be placed and has the OU attribute available then the User object is placed in the dest base value...

Page 142: ...ne view or the Policy Flow view select the Subscriber channel 2 Select the Placement policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a new poli...

Page 143: ...per department containers depending upon the value that is stored in the OU attribute If a User object needs to be placed and has the OU attribute available then the User object is placed in the uid u...

Page 144: ...144 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 145: ...nts that the Metadirectory engine can process XML documents that do not conform to this schema generate errors To verify whether the document conforms to the nds dtd and to find information about why...

Page 146: ...e Policy Simulator icon in the toolbar of each editor 9 2 Creating an XDS Input Document In order to simulate a policy you must have a valid XDS Input document The policy consumes the input document a...

Page 147: ...rameters attributes and values XDS Builder saves the parameters and values of the simulator for the current Designer session To make the simulator input available after Designer has been shut down sav...

Page 148: ...ument files you can use The files are located in the plug in com novell designer idm policy simulation The events are Add Association Delete Instance Modify Move Query Rename and Status 9 2 3 Use an I...

Page 149: ...connecting to the application in order to capture any error messages NOTE Simulator access to application attributes is based on the rights granted to the application user specified in the driver con...

Page 150: ...group of policies to simulate with a specific operation Figure 9 2 Simulation Point in the Policy Simulator You can select a Driver object Publisher channel Subscriber channel policy or rule as the s...

Page 151: ...values for the selected operation Each operation displays different parameters Figure 9 4 Parameters and Values in the XDS Builder The list of parameters for each operation is set and cannot be change...

Page 152: ...ault browser However the Browse button for all destination parameters such as Destination DN launches the application Browser Editing the Class parameter launches the application class browser when th...

Page 153: ...Editor to modify the value For more information see Section 9 4 Using the Hex Editor on page 155 Identity Vault Schema When working with Identity Vault attributes with structured values the Simulator...

Page 154: ...esults of the Modify operation The Policy Simulator allows you to modify the values of the attribute and change the order of events that occur to an attribute When you right click an event in the Attr...

Page 155: ...h Step 4 6 Click the Data field then specify the XML fragment 7 Click OK to save the information 9 4 Using the Hex Editor The Hex editor allows you to view or edit any attribute values in hex mode For...

Page 156: ...in the Hex Editor on page 161 Section 9 4 7 Deleting Data in the Hex Editor on page 161 Section 9 4 8 Moving the Cursor in the Hex Editor on page 162 Section 9 4 9 Exporting Data from the Hex Editor o...

Page 157: ...tes in the Designer 3 0 1 for Identity Manager 3 6 Administration Guide 3 In the Schema Browser select the new attribute then click OK to launch the Hex editor 9 4 2 Importing Data into the Hex Editor...

Page 158: ...3 5 novdocx en 13 May 2009 2 Specify the amount of data to add in bytes B or kilobytes kB 3 Specify the initial hex value then click OK 9 4 4 Appending Data in the Hex Editor 1 Right click in the Hex...

Page 159: ...byte in the table if there is no data It is also available when you right click the last byte if there is data 2 Specify the amount of data to append in bytes or kilobytes 3 Specify the initial hex va...

Page 160: ...is selected the far right column displays the value encoded 2 Select the cell of data to edit then edit the data When a cell is selected the value is displayed in blue 3 Click OK to save the changes T...

Page 161: ...he last change you had made is undone If you decide you want that change back 1 Right click in the Hex editor then select Redo The change that was undone is now redone 9 4 7 Deleting Data in the Hex E...

Page 162: ...2 Select whether the address specified in the table is a Decimal or Hexadecimal offset then specify the value 3 Select the mode of moving the cursor Absolute Moves the cursor to the specified offset...

Page 163: ...a policy 1 In the Policy Simulator after the XDS input document is complete click Next 2 If the policy you are simulating generates a query review the query in the Query tab and model the query respon...

Page 164: ...For information on using the Parameter table see Section 9 2 10 Parameter and Value on page 151 You can adjust the query parameters to vary the response generated when you send the query to the Applic...

Page 165: ...to generate a Response instance document The Simulator determines the query destination automatically and displays the appropriate button Submit to Vault requires valid associations in the Associatio...

Page 166: ...You can configure the level of trace detail For more information see Section 9 2 6 Configuration Options on page 149 Output The Output tab displays the output document generated when the policy proce...

Page 167: ...e Policy Simulator 167 novdocx en 13 May 2009 Compare The Compare tab displays the input document and the output document side by side so you can examine the changes resulting from the policy processi...

Page 168: ...appropriate jar file or directory to the class path To add a jar file or directory to the Java class path 1 Select Windows Preferences from the tool bar 2 Navigate to the Novell Identity Manager Simul...

Page 169: ...source objects allow you to store information that a policy consumes It can be any information stored in text or XML format A resource object is stored in a library or driver object An example of usin...

Page 170: ...ource object 10 1 2 Using a Generic Resource Object A resource object is a place to store information It is an eDirectoryTM object and to use the information in the object you treat it as any other eD...

Page 171: ...ication objects for Novell SecureLogin and for Novell SecretStore For information on how to create application objects for SecureLogin see Creating an Application Object in Novell Credential Provision...

Page 172: ...ation parameter values for Novell Credential Provisioning policies For information see Creating an Application Object or Creating an Application Object in Novell Credential Provisioning for Identity M...

Page 173: ...xisting object 10 6 3 Using Policies in the Library Objects After you have created the library you can use any of the resources stored in the library in any policy 1 Double click the desired policy in...

Page 174: ...174 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 175: ...dgpro data prdefcreateformschapter html This section explains how to use the ECMAScript editor how to use ECMAScript with policies and how to use ECMAScript with custom forms It does not explain the E...

Page 176: ...roperties of the server then the ECMAScript object can be created Designer provides an ECMAScript editor which also includes an ECMA Expression Builder You use both to create the ECMAScript To access...

Page 177: ...in a text editor then copy the script 2 Paste the ECMAScript into the ECMAScript editor 3 Press Ctrl S to save the ECMAScript Editing an ECMAScript There are multiple options available for use to edit...

Page 178: ...fied information Show Expression Builder Launches the Expression Builder For more information see Section 11 2 2 Expression Builder on page 178 Option Description Toggle Breakpoints To be implemented...

Page 179: ...r conditions If XPath Expression Append XML Element Append XML Text Clone By XPath Expressions Set XML Attribute Strip XPath Expression To access the Expression Builder through the Argument Builder 1...

Page 180: ...s 4 Click Check Syntax to validate the expression 5 Click OK to close the Expression Builder In the following example the join ECMAScript variable is used with the toString function or method but ther...

Page 181: ...ion to view all of the variables by clicking the plus icon arrow icon in Linux You can view the function without the variables by clicking the minus icon arrow icon in Linux 11 2 4 Error Display As th...

Page 182: ...error in the Problems view The cursor jumps to the problem line in the main scripting area To access the Problems view 1 In the toolbar select Window Show View Other General Problems The Problems view...

Page 183: ...is tested by specifying a value of areaOfCircle 10 The shell displays the value of 628 3185307179587 To execute the expression press the Enter key If you want to enter more than one line of code in t...

Page 184: ...of ECMAScripts with Policies The following examples use the ECMAScript file demo js samples demo js with different policies The demo js file contains three ECMAScript function definitions Section 11...

Page 185: ...com novell designer idm policybuilder_1 2 0 200612180606 DTD dirxmlscript dtd policy rule description Reformat photo from URL to octet description conditions actions do reformat op attr name photo ar...

Page 186: ...6 Split on page 186 Join The Join function joins the text values of Nodes in a NodeSet into a single string template that joins the joinme attribute values into a single value xsl template match attr...

Page 187: ...itjointest xml is an input document that shows the style sheet in action 11 3 3 XSLT Policy Calling an ECMAScript Function in the Style Sheet The XSLT policy demonstrates embedding ECMAScript function...

Page 188: ...188 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 189: ...e or when no conditions are specified This section contains detailed information about all conditions that are available through the Policy Builder interface If Association on page 190 If Attribute on...

Page 190: ...ation for the current object Available There is a non empty association value specified by the current operation Equal The association value specified by the current operation is exactly equal to the...

Page 191: ...Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java...

Page 192: ...reater Than Less Than Not Equal Not Greater Than Not Less Than Operator Returns True When Available There is a value available in either the current operation or the source data store for the specifie...

Page 193: ...le xml Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The regular expression ma...

Page 194: ...194 Policies in Designer 3 5 novdocx en 13 May 2009 The condition is looking for any User object that has an attribute of Title with a value of consultant or sales...

Page 195: ...operation Equal There is an object class name available in the current operation and it equals the specified value when compared by using the specified comparison mode Greater Than There is an object...

Page 196: ...see 004 Command GroupChangeOnTitleChange xml samples 004 Command GroupChangeOnTitleChange xml Regular Expression The regular expression matches the entire string It defaults to case insensitive but c...

Page 197: ...Conditions 197 novdocx en 13 May 2009 Checks to see if the class name of the current object is User...

Page 198: ...tore for the specified attribute Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared by using the specified compari...

Page 199: ...GroupChangeOnTitleChange xml Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The...

Page 200: ...200 Policies in Designer 3 5 novdocx en 13 May 2009 The policy checks to see if the value of the title attribute contains manager...

Page 201: ...There is a destination DN available Equal There is a destination DN available and it equals the specified value when compared by using semantics appropriate to the DN format of the destination data st...

Page 202: ...change that adds a value add value or add attribute to the named entitlement It has a value that equals the specified value when compared by using the specified comparison mode Equal There is a value...

Page 203: ...n Not Changing From Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The regular...

Page 204: ...204 Policies in Designer 3 5 novdocx en 13 May 2009 Not Changing To Not Equal Not Greater Than Not Less Than Example...

Page 205: ...ctor on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Operator Returns True When Available There is a global configuration value with the specified name...

Page 206: ...rison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http...

Page 207: ...rators that contain the value field are Equal Greater Than Less Than Not Equal Operator Returns True When Available There is a local variable with the specified name that has been defined by an action...

Page 208: ...ity Manager 3 6 To view the policy in XML see 003 Command AddCreate Groups xml samples 003 Command AddCreateGroups xml Mode Description Case Sensitive Character by character case sensitive comparison...

Page 209: ...en 13 May 2009 The policy contains five rules that are dependent on each other For the If Locate Variable condition to work the first rule sets four different local variables to test for groups and wh...

Page 210: ...en 13 May 2009 The condition the rule looks for is to see if the local variable of manager group info is available and if manager group info is not equal to group If these conditions are met then the...

Page 211: ...n the selected operator Fields Name Specify the name of the named password to test for the selected condition Supports variable expansion For more information see Section 3 6 Variable Selector on page...

Page 212: ...mparison mode Not Equal Equal would return False Not Greater Than Greater Than would return False Not Less Than Less Than would return False Mode Description Case Sensitive Character by character case...

Page 213: ...ion For more information see Section 3 6 Variable Selector on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Not Greater Than Not Less Than The values ar...

Page 214: ...p security equal to that group The policy name is Govern Groups for User Based on Title Attribute and it is available for download from the Novell Support Web site For more information see Downloading...

Page 215: ...specified attribute that equals the content of the condition when compared by using the specified comparison mode If mode structured then the content must be a set of component s Otherwise it must be...

Page 216: ...se Not Changing To Changing To would return False Not Equal Equal would return False Not Greater Than Greater Than or Equal would return False Not Less Than Less Than or Equal would return False Mode...

Page 217: ...roups for User Based on Title Attribute and it is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Policies for I...

Page 218: ...ks to see if the attribute of Title is equal to manager which is a regular expression The condition looks for a title that has zero or more characters before manager and a single character after manag...

Page 219: ...Selector on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Not Greater Than Not Less Than Operator Returns True When Available There is an operation prop...

Page 220: ...pression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2...

Page 221: ...ble There is a password available in the current operation Equal There is a password available in the current operation and its value equals the content of the condition when compared by using the spe...

Page 222: ...sformation policy checks to see if a password is available when an object is added If the password is available then the Novell SecureLogin and Novell SecretStore credentials are provisioned Case Inse...

Page 223: ...Conditions 223 novdocx en 13 May 2009...

Page 224: ...value available in the source data store for the specified attribute Equal There is a value available in the source data store for the specified attribute It equals the specified value when compared b...

Page 225: ...s to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pattern options CAS...

Page 226: ...r more information see Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 To view the policy in XML see predef_transformation_filter_exclude_subtress xml samples predef_tran...

Page 227: ...Conditions 227 novdocx en 13 May 2009 The condition checks to see if the source DN is in the Users container If the object comes from that container it is vetoed...

Page 228: ...on has a comparison mode parameter that indicates how a comparison is done Operator Returns True When Available There is an XML attribute with the specified name on the current operation Equal There i...

Page 229: ...tring It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pat...

Page 230: ...y Manager 3 6 Example If you are implementing Novell Credential Provisioning policies there is a sample Subscriber Command Transformation policy that uses the XPath Expression condition The sample fil...

Page 231: ...Conditions 231 novdocx en 13 May 2009...

Page 232: ...232 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 233: ...ppend XML Text on page 246 Break on page 248 Clear Destination Attribute Value on page 249 Clear Operation Property on page 250 Clear Source Attribute Value on page 251 Clear SSO Credential on page 25...

Page 234: ...ge 293 Set Operation Property on page 294 Set Operation Source DN on page 295 Set Operation Template DN on page 296 Set Source Attribute Value on page 297 Set Source Password on page 299 Set SSO Crede...

Page 235: ...Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store DN Specify the DN of the target object...

Page 236: ...type This object can be the current object or can be specified by a DN or an association DN Specify the DN association or current object as the target object Value Type Select the syntax of the attrib...

Page 237: ...Actions 237 novdocx en 13 May 2009...

Page 238: ...ter the current operation or written directly to the destination data store DN Specify the DN of the object to be created Remarks Any attribute values to be added as part of the object creation must b...

Page 239: ...Actions 239 novdocx en 13 May 2009 The OU object is created The value for the OU attribute is created from the destination attribute value action that occurs after this action...

Page 240: ...ction 3 6 Variable Selector on page 35 Password Specify the authorized user password You can enter a clear text password not recommended or use the Argument Builder to specify a Named Password Object...

Page 241: ...n for any Separation of Duty violations this assignment will trigger Default No exception will be requested and the request will fail if it causes a violation NOTE By default the Named String Builder...

Page 242: ...ave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object type Thi...

Page 243: ...field Any attribute values to be added as part of the object creation must be done in subsequent Add Source Attribute Value actions using the same DN Fields Class Name Specify the class name of the o...

Page 244: ...hould be appended Insert Select whether to insert the XPath expression before the source XPath expression or append the XPath expression to the end of the current node in the destination XPath express...

Page 245: ...Actions 245 novdocx en 13 May 2009...

Page 246: ...ression or append the XPath expression to the end of the current node in the destination XPath expression Before XPath Expression Specify the XPath 1 0 expression that evaluates relative to each of th...

Page 247: ...Actions 247 novdocx en 13 May 2009...

Page 248: ...248 Policies in Designer 3 5 novdocx en 13 May 2009 Break Ends processing of the current operation by the current policy Example...

Page 249: ...the class name of the target object Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 M...

Page 250: ...n The operation property is the XML attribute attached to an operation data element by a policy An XML attribute is a name value pair associated with an element in the XDS document Fields Property Nam...

Page 251: ...onal Specify the class name of the target object Leave the field blank to use the class name from the current object This value might be required for schema map purposes if the object is other than cu...

Page 252: ...e repository object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Target User DN Specify the DN of the target users Application Credential ID Specify th...

Page 253: ...containing the nodes to be copied Supports variable expansion For more information on variable expansion and XPath see Section 3 6 5 XPath Expressions on page 39 Destination XPath Expression Specify t...

Page 254: ...Selector on page 35 Example The example adds a User object to the appropriate Employee or Manager group based on Title It also creates the group if needed and sets up security equal to that group The...

Page 255: ...For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data s...

Page 256: ...he object to delete in the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object type to delete in the source...

Page 257: ...eturned No query is performed if the current operation already has a non empty association thus allowing multiple find matching object actions to be strung together in the same rule If the destination...

Page 258: ...tributes The left fields store the attributes to match The right fields allow you to specify to use the value from the current object to match or to use another value If you select Other Value there a...

Page 259: ...Actions 259 novdocx en 13 May 2009 2 Select the desired value type 3 Specify the value then click Finish...

Page 260: ...e is used If the current node in the node set is an entitlement element then the actions are marked as if they are also enclosed in an Implement Entitlement action If the current node is a query eleme...

Page 261: ...rts the following strings Level Description log informational Positive events of any importance log alert Events that require immediate attention log critical Events that can cause parts of the Metadi...

Page 262: ...it or Sentinel an event The policy name is Policy to Place by Surname and is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies To v...

Page 263: ...Actions 263 novdocx en 13 May 2009...

Page 264: ...if the conditions are False Example During an Add or Modify operation if the attribute of Title equals manager the user object is added to the ManagerGroup group If the Title does not equal manager th...

Page 265: ...Actions 265 novdocx en 13 May 2009 The action is to add the user object to the ManagerGroup group If the title does not equal manager the user object is placed in the UsersGroup group...

Page 266: ...the agent that granted or revoked the entitlement Fields Node Set Node set containing the entitlement being implemented by the specified actions Action Actions that implement the specified entitlement...

Page 267: ...ed by a DN or an association Container to Move to Select the container to receive the object This container is specified by a DN or an association DN or Association Specify whether the DN or associati...

Page 268: ...policy checks to see if it is a modify event on a User object and if the attribute Description contains the value of terminated If that is the case then it sets the attribute of Login Disabled to Tru...

Page 269: ...o the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object to Move Select the object to be moved This object can be the current object...

Page 270: ...ew value it must be obtained by referencing the local variable current value Example The example reformats the telephone number It changes it from nnn nnn nnnn to nnn nnn nnnn The rule is from the pre...

Page 271: ...Actions 271 novdocx en 13 May 2009...

Page 272: ...sables the User object instead The transforms an event The rule is from the predefined rules that come with Identity Manager For more information see Section 8 2 Command Transformation Publisher Delet...

Page 273: ...ve the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be...

Page 274: ...formation see Section 3 6 Variable Selector on page 35 Password Specify the authorized user password You can enter a clear text password not recommended or use the Argument Builder to specify a Named...

Page 275: ...Actions 275 novdocx en 13 May 2009 Example...

Page 276: ...Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable...

Page 277: ...For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data...

Page 278: ...in the current operation Fields Source Name Specify the original attribute name Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Destination Name Specify t...

Page 279: ...rename in the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Select Object Select the target object This object can be the current obje...

Page 280: ...Strings Specify the values containing the various e mail addresses subject and message You can enter the strings manually or select the Edit the strings icon to open the Named String Builder and speci...

Page 281: ...Actions 281 novdocx en 13 May 2009 Example to Adds the address to the list of e mail recipients multiple instances are allowed Can contain a comma separated list of recipients String Name Description...

Page 282: ...n the Identity Manager 3 6 1 Common Driver Administration Guide Strings Specify additional string arguments for the e mail message You can enter the strings manually or select the Edit the strings ico...

Page 283: ...the reserved field names listed above Send Email from Template supports Global Configuration Values GCVs for creating the desired string Each template can also define fields that can be replaced in t...

Page 284: ...ion 3 6 Variable Selector on page 35 Write Back Select whether or not to also write back the default values to the source data store Argument Values Specify the default values of the attribute Example...

Page 285: ...rgument Value List Builder is launched See Section 4 8 Argument Value List Builder on page 58 for more information on the builder You can set the value to what is needed In this case we used the Argum...

Page 286: ...see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select th...

Page 287: ...e rule sets the value for the attribute of Login Disabled to true The rule uses the Argument Builder to add the text of true as the value of the attribute See Section 4 3 Argument Builder on page 47 f...

Page 288: ...Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object This obje...

Page 289: ...t the type of local variable This can be a string an XPath 1 0 node set or a Java object String Specify the attribute values to set Example The example adds a User object to the appropriate Employee o...

Page 290: ...iable is set to the value that is in the User object s destination attribute of Object Class plus the Local Variable of manager group info The Argument Builder is used to construct the local variable...

Page 291: ...Actions 291 novdocx en 13 May 2009 Set Operation Association Sets the association value for the current operation Fields Association Provide the new association value Example...

Page 292: ...292 Policies in Designer 3 5 novdocx en 13 May 2009 Set Operation Class Name Sets the object class name for the current operation Fields String Specify the new class name Example...

Page 293: ...ed system You need to define at what point the mirroring begins in the source and destination data stores The rule is from the predefined rules that come with Identity Manager For more information see...

Page 294: ...ed within an operation It is typically used to supply additional context that might be needed by the policy that handles the results of an operation Fields Property Name Specify the name of the operat...

Page 295: ...Actions 295 novdocx en 13 May 2009 Set Operation Source DN Sets the source DN for the current operation Fields DN Specify the new source DN Example...

Page 296: ...y is Policy Assign Template to User Based on Title and it is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Pol...

Page 297: ...n For more information see Section 3 6 Variable Selector on page 35 Object Select the target object This object can be the current object or can be specified by a DN or an association Value Type Selec...

Page 298: ...298 Policies in Designer 3 5 novdocx en 13 May 2009 The action takes the value of the destination attribute Internet EMail Address and sets the source attribute of Email to this same value...

Page 299: ...nsion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object This object can be the current object or can be specified by an DN or an association New Passwor...

Page 300: ...e Selector on page 35 Target User DN Specify the DN of the target users Application Credential ID Specify the application credential that is stored in the application object Supports variable expansio...

Page 301: ...for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Ta...

Page 302: ...x has been previously defined in this policy Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 XPath Expression XPath 1 0 expression that returns a node set...

Page 303: ...art in LDAP format Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 User Application URL Specify the URL of the User Application server where the workflow...

Page 304: ...vdocx en 13 May 2009 Example The following example starts a workflow process each time there in an Add operation The workflow is a request for a cell phone To view the policy in XML see start_workflow...

Page 305: ...5 String Provide the status message by using the Argument Builder Remarks If level is retry then the policy immediately stops processing the input document and schedules a retry of the event currently...

Page 306: ...detects when an e mail address is changed and sets it back to what it was The policy name is Policy Reset Value of the E mail Attribute and it is available for download from the Novell Support Web sit...

Page 307: ...expression that returns a node set containing the nodes to be stripped Supports variable expansion For more information on variable expansion and XPath see Section 3 6 5 XPath Expressions on page 39 R...

Page 308: ...of the trace message String Specify the value of the trace message Example The example has four rules that implement a Placement policy for User objects based on the first character of the Surname at...

Page 309: ...Actions 309 novdocx en 13 May 2009 The action sends a trace message to DSTRACE The contents of the local variable is LVUsers1 and it shows up in yellow in DSTRACE...

Page 310: ...e is from the predefined rules that come with Identity Manager For more information see Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 To view the policy in XML see pred...

Page 311: ...User objects to be created unless the attributes Given Name Surname Title Description and Internet EMail Address are available The policy name is Policy to Enforce the Presences of Attributes and it...

Page 312: ...2009 While Causes the specified actions to be repeated while the specified conditions evaluate to True Fields Conditions Specify the condition to be evaluated Actions Specify the actions to be repeat...

Page 313: ...320 Destination Attribute on page 321 Destination DN on page 323 Destination Name on page 325 Document on page 326 Entitlement on page 327 Generate Password on page 328 Global Configuration Value on p...

Page 314: ...r Based on Title policy which is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Policies for Identity Manager 3...

Page 315: ...Noun Tokens 315 novdocx en 13 May 2009 The Text token contains the DN for the manager s group You can browse to the object you want like to use or type the information into the editor...

Page 316: ...entitlement Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token expands to a...

Page 317: ...d rule see Section 8 2 Command Transformation Publisher Delete to Disable on page 113 The action of Remove Association uses the Association token to retrieve the value from the current operation The r...

Page 318: ...ode set is expected the token expands to a node set containing all of the values for that attribute If it is used in a context where a string is expected the token expands to the string value found Ex...

Page 319: ...values and characters see Unicode Code Charts http www unicode org charts Fields Character Value The Unicode code point of the character Supports variable expansion For more information see Section 3...

Page 320: ...320 Policies in Designer 3 5 novdocx en 13 May 2009 Class Name Expands to the object class name from the current operation Example...

Page 321: ...oken is used in a context where a node set is expected the token expands to a node set containing all of the values for that attribute If it is used in a context where a string is expected the token e...

Page 322: ...5 novdocx en 13 May 2009 You build the Destination Attribute through the Editor In this example the attribute of Object Class is set The DN is used to select the object The value of DN is the Local Va...

Page 323: ...nvert Select whether or not to convert the DN to the format used by the source data store Remarks If start and length are set to the default values 0 1 the entire DN is used otherwise only the portion...

Page 324: ...324 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 325: ...Noun Tokens 325 novdocx en 13 May 2009 Destination Name Expands to the unqualified Relative Distinguished Name RDN of the destination DN specified in the current operation Example...

Page 326: ...nt Reads the XML document pointed to by the URI and returns the document node in a node set The URI can be relative to the URI of the including policy With any error the result is an empty node set Fi...

Page 327: ...nt Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token expands to a node set...

Page 328: ...password policy Fields Password Policy The DN of the password policy that receives the randomly generated password Supports variable expansion For more information see Section 3 6 Variable Selector o...

Page 329: ...9 Global Configuration Value Expands to the value of a global configuration variable Fields Name Name of the global configuration value Supports variable expansion For more information see Section 3 6...

Page 330: ...ctor on page 35 Example The example is from the Govern Groups for User Based on Title policy which is available for download from the Novell Support Web site For more information see Downloading Ident...

Page 331: ...he value that is stored in the Local Variable In the Editor you click the browse icon and all of the local variables that have been defined are listed Select the correct local variable The value of th...

Page 332: ...used if a Named Password has been set on the driver object The Named Password is used to save a password in an encrypted form For more information on Named Passwords see Securely Storing Driver Passwo...

Page 333: ...Noun Tokens 333 novdocx en 13 May 2009...

Page 334: ...334 Policies in Designer 3 5 novdocx en 13 May 2009 Operation Expands to the name of the current operation Example...

Page 335: ...s variable expansion For more information see Section 3 6 Variable Selector on page 35 Example The example has four rules that implement a Placement policy for User objects based on the first characte...

Page 336: ...e action Set Operation Destination DN contains the Operation Attribute token The Operation Attribute token sets the Destination DN to the CN attribute The rule takes the context of Training Users Acti...

Page 337: ...Property Expands to the value of the specified operation property on the current operation Fields Name Specify the name of the operation property Supports variable expansion For more information see...

Page 338: ...338 Policies in Designer 3 5 novdocx en 13 May 2009 Password Expands to the password specified in the current operation Example...

Page 339: ...se when querying the Identity Vault For more information about indexes see the Novell eDirectory 8 8 Administration Guide http www novell com documentation edir88 edir88 index html page documentation...

Page 340: ...340 Policies in Designer 3 5 novdocx en 13 May 2009 XPath 1 0 Expressions in Understanding Policies for Identity Manager 3 6 Chapter 5 Using the XPath Builder on page 71 Example...

Page 341: ...Specify the name of the attribute Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected...

Page 342: ...me of the entitlement Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token exp...

Page 343: ...o an association key or the association key to a DN in the specified data store Fields Datastore Select the destination or source datastore to be queried Resolve Type Select to resolve the association...

Page 344: ...t Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the source object This...

Page 345: ...set from the leaf most RDN towards the root most RDN Length Number of RDN segments to include Negative numbers are interpreted as total of segments length 1 For example for a DN with 5 segments a leng...

Page 346: ...346 Policies in Designer 3 5 novdocx en 13 May 2009 Source Name Expands to the unqualified relative distinguished name RDN of the source DN specified in the current operation Example...

Page 347: ...on 3 6 Variable Selector on page 35 Language Specify the language It defaults to the current system language Supports variable expansion For more information see Section 3 6 Variable Selector on page...

Page 348: ...rdinates Start Search Select a starting point for the search The starting point can be the root of the data store or can be specified by a DN or association Pattern Specify patterns to use to generate...

Page 349: ...til a name is found that does not return any instances or the counter is exhausted The counter starting value is specified by counter start and the counter maximum value is specified in terms of the m...

Page 350: ...nstructed to provide unique names If this pattern does not generate a unique name a digit is appended incrementing up to the specified number of digits In this example nine additional unique names wou...

Page 351: ...data store Remarks If there are no matches the entire DN is used Example The example is from the predefined rules that come with Identity Manager For more information see Section 8 12 Matching Subscri...

Page 352: ...nds to the results of evaluating an XPath 1 0 expression Fields Expression XPath 1 0 expression to evaluate Remarks For more information on using XPath expressions with policies see XPath 1 0 Expressi...

Page 353: ...lable through the Policy Builder interface Base64 Decode on page 354 Base64 Encode on page 355 Convert Time on page 356 Escape Destination DN on page 358 Escape Source DN on page 359 Join on page 360...

Page 354: ...e specified character set Fields Character Set Specify the character set that converts the decoded bytes to a string It can be any character set supported by Java If the field is left blank the charac...

Page 355: ...the bytes Fields Character Set Specify the character set that converts the string to bytes It can be any Java supported character set If the filed is left blank the character set defaults to the syste...

Page 356: ...35 Destination Format Specify the destination date time format Select a named time format or specify a custom format pattern Supports variable expansion For more information see Section 3 6 Variable...

Page 357: ...Verb Tokens 357 novdocx en 13 May 2009...

Page 358: ...me with Identity Manager For more information see Section 8 16 Placement Publisher Flat on page 136 To view the policy in XML see predef_place_pub_flat xml samples predef_place_pub_flat xml The action...

Page 359: ...Verb Tokens 359 novdocx en 13 May 2009 Escape Source DN Escapes the enclosed tokens according to the rules of the DN format of the source data store Example...

Page 360: ...If the comma separated values CSV are true then CSV quoting rules are applied to the values Fields Delimiter Optional Specify the string used to delimit the joined values Supports variable expansion...

Page 361: ...name is Policy Create E mail from Given Name and Surname and it is available for download at the Novell Support Web site For more information see Downloading Identity Manager Policies in Understandin...

Page 362: ...ncluding policy Fields Mapping Table DN Specify the slash form DN of a Resource object containing the mapping table Supports variable expansion For more information see Section 3 6 Variable Selector o...

Page 363: ...Verb Tokens 363 novdocx en 13 May 2009 Example...

Page 364: ...rce DN Delimiter Specify the custom source DN delimiter set if Source DN Format is set to custom Destination DN Delimiter Specify the custom destination DN delimiter set if Destination DN Format is se...

Page 365: ...aning Example The example uses the Parse DN token to build the value the Add Destination Attribute Value action The example is from the predefined rules that come with Identity Manager For more inform...

Page 366: ...Specify the replacement string Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks For details on creating regular expressions see Java Class Pattern...

Page 367: ...tp java sun com j2se 1 4 docs api java util regex Pattern html Java Class Matcher information java lang String http java sun com j2se 1 4 docs api java util regex Matcher html replaceAll java lang Str...

Page 368: ...docx en 13 May 2009 The regular expression of d d d s d d d d d d d represents nnn nnn nnnn and the regular expression of 1 2 3 represents nnn This rule transforms the format of the telephone number f...

Page 369: ...ified by delimiter If comma separated values CSV are true then CSV quoting rules are honored during the parsing of the string Fields Delimiter Regular expression that matches the delimiter characters...

Page 370: ...bstring Negative numbers are interpreted as total of characters length 1 For example 1 represents the entire length of the original string If 2 is specified the length is the entire string 1 For a str...

Page 371: ...n 13 May 2009 The Substring token is used twice in the action Set Destination Attribute Value It takes the first character of the First Name attribute and adds eight characters of the Last Name attrib...

Page 372: ...ibutes of the User object to uppercase The policy name is Policy Convert First Last Name to Uppercase and it is available for download at the Novell Support Web site For more information see Downloadi...

Page 373: ...Parse Parses the result of the enclosed tokens as XML and returns the resulting document node in a node set If the result of the enclosed tokens is not well formed XML or cannot be parsed for any rea...

Page 374: ...en 13 May 2009 XML Serialize Serializes the node set result of the enclosed tokens as XML Depending on the content of the node set the resulting string is either a well formed XML document or a well...

Page 375: ...e 382 Section 16 6 Condition Argument Component Builder on page 383 Section 16 7 Match Attribute Builder on page 383 Section 16 8 Named String Builder on page 385 Section 16 9 Pattern String Builder o...

Page 376: ...lect an action then click the Help icon to see information specific to that action 16 2 Actions Builder The Actions Builder allows you to create an action inside of another action To launch the Action...

Page 377: ...Pre Identity Manager 3 5 Noun Tokens on page 475 for more information Verbs Contains a list of all of the available verb tokens Select a verb token then click Add to add the verb token to the Expressi...

Page 378: ...n click the Edit the Arguments icon Add Association page 421 Add Destination Attribute Value page 422 Add Destination Object page 423 Add Source Attribute Value page 424 Append XML Text page 427 Clear...

Page 379: ...stination Attribute Value page 454 when the selected object is DN or Association and Enter Value Type is not structured Set Destination Password page 455 Set Local Variable page 456 Set Operation Asso...

Page 380: ...select the Given Name attribute 3 Double click Substring from the list of verbs 4 Type 1 in the Length field 5 Select the Given Name attribute then click the Move Down icon 6 Double click Attribute fr...

Page 381: ...click the Edit components icon Add Destination Attribute Value page 422 Add Source Attribute Value page 424 Reformat Operation Attribute Value page 444 Remove Destination Attribute Value page 446 Remo...

Page 382: ...OR Conditions AND Groups AND Conditions OR Groups Section 16 5 1 Creating a Condition on page 382 Section 16 5 2 Additional Options for the Condition Builder on page 382 16 5 1 Creating a Condition 1...

Page 383: ...n to see information specific to that condition For additional information on the Condition Builder and the rules see Section 3 4 Creating a Rule on page 28 16 6 Condition Argument Component Builder T...

Page 384: ...objects Select from entry subordinates or subtree 3 Specify the DN of the starting point for the search 4 Click the Edit match attributes icon to launch the Match Attribute Builder 5 Click the Browse...

Page 385: ...se values from current object There are multiple value types to specify counter dn int interval octet state string structured teleNumber time To use the another value 1 Launch the Match Attribute Buil...

Page 386: ...h For a Send Email action the named strings correspond to the elements of the e mail A complete list of possible values is contained in the help file corresponding to the action that launches the Name...

Page 387: ...3 May 2009 Figure 16 6 Unique Name Token in the Argument Builder 1 Click the Edit patterns icon to launch the Pattern Builder 2 Specify the pattern or click the Edit the arguments icon to use the Argu...

Page 388: ...4 Create the value of the action component You can type the value or click the Edit the arguments icon to create the value in the Argument Builder 5 Click Finish 16 11 Namespace Editor The Policy Bui...

Page 389: ...sor html com novell nds dirxml driver XdsCommandProcessor http developer novell com documentation dirxml dirxmlbk api com novell nds dirxml driver XdsCommandProcessor html com novell nds dirxml driver...

Page 390: ...390 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 391: ...CNF or DNF evaluates to True or when no conditions are specified This section contains detailed information about all conditions that are available through the pre Identity Manager 3 5 Policy Builder...

Page 392: ...Equal Not Equal Operator Returns True when Associated There is an established association for the current object Not Association There is not an established association for the current object Availab...

Page 393: ...rison is done Operator Returns True when Available There is a value available in either the current operation or the source data store for the specified attribute Not Available Available would return...

Page 394: ...ter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for the des...

Page 395: ...pecified value when compared by using the specified comparison mode Not Equal Equal would return False Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive...

Page 396: ...396 Policies in Designer 3 5 novdocx en 13 May 2009 The operators that contain the comparison mode parameter are Equal Not Equal...

Page 397: ...specified attribute Not Available Available would return False Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared...

Page 398: ...Not Equal Destination DN Compares by using semantics appropriate to the DN format for the destination data store Numeric Compares numerically Binary Compares the binary information Structured Compares...

Page 399: ...turn False Equal There is a destination DN available and it equals the specified value when compared by using semantics appropriate to the DN format of the destination data store Not Equal Equal would...

Page 400: ...would return False Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared by using the specified comparison mode Not...

Page 401: ...comparison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site http java sun com j2...

Page 402: ...ct operator The value is used by the condition The operators that contain the value field are Equal Not Equal Comparison Mode The condition has a comparison mode parameter that indicates how a compari...

Page 403: ...Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pattern options CASE_INSENSITIVE DOTALL and UNICODE_CASE are used but can be reversed by using the appropriate embe...

Page 404: ...tor Returns True when Available There is a local variable with the specified name that has been defined by an action of a earlier rule within the policy Not Available Available would return False Equa...

Page 405: ...parameter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for t...

Page 406: ...ation with the specified name The test performed depends on the selected operator Fields Name Specify the name of the named password to test for the selected condition Operator Select the condition te...

Page 407: ...Equal There is a value available in the current operation other than a remove value for the specified attribute It equals the specified value when compared by using the specified comparison mode Not E...

Page 408: ...on matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The p...

Page 409: ...as a comparison mode parameter that indicates how a comparison is done Operator Returns True when Available There is an operation property with the specified name on the current operation Not Availabl...

Page 410: ...ter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for the des...

Page 411: ...ators that contain the value field are Equal Not Equal The values are the operations that the Metadirectory engine looks for add add association check object password check password delete get named p...

Page 412: ...case insensitive comparison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site htt...

Page 413: ...s a test on a password in the current operation The test performed depends on the specified operator Fields Operator Select the condition test type Operator Returns True when Available There is a pass...

Page 414: ...for the specified attribute Not Available Available would return False Equal There is a value available in the source data store for the specified attribute It equals the specified value when compared...

Page 415: ...qual Not Equal Destination DN Compares by using semantics appropriate to the DN format for the destination data store Numeric Compares numerically Binary Compares the binary information Structured Com...

Page 416: ...e when Available There is a source DN available Not Available Available would return False Equal There is a source DN available and it equals the content of the specified value in container Not Equal...

Page 417: ...ng an XPath 1 0 expression Fields Operator Select the condition test type Remarks For more information on using XPath expressions with policies see XPath 1 0 Expressions in Understanding Policies for...

Page 418: ...418 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 419: ...lement on page 426 Append XML Text on page 427 Break on page 428 Clear Destination Attribute Value on page 429 Clear Operation Property on page 430 Clear Source Attribute Value on page 431 Clear SSO C...

Page 420: ...on page 458 Set Operation Destination DN on page 459 Set Operation Property on page 460 Set Operation Source DN on page 461 Set Operation Template DN on page 462 Set Source Attribute Value on page 46...

Page 421: ...ssociation to the Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store DN Specify the DN of...

Page 422: ...object Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object type This object can...

Page 423: ...ne in subsequent Add Destination Attribute Value actions using the same DN Fields Class Name Specify the class name of the object to be created Mode Select whether this action should be added to befor...

Page 424: ...ct Leave the field blank to use the class name from the current object Object Select the target object type This object can be the current object or can be specified by a DN or an association DN Speci...

Page 425: ...source data store with the name and location provided in the DN field Any attribute values to be added as part of the object creation must be done in subsequent Add Source Attribute Value actions usin...

Page 426: ...e tag name of the XML element This name can contain a namespace prefix if the prefix has been previously defined in this policy XPath Expression Specify an XPath 1 0 expression that returns a node set...

Page 427: ...expression Fields XPath Expression Specify the XPath 1 0 expression that returns a node set containing the elements to which the new elements should be appended String Specify the text to be appended...

Page 428: ...428 Policies in Designer 3 5 novdocx en 13 May 2009 Break Ends processing of the current operation by the current policy Fields There are no fields for the Break action...

Page 429: ...tional Specify the class name of the target object Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after the current op...

Page 430: ...ty with the provided name from the current operation The operation property is the XML attribute attached to an operation data element by a policy An XML attribute is a name value pair associated with...

Page 431: ...e Class Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object This value might be required for schema map purposes if the object...

Page 432: ...al repository and application for which the credential is targeted For more information see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the D...

Page 433: ...ource XPath Expression Specify the XPath 1 0 expression that returns a node set containing the nodes to be copied Destination XPath Expression Specify the XPath 1 0 expression that returns a node set...

Page 434: ...ttribute Copies all occurrences of an attribute within the current operation to a different attribute within the current operation Fields Source Name Specify the name of the attribute to be copied fro...

Page 435: ...hether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object type to delete in the destination data sto...

Page 436: ...Deletes an object in the source data store Fields Object Select the target object type to delete in the source data store This object can be the current object or can be specified by a DN or an associ...

Page 437: ...he current operation for each successful match that is returned No query is performed if the current operation already has a non empty association thus allowing multiple find matching object actions t...

Page 438: ...t Remarks The current node is a different value for each iteration of the actions if a local variable is used If the current node in the node set is an entitlement element then the actions are marked...

Page 439: ...that can cause parts of the Metadirectory engine or driver to malfunction log error Events describing errors that can be handled by the Metadirectory engine or driver log warning Negative events not...

Page 440: ...256 bytes and the data field can contain up to 3 KB of information unless a larger data field is enabled in your environment text2 Text entered here is stored in the text2 event field text3 Text ente...

Page 441: ...ions that implement an entitlement so that the status of those entitlements can be reported to the agent that granted or revoked the entitlement Fields Node Set Node set containing the entitlement bei...

Page 442: ...he current operation or written directly to the destination data store Object to Move Select the object to be moved This object can be the current object or can be specified by a DN or an association...

Page 443: ...n object in the source data store Fields Object to Move Select the object to be moved This object can be the current object or it can be specified by a DN or an association Select Container Select the...

Page 444: ...peration by using a pattern Fields Name Specify the name of the attribute Value Type Specify the syntax of the new attribute value Value Specify a value to use as a pattern for the new format of the a...

Page 445: ...iation Sends a remove association command to the Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination d...

Page 446: ...e of the target object Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after the current operation or written directly...

Page 447: ...me Specify the name of the attribute Class Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object Object Select the target object...

Page 448: ...data store Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object This object...

Page 449: ...ons 449 novdocx en 13 May 2009 Rename Operation Attribute Renames all occurrences of an attribute within the current operation Fields Source Name Specify the original attribute name Destination Name S...

Page 450: ...ay 2009 Rename Source Object Renames an object in the source data store Fields Select Object Select the target object This object can be the current object or can be specified by a DN or an associatio...

Page 451: ...e Strings Specify the values containing the various e mail addresses subject and message The following table lists valid named string arguments String Name Description to Adds the address to the list...

Page 452: ...ww novell com documentation idm35 index html Strings Specify additional fields for the e mail message The following table contains reserved field names which specify the various e mail addresses Each...

Page 453: ...the current object in the source data store if no values for that attribute already exist It is only valid when the current operation is Add Fields Attribute Name Specify the name of the default attri...

Page 454: ...he class name of the target object in the destination data store Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after...

Page 455: ...estination Password Sets the password for an object in the destination data store Fields Mode Select whether this action should be added to before or after the current operation or written directly to...

Page 456: ...pecified the XPath 1 0 Node Set specified or the Java Object specified Fields Variable Name Specify the name of the new local variable Variable Type Select the type of local variable This can be a str...

Page 457: ...Pre Identity Manager 3 5 Actions 457 novdocx en 13 May 2009 Set Operation Association Sets the association value for the current operation Fields Association Specify the new association value...

Page 458: ...458 Policies in Designer 3 5 novdocx en 13 May 2009 Set Operation Class Name Sets the object class name for the current operation Fields String Specify the new class name...

Page 459: ...Pre Identity Manager 3 5 Actions 459 novdocx en 13 May 2009 Set Operation Destination DN Sets the destination DN for the current operation Fields DN Specify the new destination DN...

Page 460: ...An operation property is a named value that is stored within an operation It is typically used to supply additional context that might be needed by the policy that handles the results of an operation...

Page 461: ...Pre Identity Manager 3 5 Actions 461 novdocx en 13 May 2009 Set Operation Source DN Sets the source DN for the current operation Fields DN Specify the new source DN...

Page 462: ...ner 3 5 novdocx en 13 May 2009 Set Operation Template DN Sets the template DN for the current operation to the specified value This action is only valid when the current operation is Add Fields DN Spe...

Page 463: ...ibute Name Specify the name of the attribute Class Name Optional Specify the class name of the target object in the source data store Leave the field blank to use the class name from the current objec...

Page 464: ...464 Policies in Designer 3 5 novdocx en 13 May 2009 Set Source Password Sets the password for an object in the source data store Fields String Specify the password to be set...

Page 465: ...see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository object Target User DN Specify the DN of the target users Application...

Page 466: ...art of the Credential Provisioning policies For more information see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository obj...

Page 467: ...me can contain a namespace prefix if the prefix has been previously defined in this policy XPath Expression XPath 1 0 expression that returns a node set containing the elements on which the XML attrib...

Page 468: ...e by using the Argument Builder Remarks If level is retry then the policy immediately stops processing the input document and schedules a retry of the event currently being processed If the level is f...

Page 469: ...entity Manager 3 5 Actions 469 novdocx en 13 May 2009 Strip Operation Attribute Strips all occurrences of an attribute from the current operation Fields Name Specify the name of the attribute to be st...

Page 470: ...n XPath 1 0 expression Fields XPath Expression Specify the XPath 1 0 expression that returns a node set containing the nodes to be stripped Remarks For more information on by using XPath expressions w...

Page 471: ...The message only appears if the specified trace level is less than or equal to the trace level configured in the driver For information on how to set the trace level on the driver see Viewing Identit...

Page 472: ...472 Policies in Designer 3 5 novdocx en 13 May 2009 Veto Vetoes the current operation Fields There are no fields...

Page 473: ...May 2009 Veto If Operation Attribute Not Available Conditionally cancels the current operation and ends processing of the current policy based on the availability of an attribute in the current opera...

Page 474: ...474 Policies in Designer 3 5 novdocx en 13 May 2009...

Page 475: ...476 Association on page 477 Attribute on page 478 Class Name on page 479 Destination Attribute on page 480 Destination DN on page 481 Destination Name on page 482 Entitlement on page 483 Global Confi...

Page 476: ...ed in the current operation Fields Name Name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the values for...

Page 477: ...Pre Identity Manager 3 5 Noun Tokens 477 novdocx en 13 May 2009 Association Expands to the association value from the current operation Fields There are no fields...

Page 478: ...of the operation attribute token and the source attribute token It does not include the removed values from a Modify operation Fields Name Specify the name of the attribute Remarks If the token is use...

Page 479: ...Pre Identity Manager 3 5 Noun Tokens 479 novdocx en 13 May 2009 Class Name Expands to the object class name from the current operation Fields There are no fields...

Page 480: ...name of the target object Leave the field blank to use the class name from the current object Select Object Select Current Object DN or Association Remarks If the token is used in a context where a no...

Page 481: ...Positive indexes are an offset from the root most RDN Index 1 is the leaf most segment Negative indexes are an offset from the leaf most RDN towards the root most RDN Length Specify the number of RDN...

Page 482: ...licies in Designer 3 5 novdocx en 13 May 2009 Destination Name Expands to the unqualified Relative Distinguished Name RDN of the destination DN specified in the current operation Fields There are no f...

Page 483: ...ement from the current object Fields Name Name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the values fo...

Page 484: ...484 Policies in Designer 3 5 novdocx en 13 May 2009 Global Configuration Value Expands to the value of a global configuration variable Fields Name Name of the global configuration value...

Page 485: ...Pre Identity Manager 3 5 Noun Tokens 485 novdocx en 13 May 2009 Local Variable Expands to the value of a local variable Fields Name Specify the name of the local variable...

Page 486: ...486 Policies in Designer 3 5 novdocx en 13 May 2009 Named Password Expands to the Named Password from the driver Fields Name Specify the Named Password...

Page 487: ...Pre Identity Manager 3 5 Noun Tokens 487 novdocx en 13 May 2009 Operation Expands to the name of the current operation Fields There are no fields...

Page 488: ...er 3 5 novdocx en 13 May 2009 Operation Attribute Expands to the value of an attribute from the current operation It does not include the removed values from a modify operation Fields Name Specify the...

Page 489: ...ty Manager 3 5 Noun Tokens 489 novdocx en 13 May 2009 Operation Property Expands to the value of the specified operation property on the current operation Fields Name Specify the name of the operation...

Page 490: ...490 Policies in Designer 3 5 novdocx en 13 May 2009 Password Expands to the password specified in the current operation Fields There are no fields...

Page 491: ...operation It applies only to a Modify operation Fields Name Specify the name of the attribute to remove Remarks If the token is used in a context where a node set is expected the token expands to a no...

Page 492: ...in the current operation Fields Name Specify the name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the v...

Page 493: ...blank to use the class name from the current object Name Name of the attribute Object Select the source object This object can be the current object or can be specified by a DN or an association Rema...

Page 494: ...e indexes are an offset from the root most RDN Index 1 is the leaf most segment Negative indexes are an offset from the leaf most RDN towards the root most RDN Length Number of RDN segments to include...

Page 495: ...ntity Manager 3 5 Noun Tokens 495 novdocx en 13 May 2009 Source Name Expands to the unqualified relative distinguished name RDN of the source DN specified in the current operation Fields There are no...

Page 496: ...496 Policies in Designer 3 5 novdocx en 13 May 2009 Text Expands to the text Fields Text Specify the text...

Page 497: ...stination data store using the arg dn element or the arg association element as the base of the query and scope as the scope of the query If the destination data store is the Identity Vault and name i...

Page 498: ...cated by the counter pattern then the pattern is tested with a counter otherwise it is tested without a counter If no unique name has been found after the patterns have been exhausted and counter use...

Page 499: ...f the source DN in the current operation that corresponds to the part of the DN that was not matched by the most recent match of an If Source DN condition Fields Convert Select whether or not to conve...

Page 500: ...Expands to the results of evaluating an XPath 1 0 expression Fields Expression XPath 1 0 expression to evaluate Remarks For more information on using XPath expressions with policies see XPath 1 0 Expr...

Page 501: ...that are subordinate to them This section contains detailed information about all verbs that are available through the pre Identity Manager Policy Builder interface Escape Destination DN on page 502...

Page 502: ...502 Policies in Designer 3 5 novdocx en 13 May 2009 Escape Destination DN Escapes the enclosed tokens according to the rules of the DN format of the destination data store Fields There are no fields...

Page 503: ...Pre Identity Manager 3 5 Verb Tokens 503 novdocx en 13 May 2009 Escape Source DN Escapes the enclosed tokens according to the rules of the DN format of the source data store Fields There are no fields...

Page 504: ...504 Policies in Designer 3 5 novdocx en 13 May 2009 Lowercase Converts the characters in the enclosed tokens to lowercase Fields There are no fields...

Page 505: ...DN Source DN Delimiter Specify the custom source DN delimiter set if Source DN Format is set to custom Destination DN Delimiter Specify the custom destination DN delimiter set if Destination DN Format...

Page 506: ...and Relative RDN Delimiter are the same character the orientation of the name is root right otherwise the orientation is root left If there are more than eight characters in the delimiter set the extr...

Page 507: ...replaced Replace With Specify the replacement string Remarks For details on creating regular expressions see Sun s Java Web site http java sun com j2se 1 4 docs api java util regex Pattern html Sun s...

Page 508: ...marks The matching instance is replaced by the string specified in the Replace with field For details on creating regular expressions see Sun s Java Web site http java sun com j2se 1 4 docs api java u...

Page 509: ...last character toward the start of the string For example if the start is specified as 2 then it starts reading at the first character from the end If 3 is specified then is starts 2 characters from t...

Page 510: ...510 Policies in Designer 3 5 novdocx en 13 May 2009 Uppercase Converts the characters in the enclosed tokens to uppercase Fields There are no fields...

Reviews:

No comments