Novell Designer for Identity Manager 3.5 Скачать руководство пользователя страница 373 | Manualshive

Страница: 373 / 510

Novell Designer for Identity Manager 3.5 Скачать руководство пользователя страница 373

Verb Tokens

373

no

vd

ocx

(e

n)

13

Ma
y 20

09

XML Parse

Parses the result of the enclosed tokens as XML and returns the resulting document node in a node
set. If the result of the enclosed tokens is not well-formed XML or cannot be parsed for any reason,
an empty node set is returned.

Example

«
...
371
372
373
374
375
...
»

Содержание Designer for Identity Manager 3.5

Страница 1: ...Novell www novell com novdocx en 13 May 2009 AUTHORIZED DOCUMENTATION Policies in Designer 3 5 Designer for Identity Manager 3 5 September 18 2009 Policies in Designer 3 5...

Страница 2: ...t or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nuc...

Страница 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the proper...

Страница 4: ...4 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 5: ...ng an Argument 33 3 6 Variable Selector 35 3 6 1 Dynamic Variable Expansion 36 3 6 2 Accessing the Variable Selector From the Conditions Tab 36 3 6 3 Accessing the Variable Selector From the Actions T...

Страница 6: ...he Schema Map Editor 78 6 1 2 Navigating the Schema Map Editor 79 6 1 3 Understanding the Schema Map Editor Toolbar 80 6 2 Editing a Schema Map Policy 81 6 2 1 Adding or Deleting Classes and Attribute...

Страница 7: ...ating a Policy 114 8 3 2 Importing the Predefined Rule 115 8 3 3 How the Rule Works 116 8 4 Creation Publisher Use Template 116 8 4 1 Creating a Policy 116 8 4 2 Importing the Predefined Rule 117 8 4...

Страница 8: ...1 Creating a Policy 136 8 16 2 Importing the Predefined Rule 137 8 16 3 How the Rule Works 137 8 17 Placement Subscriber Flat LDAP Format 138 8 17 1 Creating a Policy 138 8 17 2 Importing the Predefin...

Страница 9: ...4 Application Objects 171 10 5 Repository Objects 171 10 6 Library Objects 171 10 6 1 Creating Library Objects 172 10 6 2 Adding Policies to the Library Objects 172 10 6 3 Using Policies in the Librar...

Страница 10: ...eration Attribute 254 Delete Destination Object 255 Delete Source Object 256 Find Matching Object 257 For Each 260 Generate Event 261 If 264 Implement Entitlement 266 Move Destination Object 267 Move...

Страница 11: ...t 314 Added Entitlement 316 Association 317 Attribute 318 Character 319 Class Name 320 Destination Attribute 321 Destination DN 323 Destination Name 325 Document 326 Entitlement 327 Generate Password...

Страница 12: ...onent Builder 381 16 5 Condition Builder 382 16 5 1 Creating a Condition 382 16 5 2 Additional Options for the Condition Builder 382 16 6 Condition Argument Component Builder 383 16 7 Match Attribute...

Страница 13: ...Entitlement 441 Move Destination Object 442 Move Source Object 443 Reformat Operation Attribute Value 444 Remove Association 445 Remove Destination Attribute Value 446 Remove Source Attribute Value 4...

Страница 14: ...n Name 482 Entitlement 483 Global Configuration Value 484 Local Variable 485 Named Password 486 Operation 487 Operation Attribute 488 Operation Property 489 Password 490 Removed Attribute 491 Removed...

Страница 15: ...Additional Builders and Editors on page 45 Chapter 5 Using the XPath Builder on page 71 Chapter 6 Defining Schema Map Policies on page 77 Chapter 7 Controlling the Flow of Objects with the Filter on...

Страница 16: ...s see the Identity Manager Drivers Documentation Web site http www novell com documentation idm36drivers index html For documentation on using Designer see the Designer 3 0 for Identity Manager 3 6 1...

Страница 17: ...ation in Resource Objects on page 169 Chapter 11 Using ECMAScript in Policies on page 175 This section also contains a detailed reference section to all of the elements in DirXML Script For more infor...

Страница 18: ...icy operates on an XDS document and its primary purpose is to examine and modify that document An operation is any element in the XDS document that is a child of the input element and the output eleme...

Страница 19: ...hapter 3 Managing Policies with the Policy Builder on page 21 which documents the Identity Manager 3 5 and Newer Policy Builder The only difference is an additional icon that enables and disables trac...

Страница 20: ...20 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 21: ...newer and an older one that does not support these features The Policy Builder version is determined by the version of Identity Manager To set the version of Identity Manager 1 Open a project in Desi...

Страница 22: ...n select the policy you want to edit 3 1 3 Policy Set 1 Open a project in Designer 2 Click the Outline view then select the Show Model Outline icon 3 Select the policy in the policy set then click Edi...

Страница 23: ...tion Builder on page 45 and the Condition Builder on page 52 The following tips describe how to perform some common Policy Builder tasks Table 3 1 Common Policy Builder Tasks Tasks Description Disable...

Страница 24: ...he Identity Vault Compare Compares the policy in the Policy Builder to an existing policy in the Identity Vault Policy Simulator Launches the Policy Simulator and tests the policies in the Policy Buil...

Страница 25: ...on the toolbar are enabled or disabled depending upon the item you have selected The different icons are described below Table 3 2 Policy Set Toolbar Keyboard Support You can move through the policy s...

Страница 26: ...Next You can also add a policy by right clicking a policy set in the Policy Flow view selecting Add Policy then selecting how to create the policy DirXML Script XSLT Link To Existing Copy Existing Sc...

Страница 27: ...er You can change this setting if you want to create policies in a different container For example you can set up a policy library put all of the common policies under this driver and then simply refe...

Страница 28: ...reference can be to any existing policy within the current Identity Vault It doesn t need to be contained within the current Driver object but the policy type must be valid for the policy set that it...

Страница 29: ...e a rule with the details you have specified to that point 1 In Policy Builder toolbar click Rule 2 In the Name and Describe Rule dialog box specify the name of the rule then click Next 3 In the Selec...

Страница 30: ...click Finish to create the rule You can expand or collapse the view of the rule by clicking the plus or minus sign Creating a Conditional Group 1 In the Policy Builder right click the Conditions tab...

Страница 31: ...nsert Action Before or Insert Action After 3 4 2 Using Predefined Rules Designer includes a list of predefined rules You can import and use these rules as well as create your own rules 1 Right click i...

Страница 32: ...d with the path to the policy Click OK The rule is a link to the original rule You cannot edit the rule in this location Access the original rule to make changes 3 4 4 Importing a Policy From an XML F...

Страница 33: ...ents are dynamically used by actions and are derived from tokens that are expanded at run time Tokens are broken up into two classifications nouns and verbs Noun tokens expand to values that are deriv...

Страница 34: ...nt set to an attribute value you select the attribute noun then select the attribute name 1 Double click Attribute in the list of noun tokens to add it to the Expression pane 2 Browse to and select th...

Страница 35: ...next operation is performed See Noun Tokens on page 313 and Verb Tokens on page 353 for a detailed reference on the noun and verb tokens See Argument Builder on page 47 for more information on the Ar...

Страница 36: ...L name see W3C Extensible Markup Language XML http www w3 org TR 2006 REC xml11 20060816 sec suggested names If the given variable does not exist the reference is replaced with the empty string Where...

Страница 37: ...dd Role page 240 Add Source Attribute Value page 242 Add Source Object page 243 Append XML Element page 244 Append XML Text page 246 Clear Destination Attribute Value page 249 Clear Source Attribute V...

Страница 38: ...variable 4 Select the variable then click OK 3 6 4 Accessing the Variable Selector From the Argument Builder 1 In the Argument Builder select one of the following noun tokens from the Nouns section T...

Страница 39: ...Actions tab 2 In the Do field select the clone by XPath expressions option 3 After the Specify source XPath expression field click the Launch variable browser icon 4 Select an item and click OK Only o...

Страница 40: ...e Imports a policy from the file system and appends it to the policy or replaces all the rules of the policy Launch Policy Simulator Launches the Policy Simulator Move and drop Enables you to select a...

Страница 41: ...y in the Policy Name field 4 Click OK 3 7 4 Saving Your Work Do one of the following From the main menu click File Save or Save All Close the editor by clicking the X in the editor s tab Select Close...

Страница 42: ...of the policy 3 Save the policy by pressing Ctrl S To add a description to a rule 1 Double click the name of the rule 2 Specify a description of the rule in the Description field 3 Save the rule by p...

Страница 43: ...Managing Policies with the Policy Builder 43 novdocx en 13 May 2009 Figure 3 3 View Policy in XML...

Страница 44: ...44 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 45: ...tribute Builder on page 55 Section 4 7 Action Argument Component Builder on page 57 Section 4 8 Argument Value List Builder on page 58 Section 4 9 Named String Builder on page 58 Section 4 10 Conditio...

Страница 46: ...age 260 Implement Entitlement page 266 If page 264 While page 312 Option Description New Insert Action Before Adds a new action before the current action New Insert Action After Adds a new action afte...

Страница 47: ...f the add destination attribute value click the Edit the actions icon This launches the Actions Builder In the Actions Builder you define the desired action In the following example the member attribu...

Страница 48: ...on page 353 for more information Description Contains a brief description of the selected noun or verb token Click the Help icon to launch additional help Expression Contains the argument that is bei...

Страница 49: ...m the Clipboard into the Argument Builder Move Up Moves the selected token up Move Down Moves the selected token down Help Launches the help Append noun Appends a noun token to the end of the argument...

Страница 50: ...ge 276 Rename Destination Object page 277 when the selected object is DN or Association and Enter String Rename Source Object page 279 when the selected object is DN or Association and Enter String Se...

Страница 51: ...tes or launch the variable browser For more information on the variable browser see Section 3 6 Variable Selector on page 35 3 Double click Substring from the list of verbs 4 Type 1 in the Length fiel...

Страница 52: ...of condition groups The two condition structures are OR Conditions AND Groups AND Conditions OR Groups To create and customize a condition see the following sections Section 4 4 1 Creating a Condition...

Страница 53: ...k OK Option Description New Insert Condition Before Adds a condition before the current condition New Insert Condition After Adds a condition after the current condition Edit Launches the Condition Bu...

Страница 54: ...condition in the condition group Expand All Conditions Expands all conditions that are part of the selected condition group Collapse All Conditions Collapses all conditions that are part of the selec...

Страница 55: ...nd a location 1 Select the action of find matching object 2 Select the scope of the search for the matching objects Select from entry subordinates or subtree 3 Specify the DN of the starting point for...

Страница 56: ...Vault schema or the connected system schema 7 Click Finish The Match Attribute Builder also allows you to specify another value instead of using the value from the current object To use another value...

Страница 57: ...e Value page 236 Add Source Attribute Value page 242 Reformat Operation Attribute page 270 Remove Destination Attribute Value page 273 Remove Source Attribute Value page 276 Set Destination Attribute...

Страница 58: ...ult Attribute Value 1 Select the type of the value counter dn int interval octet state string structured teleNumber time 2 Create the value of the list You can type the value or click the Edit the arg...

Страница 59: ...rgument Builder 3 Click Finish For a Send Email action the named strings correspond to the elements of the e mail A complete list of possible values is contained in the help file corresponding to the...

Страница 60: ...condition component 2 Click Finish 4 11 Pattern Builder You can launch the Pattern Builder from the Argument Builder editor when the Unique Name page 348 token is selected The Argument Builder editor...

Страница 61: ...t patterns icon to launch the Pattern Builder 2 Specify the pattern or click the Edit the arguments icon to use the Argument Builder to create the pattern 3 Click Finish 4 12 String Builder The String...

Страница 62: ...tion 4 14 Mapping Table Editor The Mapping Table editor allows you to create edit and manage mapping table objects A mapping table object is used by a policy to map a set of values to another set of c...

Страница 63: ...onflict message click Yes to save the project before opening the Mapping Table editor 4 In the Mapping Table editor select column_new 1 5 Specify a column name and data type then click Close Column na...

Страница 64: ...page 64 4 14 2 Adding a Mapping Table Object to a Policy 1 Either create a policy to use the mapping table in or select an existing policy to edit 2 Launch the Argument Builder in the Policy Builder...

Страница 65: ...ny manner at this point In this example the OU attribute is populated with the value derived from the mapping table 4 14 3 Editing a Mapping Table Object Designer provides the following options to edi...

Страница 66: ...is ready to export select Export To CSV File Delete Column Deletes a column from the mapping table Delete Row Deletes a row from the mapping table Move Row Up Moves the selected row up in the mapping...

Страница 67: ...pping table For more information see Chapter 9 Testing Policies with the Policy Simulator on page 145 4 15 Namespace Editor The Policy Builder enables you to use multiple XML namespaces within your XM...

Страница 68: ...ing links open Javadoc references for these Java classes com novell nds dirxml driver XdsQueryProcessor http developer novell com documentation dirxml dirxmlbk api com novell nds dirxml driver XdsQuer...

Страница 69: ...is defined for a specific policy or it is defined for a driver If a local variable scope is set to driver then any policy in the driver can use this variable The Policy Builder contains a Local Varia...

Страница 70: ...s any local variables with a scope of driver Error Variables Lists local variables that are set if an error is encountered during the execution of the policy that contains the following actions Clear...

Страница 71: ...information about XPath expression see XPath 1 0 Expressions in Understanding Policies for Identity Manager 3 6 Figure 5 1 XPath Builder To use the XPath Builder 1 In the Policy Builder select any of...

Страница 72: ...ailable events Each event has different files you can select For example if you select Add you have three options Organization xml OrganizationalUnit xml and User xml The file indicates the event If y...

Страница 73: ...to see the XDS document without scrolling click the Hide XPath Details icon To see the XPath Expression and Results windows click Show XPath Details icon 5 Select the current position in the document...

Страница 74: ...XPath expression In this example the XPath expression is nds input add It searches the entire XML document for each instance of add Unique searches the XML document until it finds a match and then sto...

Страница 75: ...the Results text area below If the XPath editor does not evaluate the expression click the Evaluate XPath expression icon to force the XPath Builder to evaluate the expression 8 Optional Click the EC...

Страница 76: ...76 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 77: ...ditor is for creating and managing schema map policies If you want to manage the actual schema on the Identity Vault or Application use the Manage Schema tool which is accessible by clicking the pull...

Страница 78: ...open the Schema Map editor from the Outline view 1 In an open project click the Outline tab 2 Click Show Model Outline 3 Expand the driver where you want to manage the schema map policy 4 Double clic...

Страница 79: ...tes alphabetically ascending or descending To do so click either the gray Identity Vault header or the gray application datastore header that appears above the list of mapped classes If you first sele...

Страница 80: ...om which you can add additional attributes to an existing Application class in the schema map For more information see Adding an Application Class or Attribute on page 83 Insert Class Row adds an empt...

Страница 81: ...ects with the Filter on page 93 Adding an Identity Vault Class or Attribute on page 81 Adding an Application Class or Attribute on page 83 Adding a Non class specific Attribute Mapping on page 84 Dele...

Страница 82: ...ttributes page select a class and the relevant class attributes to add to the schema map then click OK Use Shift click and Ctrl click to select multiple attributes if desired 3 In the Schema Map Edito...

Страница 83: ...itional Application attributes to an existing class mapping IMPORTANT To view an application s schema classes and attributes the driver must be able to retrieve the schema information from a live appl...

Страница 84: ...e you added to the schema map then specify the appropriate Identity Vault attribute to which you want to map it You can either select the attribute from the drop down list or type it in the field manu...

Страница 85: ...Select the classes or attributes you want to remove then click Delete in the Schema Map editor toolbar Select the classes or attributes you want to remove then press the Delete key You can also delete...

Страница 86: ...entity Vault schema click the pull down menu then select Manage Identity Vault Schema This opens the Manage Schema tool and displays information about the classes and attributes in the Identity Vault...

Страница 87: ...hema Map Policy The Exported policies which were saved as XML files on the file system can be re imported to the Schema Map editor This functionality saves you the effort of redoing the class or attri...

Страница 88: ...the Schema Map policy as a xml file Simulate Tests the Schema Map policy For more information see Section 6 3 Testing Schema Map Policies on page 86 Export to Configuration File Saves the Schema Map p...

Страница 89: ...olicies and Schema Items from the Identity Vault in the Designer 3 0 1 for Identity Manager 3 6 Administration Guide Live Deploy Deploys the selected Schema Map policy into the Identity Vault For more...

Страница 90: ...all policies in the selected policy set Remove All Set Policies Removes all policies from the selected policy set but does not delete the existing policies Option Description Edit Launches the Schema...

Страница 91: ...oys the Schema Map policy into the Identity Vault Live Compare Compares the Schema Map policy in Designer to the Schema Map policy in the Identity Vault Delete Deletes the selected Schema Map policy P...

Страница 92: ...92 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 93: ...d system can receive the changes or just be notified that a change has occurred Designer displays this information in the Policy Flow view as Sync and Notify filters If a filter is set to Sync then th...

Страница 94: ...ilter editor allows you to edit filter policies This section includes the following topics Section 7 1 1 Accessing the Filter Editor on page 94 Section 7 1 2 Navigating the Filter Editor on page 96 Se...

Страница 95: ...of Objects with the Filter 95 novdocx en 13 May 2009 3 Double click the Filter object or right click it and select Edit to launch the Filter editor Policy Flow View 1 In the Outline view select the S...

Страница 96: ...r Right click and select Edit Policy Filter to launch the Filter editor Policy Set View 1 Double click the filter object in the Policy Set view 7 1 2 Navigating the Filter Editor The Filter Editor use...

Страница 97: ...the selected items Esc Exits the edit mode Ctrl A Selects all classes and attributes in the Filter editor Tool Description Add Attributes opens the Schema Browser so you can select attributes from the...

Страница 98: ...ractice is to completely remove the class or the attribute from the filter To remove attributes and classes from the filter do one of the following Right click the class or attribute you want to remov...

Страница 99: ...om another driver and use it in the driver you are currently working with 1 Click Copy an Existing Filter You can also right click in the Filter editor then select Copy an Existing Filter 2 Browse to...

Страница 100: ...3 5 novdocx en 13 May 2009 2 Change the filter settings for the selected class See Table 7 2 on page 101 for information on each of the class settings available in the Filter Editor 3 In the Filter Ed...

Страница 101: ...from the Identity Vault into the connected system Ignore Does not synchronize the class from the Identity Vault into the connected system Create Home Directory Create Home Directory allows you to cre...

Страница 102: ...l system and sent to the HR database the filter sends the information from the HR database back to the e mail system and the employee s address is not changed Subscribe Synchronize Changes to this obj...

Страница 103: ...dd to the single side This is always valid behavior Identity Vault Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publishe...

Страница 104: ...ort Filter 2 In the Export Filter dialog box specify a file name and location for the XML filter file then click Save 7 4 2 Importing a Filter File 1 Select Import Filter 2 In the Import Filter File d...

Страница 105: ...tion Guide 3 In the Deployment Results page click OK The Deployments Results page notes any errors or warnings that occurred during the deployment process 7 8 Additional Filter Options When you right...

Страница 106: ...ing the Filter on page 98 Save As Saves the selected Policy Set as a xml file Simulate Launches the Policy Simulator For more information see Section 7 3 Testing the Filter on page 104 Live Import All...

Страница 107: ...river Restarts the driver Option Description Edit Launches the Filter editor For more information see Section 7 2 Editing the Filter on page 98 Save As Saves the filter as a xml file Simulate Launches...

Страница 108: ...108 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 109: ...Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 Section 8 9 Input or Output Transformation Reformat Telephone Number from nnn nnn nnnn to nnn nnn nnnn on page 124 Section...

Страница 110: ...the predefined rules creating a policy in the Command Transformation policy set and importing the predefined rule If you already have a Command Transformation policy that you want to add this rule to...

Страница 111: ...changes and continue Click Yes The Policy Builder is launched and the new Command Transformation policy is saved 9 Continue with Importing the Predefined Rule 8 1 2 Importing the Predefined Rule 1 Ri...

Страница 112: ...ontainer is set to the destination DN The second local variable is named does target exist The value of does target exist is set to the destination attribute value of objectclass The class is set to O...

Страница 113: ...Flow view select the Publisher channel 2 Select the Command Transformation policy set in the Policy Set view then click Create or add a new policy to the policy set icon to create a new policy 3 Sele...

Страница 114: ...ects to be created unless the required attributes are populated Implement the rule on the Creation policy in the driver You can implement the rule on either the Subscriber or the Publisher channel or...

Страница 115: ...and continue Click Yes The Policy Builder is launched and the new Creation policy is saved 9 Continue with Importing the Predefined Rule 8 3 2 Importing the Predefined Rule 1 Right click in the Policy...

Страница 116: ...he Creation policy set and importing the predefined rule If you already have a Creation policy that you want to add this rule to skip to Importing the Predefined Rule Section 8 4 1 Creating a Policy o...

Страница 117: ...Identity Vault If you have attributes that are the same for different users using the template saves time You fill in the information in the template object and when the User object is created Identi...

Страница 118: ...and select another location to place the policy in the driver 6 Select Open Editor after creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file confl...

Страница 119: ...p 1 on page 118 through Step 11 on page 119 to assign the value to the attribute 8 6 Creation Set Default Password During the creation of user objects this rule sets a default password for user object...

Страница 120: ...r then click New Predefined Rule Insert Predefined Rule Before or Insert Predefined Rule After 2 Select Creation Set Default Password then click OK 3 Expand the predefined rule 4 Save the rule by clic...

Страница 121: ...olicy Flow view select the Publisher or Subscriber channel 2 Select the Event Transformation policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a...

Страница 122: ...ll events that occur in a specific subtree Implement the rule on the Event Transformation policy in the driver You can implement the rule on either the Subscriber or the Publisher channel or on both c...

Страница 123: ...icy Builder is launched and the new Event Transformation policy is saved 9 Continue with Importing the Predefined Rule 8 8 2 Importing the Predefined Rule 1 Right click in the Policy Builder then clic...

Страница 124: ...ut or Output Transformation policy that you want to add this rule to skip to Importing the Predefined Rule Section 8 9 1 Creating a Policy on page 124 Section 8 9 2 Importing the Predefined Rule on pa...

Страница 125: ...e condition that is to be met when the telephone number is reformatted 8 10 Input or Output Transformation Reformat Telephone Number from nnn nnn nnnn to nnn nnn nnnn This rule transforms the format o...

Страница 126: ...7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this item you need to save Do you wish to save the editor s changes an...

Страница 127: ...defined rules creating a policy in the Matching policy set and importing the predefined rule If you already have a Matching policy that you want to add this rule to skip to Importing the Predefined Ru...

Страница 128: ...se of destination hierarchy from the Specify string field 9 Click the Edit the arguments icon to launch the Argument Builder 10 Select Text in the noun list 11 Double click Text to add it to the argum...

Страница 129: ...or the Policy Flow view select the Subscriber channel 2 Select the Matching policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a new policy 3 Cli...

Страница 130: ...k OK 13 Click Finish 14 Save the rule by clicking File Save 8 12 3 How the Rule Works This rule matches for objects in the data store by using the mirrored structure in the Identity Vault from a speci...

Страница 131: ...policy to the Policy Set icon to create a new policy 3 Click Create a new policy then click Next 4 Name the policy 5 Use the default location or browse and select another location to place the policy...

Страница 132: ...e rule by clicking File Save 8 13 3 How the Rule Works This rule matches for User objects by attributes When a User object is synchronized the driver uses the rule to check and see if the specified at...

Страница 133: ...r creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this item you need to save Do you wis...

Страница 134: ...est base unmatched source DN The rule uses the slash format 8 15 Placement Subscriber Mirrored LDAP Format This rule places objects in the data store by using the mirrored structure in the Identity Va...

Страница 135: ...Predefined Rule Before or Insert Predefined Rule After 2 Select Placement Subscriber Mirrored LDAP format then click OK 3 Expand the predefined rule 4 Edit the condition by double clicking the Condit...

Страница 136: ...ved in using the predefined rules creating a policy in the Placement policy set and importing the predefined rule If you already have a Placement policy that you want to add this rule to skip to Impor...

Страница 137: ...Delete Enter DN of destination container from the Specify String field 6 Click the Edit the arguments icon to launch the Argument Builder 7 Select Text in the noun list 8 Double click Text to add it t...

Страница 138: ...2 Select the Placement policy set in Policy Set view then click Create or add a new policy to the Policy Set icon to create a new policy 3 Click Create a new policy then click Next 4 Name the policy...

Страница 139: ...e dest base The rule then sets the destination DN to be uid unique name dest base The uid attribute of the User object is the first two letters of the Given Name attribute plus the Surname attribute i...

Страница 140: ...driver 6 Select Open Editor after creating policy then click Next 7 Select DirXML Script for the type of policy then click Finish 8 A file conflict window appears with the message Before editing this...

Страница 141: ...ent containers depending upon the value that is stored in the OU attribute If a User object needs to be placed and has the OU attribute available then the User object is placed in the dest base value...

Страница 142: ...ne view or the Policy Flow view select the Subscriber channel 2 Select the Placement policy set in the Policy Set view then click Create or add a new policy to the Policy Set icon to create a new poli...

Страница 143: ...per department containers depending upon the value that is stored in the OU attribute If a User object needs to be placed and has the OU attribute available then the User object is placed in the uid u...

Страница 144: ...144 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 145: ...nts that the Metadirectory engine can process XML documents that do not conform to this schema generate errors To verify whether the document conforms to the nds dtd and to find information about why...

Страница 146: ...e Policy Simulator icon in the toolbar of each editor 9 2 Creating an XDS Input Document In order to simulate a policy you must have a valid XDS Input document The policy consumes the input document a...

Страница 147: ...rameters attributes and values XDS Builder saves the parameters and values of the simulator for the current Designer session To make the simulator input available after Designer has been shut down sav...

Страница 148: ...ument files you can use The files are located in the plug in com novell designer idm policy simulation The events are Add Association Delete Instance Modify Move Query Rename and Status 9 2 3 Use an I...

Страница 149: ...connecting to the application in order to capture any error messages NOTE Simulator access to application attributes is based on the rights granted to the application user specified in the driver con...

Страница 150: ...group of policies to simulate with a specific operation Figure 9 2 Simulation Point in the Policy Simulator You can select a Driver object Publisher channel Subscriber channel policy or rule as the s...

Страница 151: ...values for the selected operation Each operation displays different parameters Figure 9 4 Parameters and Values in the XDS Builder The list of parameters for each operation is set and cannot be change...

Страница 152: ...ault browser However the Browse button for all destination parameters such as Destination DN launches the application Browser Editing the Class parameter launches the application class browser when th...

Страница 153: ...Editor to modify the value For more information see Section 9 4 Using the Hex Editor on page 155 Identity Vault Schema When working with Identity Vault attributes with structured values the Simulator...

Страница 154: ...esults of the Modify operation The Policy Simulator allows you to modify the values of the attribute and change the order of events that occur to an attribute When you right click an event in the Attr...

Страница 155: ...h Step 4 6 Click the Data field then specify the XML fragment 7 Click OK to save the information 9 4 Using the Hex Editor The Hex editor allows you to view or edit any attribute values in hex mode For...

Страница 156: ...in the Hex Editor on page 161 Section 9 4 7 Deleting Data in the Hex Editor on page 161 Section 9 4 8 Moving the Cursor in the Hex Editor on page 162 Section 9 4 9 Exporting Data from the Hex Editor o...

Страница 157: ...tes in the Designer 3 0 1 for Identity Manager 3 6 Administration Guide 3 In the Schema Browser select the new attribute then click OK to launch the Hex editor 9 4 2 Importing Data into the Hex Editor...

Страница 158: ...3 5 novdocx en 13 May 2009 2 Specify the amount of data to add in bytes B or kilobytes kB 3 Specify the initial hex value then click OK 9 4 4 Appending Data in the Hex Editor 1 Right click in the Hex...

Страница 159: ...byte in the table if there is no data It is also available when you right click the last byte if there is data 2 Specify the amount of data to append in bytes or kilobytes 3 Specify the initial hex va...

Страница 160: ...is selected the far right column displays the value encoded 2 Select the cell of data to edit then edit the data When a cell is selected the value is displayed in blue 3 Click OK to save the changes T...

Страница 161: ...he last change you had made is undone If you decide you want that change back 1 Right click in the Hex editor then select Redo The change that was undone is now redone 9 4 7 Deleting Data in the Hex E...

Страница 162: ...2 Select whether the address specified in the table is a Decimal or Hexadecimal offset then specify the value 3 Select the mode of moving the cursor Absolute Moves the cursor to the specified offset...

Страница 163: ...a policy 1 In the Policy Simulator after the XDS input document is complete click Next 2 If the policy you are simulating generates a query review the query in the Query tab and model the query respon...

Страница 164: ...For information on using the Parameter table see Section 9 2 10 Parameter and Value on page 151 You can adjust the query parameters to vary the response generated when you send the query to the Applic...

Страница 165: ...to generate a Response instance document The Simulator determines the query destination automatically and displays the appropriate button Submit to Vault requires valid associations in the Associatio...

Страница 166: ...You can configure the level of trace detail For more information see Section 9 2 6 Configuration Options on page 149 Output The Output tab displays the output document generated when the policy proce...

Страница 167: ...e Policy Simulator 167 novdocx en 13 May 2009 Compare The Compare tab displays the input document and the output document side by side so you can examine the changes resulting from the policy processi...

Страница 168: ...appropriate jar file or directory to the class path To add a jar file or directory to the Java class path 1 Select Windows Preferences from the tool bar 2 Navigate to the Novell Identity Manager Simul...

Страница 169: ...source objects allow you to store information that a policy consumes It can be any information stored in text or XML format A resource object is stored in a library or driver object An example of usin...

Страница 170: ...ource object 10 1 2 Using a Generic Resource Object A resource object is a place to store information It is an eDirectoryTM object and to use the information in the object you treat it as any other eD...

Страница 171: ...ication objects for Novell SecureLogin and for Novell SecretStore For information on how to create application objects for SecureLogin see Creating an Application Object in Novell Credential Provision...

Страница 172: ...ation parameter values for Novell Credential Provisioning policies For information see Creating an Application Object or Creating an Application Object in Novell Credential Provisioning for Identity M...

Страница 173: ...xisting object 10 6 3 Using Policies in the Library Objects After you have created the library you can use any of the resources stored in the library in any policy 1 Double click the desired policy in...

Страница 174: ...174 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 175: ...dgpro data prdefcreateformschapter html This section explains how to use the ECMAScript editor how to use ECMAScript with policies and how to use ECMAScript with custom forms It does not explain the E...

Страница 176: ...roperties of the server then the ECMAScript object can be created Designer provides an ECMAScript editor which also includes an ECMA Expression Builder You use both to create the ECMAScript To access...

Страница 177: ...in a text editor then copy the script 2 Paste the ECMAScript into the ECMAScript editor 3 Press Ctrl S to save the ECMAScript Editing an ECMAScript There are multiple options available for use to edit...

Страница 178: ...fied information Show Expression Builder Launches the Expression Builder For more information see Section 11 2 2 Expression Builder on page 178 Option Description Toggle Breakpoints To be implemented...

Страница 179: ...r conditions If XPath Expression Append XML Element Append XML Text Clone By XPath Expressions Set XML Attribute Strip XPath Expression To access the Expression Builder through the Argument Builder 1...

Страница 180: ...s 4 Click Check Syntax to validate the expression 5 Click OK to close the Expression Builder In the following example the join ECMAScript variable is used with the toString function or method but ther...

Страница 181: ...ion to view all of the variables by clicking the plus icon arrow icon in Linux You can view the function without the variables by clicking the minus icon arrow icon in Linux 11 2 4 Error Display As th...

Страница 182: ...error in the Problems view The cursor jumps to the problem line in the main scripting area To access the Problems view 1 In the toolbar select Window Show View Other General Problems The Problems view...

Страница 183: ...is tested by specifying a value of areaOfCircle 10 The shell displays the value of 628 3185307179587 To execute the expression press the Enter key If you want to enter more than one line of code in t...

Страница 184: ...of ECMAScripts with Policies The following examples use the ECMAScript file demo js samples demo js with different policies The demo js file contains three ECMAScript function definitions Section 11...

Страница 185: ...com novell designer idm policybuilder_1 2 0 200612180606 DTD dirxmlscript dtd policy rule description Reformat photo from URL to octet description conditions actions do reformat op attr name photo ar...

Страница 186: ...6 Split on page 186 Join The Join function joins the text values of Nodes in a NodeSet into a single string template that joins the joinme attribute values into a single value xsl template match attr...

Страница 187: ...itjointest xml is an input document that shows the style sheet in action 11 3 3 XSLT Policy Calling an ECMAScript Function in the Style Sheet The XSLT policy demonstrates embedding ECMAScript function...

Страница 188: ...188 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 189: ...e or when no conditions are specified This section contains detailed information about all conditions that are available through the Policy Builder interface If Association on page 190 If Attribute on...

Страница 190: ...ation for the current object Available There is a non empty association value specified by the current operation Equal The association value specified by the current operation is exactly equal to the...

Страница 191: ...Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java...

Страница 192: ...reater Than Less Than Not Equal Not Greater Than Not Less Than Operator Returns True When Available There is a value available in either the current operation or the source data store for the specifie...

Страница 193: ...le xml Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The regular expression ma...

Страница 194: ...194 Policies in Designer 3 5 novdocx en 13 May 2009 The condition is looking for any User object that has an attribute of Title with a value of consultant or sales...

Страница 195: ...operation Equal There is an object class name available in the current operation and it equals the specified value when compared by using the specified comparison mode Greater Than There is an object...

Страница 196: ...see 004 Command GroupChangeOnTitleChange xml samples 004 Command GroupChangeOnTitleChange xml Regular Expression The regular expression matches the entire string It defaults to case insensitive but c...

Страница 197: ...Conditions 197 novdocx en 13 May 2009 Checks to see if the class name of the current object is User...

Страница 198: ...tore for the specified attribute Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared by using the specified compari...

Страница 199: ...GroupChangeOnTitleChange xml Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The...

Страница 200: ...200 Policies in Designer 3 5 novdocx en 13 May 2009 The policy checks to see if the value of the title attribute contains manager...

Страница 201: ...There is a destination DN available Equal There is a destination DN available and it equals the specified value when compared by using semantics appropriate to the DN format of the destination data st...

Страница 202: ...change that adds a value add value or add attribute to the named entitlement It has a value that equals the specified value when compared by using the specified comparison mode Equal There is a value...

Страница 203: ...n Not Changing From Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive Character by character case insensitive comparison Regular Expression The regular...

Страница 204: ...204 Policies in Designer 3 5 novdocx en 13 May 2009 Not Changing To Not Equal Not Greater Than Not Less Than Example...

Страница 205: ...ctor on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Operator Returns True When Available There is a global configuration value with the specified name...

Страница 206: ...rison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http...

Страница 207: ...rators that contain the value field are Equal Greater Than Less Than Not Equal Operator Returns True When Available There is a local variable with the specified name that has been defined by an action...

Страница 208: ...ity Manager 3 6 To view the policy in XML see 003 Command AddCreate Groups xml samples 003 Command AddCreateGroups xml Mode Description Case Sensitive Character by character case sensitive comparison...

Страница 209: ...en 13 May 2009 The policy contains five rules that are dependent on each other For the If Locate Variable condition to work the first rule sets four different local variables to test for groups and wh...

Страница 210: ...en 13 May 2009 The condition the rule looks for is to see if the local variable of manager group info is available and if manager group info is not equal to group If these conditions are met then the...

Страница 211: ...n the selected operator Fields Name Specify the name of the named password to test for the selected condition Supports variable expansion For more information see Section 3 6 Variable Selector on page...

Страница 212: ...mparison mode Not Equal Equal would return False Not Greater Than Greater Than would return False Not Less Than Less Than would return False Mode Description Case Sensitive Character by character case...

Страница 213: ...ion For more information see Section 3 6 Variable Selector on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Not Greater Than Not Less Than The values ar...

Страница 214: ...p security equal to that group The policy name is Govern Groups for User Based on Title Attribute and it is available for download from the Novell Support Web site For more information see Downloading...

Страница 215: ...specified attribute that equals the content of the condition when compared by using the specified comparison mode If mode structured then the content must be a set of component s Otherwise it must be...

Страница 216: ...se Not Changing To Changing To would return False Not Equal Equal would return False Not Greater Than Greater Than or Equal would return False Not Less Than Less Than or Equal would return False Mode...

Страница 217: ...roups for User Based on Title Attribute and it is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Policies for I...

Страница 218: ...ks to see if the attribute of Title is equal to manager which is a regular expression The condition looks for a title that has zero or more characters before manager and a single character after manag...

Страница 219: ...Selector on page 35 The operators that contain the value field are Equal Greater Than Less Than Not Equal Not Greater Than Not Less Than Operator Returns True When Available There is an operation prop...

Страница 220: ...pression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2...

Страница 221: ...ble There is a password available in the current operation Equal There is a password available in the current operation and its value equals the content of the condition when compared by using the spe...

Страница 222: ...sformation policy checks to see if a password is available when an object is added If the password is available then the Novell SecureLogin and Novell SecretStore credentials are provisioned Case Inse...

Страница 223: ...Conditions 223 novdocx en 13 May 2009...

Страница 224: ...value available in the source data store for the specified attribute Equal There is a value available in the source data store for the specified attribute It equals the specified value when compared b...

Страница 225: ...s to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pattern options CAS...

Страница 226: ...r more information see Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 To view the policy in XML see predef_transformation_filter_exclude_subtress xml samples predef_tran...

Страница 227: ...Conditions 227 novdocx en 13 May 2009 The condition checks to see if the source DN is in the Users container If the object comes from that container it is vetoed...

Страница 228: ...on has a comparison mode parameter that indicates how a comparison is done Operator Returns True When Available There is an XML attribute with the specified name on the current operation Equal There i...

Страница 229: ...tring It defaults to case insensitive but can be changed by an escape in the expression For more information see Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pat...

Страница 230: ...y Manager 3 6 Example If you are implementing Novell Credential Provisioning policies there is a sample Subscriber Command Transformation policy that uses the XPath Expression condition The sample fil...

Страница 231: ...Conditions 231 novdocx en 13 May 2009...

Страница 232: ...232 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 233: ...ppend XML Text on page 246 Break on page 248 Clear Destination Attribute Value on page 249 Clear Operation Property on page 250 Clear Source Attribute Value on page 251 Clear SSO Credential on page 25...

Страница 234: ...ge 293 Set Operation Property on page 294 Set Operation Source DN on page 295 Set Operation Template DN on page 296 Set Source Attribute Value on page 297 Set Source Password on page 299 Set SSO Crede...

Страница 235: ...Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store DN Specify the DN of the target object...

Страница 236: ...type This object can be the current object or can be specified by a DN or an association DN Specify the DN association or current object as the target object Value Type Select the syntax of the attrib...

Страница 237: ...Actions 237 novdocx en 13 May 2009...

Страница 238: ...ter the current operation or written directly to the destination data store DN Specify the DN of the object to be created Remarks Any attribute values to be added as part of the object creation must b...

Страница 239: ...Actions 239 novdocx en 13 May 2009 The OU object is created The value for the OU attribute is created from the destination attribute value action that occurs after this action...

Страница 240: ...ction 3 6 Variable Selector on page 35 Password Specify the authorized user password You can enter a clear text password not recommended or use the Argument Builder to specify a Named Password Object...

Страница 241: ...n for any Separation of Duty violations this assignment will trigger Default No exception will be requested and the request will fail if it causes a violation NOTE By default the Named String Builder...

Страница 242: ...ave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object type Thi...

Страница 243: ...field Any attribute values to be added as part of the object creation must be done in subsequent Add Source Attribute Value actions using the same DN Fields Class Name Specify the class name of the o...

Страница 244: ...hould be appended Insert Select whether to insert the XPath expression before the source XPath expression or append the XPath expression to the end of the current node in the destination XPath express...

Страница 245: ...Actions 245 novdocx en 13 May 2009...

Страница 246: ...ression or append the XPath expression to the end of the current node in the destination XPath expression Before XPath Expression Specify the XPath 1 0 expression that evaluates relative to each of th...

Страница 247: ...Actions 247 novdocx en 13 May 2009...

Страница 248: ...248 Policies in Designer 3 5 novdocx en 13 May 2009 Break Ends processing of the current operation by the current policy Example...

Страница 249: ...the class name of the target object Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 M...

Страница 250: ...n The operation property is the XML attribute attached to an operation data element by a policy An XML attribute is a name value pair associated with an element in the XDS document Fields Property Nam...

Страница 251: ...onal Specify the class name of the target object Leave the field blank to use the class name from the current object This value might be required for schema map purposes if the object is other than cu...

Страница 252: ...e repository object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Target User DN Specify the DN of the target users Application Credential ID Specify th...

Страница 253: ...containing the nodes to be copied Supports variable expansion For more information on variable expansion and XPath see Section 3 6 5 XPath Expressions on page 39 Destination XPath Expression Specify t...

Страница 254: ...Selector on page 35 Example The example adds a User object to the appropriate Employee or Manager group based on Title It also creates the group if needed and sets up security equal to that group The...

Страница 255: ...For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data s...

Страница 256: ...he object to delete in the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object type to delete in the source...

Страница 257: ...eturned No query is performed if the current operation already has a non empty association thus allowing multiple find matching object actions to be strung together in the same rule If the destination...

Страница 258: ...tributes The left fields store the attributes to match The right fields allow you to specify to use the value from the current object to match or to use another value If you select Other Value there a...

Страница 259: ...Actions 259 novdocx en 13 May 2009 2 Select the desired value type 3 Specify the value then click Finish...

Страница 260: ...e is used If the current node in the node set is an entitlement element then the actions are marked as if they are also enclosed in an Implement Entitlement action If the current node is a query eleme...

Страница 261: ...rts the following strings Level Description log informational Positive events of any importance log alert Events that require immediate attention log critical Events that can cause parts of the Metadi...

Страница 262: ...it or Sentinel an event The policy name is Policy to Place by Surname and is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies To v...

Страница 263: ...Actions 263 novdocx en 13 May 2009...

Страница 264: ...if the conditions are False Example During an Add or Modify operation if the attribute of Title equals manager the user object is added to the ManagerGroup group If the Title does not equal manager th...

Страница 265: ...Actions 265 novdocx en 13 May 2009 The action is to add the user object to the ManagerGroup group If the title does not equal manager the user object is placed in the UsersGroup group...

Страница 266: ...the agent that granted or revoked the entitlement Fields Node Set Node set containing the entitlement being implemented by the specified actions Action Actions that implement the specified entitlement...

Страница 267: ...ed by a DN or an association Container to Move to Select the container to receive the object This container is specified by a DN or an association DN or Association Specify whether the DN or associati...

Страница 268: ...policy checks to see if it is a modify event on a User object and if the attribute Description contains the value of terminated If that is the case then it sets the attribute of Login Disabled to Tru...

Страница 269: ...o the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object to Move Select the object to be moved This object can be the current object...

Страница 270: ...ew value it must be obtained by referencing the local variable current value Example The example reformats the telephone number It changes it from nnn nnn nnnn to nnn nnn nnnn The rule is from the pre...

Страница 271: ...Actions 271 novdocx en 13 May 2009...

Страница 272: ...sables the User object instead The transforms an event The rule is from the predefined rules that come with Identity Manager For more information see Section 8 2 Command Transformation Publisher Delet...

Страница 273: ...ve the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be...

Страница 274: ...formation see Section 3 6 Variable Selector on page 35 Password Specify the authorized user password You can enter a clear text password not recommended or use the Argument Builder to specify a Named...

Страница 275: ...Actions 275 novdocx en 13 May 2009 Example...

Страница 276: ...Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable...

Страница 277: ...For more information see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data...

Страница 278: ...in the current operation Fields Source Name Specify the original attribute name Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Destination Name Specify t...

Страница 279: ...rename in the source data store Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Select Object Select the target object This object can be the current obje...

Страница 280: ...Strings Specify the values containing the various e mail addresses subject and message You can enter the strings manually or select the Edit the strings icon to open the Named String Builder and speci...

Страница 281: ...Actions 281 novdocx en 13 May 2009 Example to Adds the address to the list of e mail recipients multiple instances are allowed Can contain a comma separated list of recipients String Name Description...

Страница 282: ...n the Identity Manager 3 6 1 Common Driver Administration Guide Strings Specify additional string arguments for the e mail message You can enter the strings manually or select the Edit the strings ico...

Страница 283: ...the reserved field names listed above Send Email from Template supports Global Configuration Values GCVs for creating the desired string Each template can also define fields that can be replaced in t...

Страница 284: ...ion 3 6 Variable Selector on page 35 Write Back Select whether or not to also write back the default values to the source data store Argument Values Specify the default values of the attribute Example...

Страница 285: ...rgument Value List Builder is launched See Section 4 8 Argument Value List Builder on page 58 for more information on the builder You can set the value to what is needed In this case we used the Argum...

Страница 286: ...see Section 3 6 Variable Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select th...

Страница 287: ...e rule sets the value for the attribute of Login Disabled to true The rule uses the Argument Builder to add the text of true as the value of the attribute See Section 4 3 Argument Builder on page 47 f...

Страница 288: ...Selector on page 35 Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object This obje...

Страница 289: ...t the type of local variable This can be a string an XPath 1 0 node set or a Java object String Specify the attribute values to set Example The example adds a User object to the appropriate Employee o...

Страница 290: ...iable is set to the value that is in the User object s destination attribute of Object Class plus the Local Variable of manager group info The Argument Builder is used to construct the local variable...

Страница 291: ...Actions 291 novdocx en 13 May 2009 Set Operation Association Sets the association value for the current operation Fields Association Provide the new association value Example...

Страница 292: ...292 Policies in Designer 3 5 novdocx en 13 May 2009 Set Operation Class Name Sets the object class name for the current operation Fields String Specify the new class name Example...

Страница 293: ...ed system You need to define at what point the mirroring begins in the source and destination data stores The rule is from the predefined rules that come with Identity Manager For more information see...

Страница 294: ...ed within an operation It is typically used to supply additional context that might be needed by the policy that handles the results of an operation Fields Property Name Specify the name of the operat...

Страница 295: ...Actions 295 novdocx en 13 May 2009 Set Operation Source DN Sets the source DN for the current operation Fields DN Specify the new source DN Example...

Страница 296: ...y is Policy Assign Template to User Based on Title and it is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Pol...

Страница 297: ...n For more information see Section 3 6 Variable Selector on page 35 Object Select the target object This object can be the current object or can be specified by a DN or an association Value Type Selec...

Страница 298: ...298 Policies in Designer 3 5 novdocx en 13 May 2009 The action takes the value of the destination attribute Internet EMail Address and sets the source attribute of Email to this same value...

Страница 299: ...nsion For more information see Section 3 6 Variable Selector on page 35 Object Select the target object This object can be the current object or can be specified by an DN or an association New Passwor...

Страница 300: ...e Selector on page 35 Target User DN Specify the DN of the target users Application Credential ID Specify the application credential that is stored in the application object Supports variable expansio...

Страница 301: ...for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Ta...

Страница 302: ...x has been previously defined in this policy Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 XPath Expression XPath 1 0 expression that returns a node set...

Страница 303: ...art in LDAP format Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 User Application URL Specify the URL of the User Application server where the workflow...

Страница 304: ...vdocx en 13 May 2009 Example The following example starts a workflow process each time there in an Add operation The workflow is a request for a cell phone To view the policy in XML see start_workflow...

Страница 305: ...5 String Provide the status message by using the Argument Builder Remarks If level is retry then the policy immediately stops processing the input document and schedules a retry of the event currently...

Страница 306: ...detects when an e mail address is changed and sets it back to what it was The policy name is Policy Reset Value of the E mail Attribute and it is available for download from the Novell Support Web sit...

Страница 307: ...expression that returns a node set containing the nodes to be stripped Supports variable expansion For more information on variable expansion and XPath see Section 3 6 5 XPath Expressions on page 39 R...

Страница 308: ...of the trace message String Specify the value of the trace message Example The example has four rules that implement a Placement policy for User objects based on the first character of the Surname at...

Страница 309: ...Actions 309 novdocx en 13 May 2009 The action sends a trace message to DSTRACE The contents of the local variable is LVUsers1 and it shows up in yellow in DSTRACE...

Страница 310: ...e is from the predefined rules that come with Identity Manager For more information see Section 8 8 Event Transformation Scope Filtering Exclude Subtrees on page 122 To view the policy in XML see pred...

Страница 311: ...User objects to be created unless the attributes Given Name Surname Title Description and Internet EMail Address are available The policy name is Policy to Enforce the Presences of Attributes and it...

Страница 312: ...2009 While Causes the specified actions to be repeated while the specified conditions evaluate to True Fields Conditions Specify the condition to be evaluated Actions Specify the actions to be repeat...

Страница 313: ...320 Destination Attribute on page 321 Destination DN on page 323 Destination Name on page 325 Document on page 326 Entitlement on page 327 Generate Password on page 328 Global Configuration Value on p...

Страница 314: ...r Based on Title policy which is available for download from the Novell Support Web site For more information see Downloading Identity Manager Policies in Understanding Policies for Identity Manager 3...

Страница 315: ...Noun Tokens 315 novdocx en 13 May 2009 The Text token contains the DN for the manager s group You can browse to the object you want like to use or type the information into the editor...

Страница 316: ...entitlement Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token expands to a...

Страница 317: ...d rule see Section 8 2 Command Transformation Publisher Delete to Disable on page 113 The action of Remove Association uses the Association token to retrieve the value from the current operation The r...

Страница 318: ...ode set is expected the token expands to a node set containing all of the values for that attribute If it is used in a context where a string is expected the token expands to the string value found Ex...

Страница 319: ...values and characters see Unicode Code Charts http www unicode org charts Fields Character Value The Unicode code point of the character Supports variable expansion For more information see Section 3...

Страница 320: ...320 Policies in Designer 3 5 novdocx en 13 May 2009 Class Name Expands to the object class name from the current operation Example...

Страница 321: ...oken is used in a context where a node set is expected the token expands to a node set containing all of the values for that attribute If it is used in a context where a string is expected the token e...

Страница 322: ...5 novdocx en 13 May 2009 You build the Destination Attribute through the Editor In this example the attribute of Object Class is set The DN is used to select the object The value of DN is the Local Va...

Страница 323: ...nvert Select whether or not to convert the DN to the format used by the source data store Remarks If start and length are set to the default values 0 1 the entire DN is used otherwise only the portion...

Страница 324: ...324 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 325: ...Noun Tokens 325 novdocx en 13 May 2009 Destination Name Expands to the unqualified Relative Distinguished Name RDN of the destination DN specified in the current operation Example...

Страница 326: ...nt Reads the XML document pointed to by the URI and returns the document node in a node set The URI can be relative to the URI of the including policy With any error the result is an empty node set Fi...

Страница 327: ...nt Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token expands to a node set...

Страница 328: ...password policy Fields Password Policy The DN of the password policy that receives the randomly generated password Supports variable expansion For more information see Section 3 6 Variable Selector o...

Страница 329: ...9 Global Configuration Value Expands to the value of a global configuration variable Fields Name Name of the global configuration value Supports variable expansion For more information see Section 3 6...

Страница 330: ...ctor on page 35 Example The example is from the Govern Groups for User Based on Title policy which is available for download from the Novell Support Web site For more information see Downloading Ident...

Страница 331: ...he value that is stored in the Local Variable In the Editor you click the browse icon and all of the local variables that have been defined are listed Select the correct local variable The value of th...

Страница 332: ...used if a Named Password has been set on the driver object The Named Password is used to save a password in an encrypted form For more information on Named Passwords see Securely Storing Driver Passwo...

Страница 333: ...Noun Tokens 333 novdocx en 13 May 2009...

Страница 334: ...334 Policies in Designer 3 5 novdocx en 13 May 2009 Operation Expands to the name of the current operation Example...

Страница 335: ...s variable expansion For more information see Section 3 6 Variable Selector on page 35 Example The example has four rules that implement a Placement policy for User objects based on the first characte...

Страница 336: ...e action Set Operation Destination DN contains the Operation Attribute token The Operation Attribute token sets the Destination DN to the CN attribute The rule takes the context of Training Users Acti...

Страница 337: ...Property Expands to the value of the specified operation property on the current operation Fields Name Specify the name of the operation property Supports variable expansion For more information see...

Страница 338: ...338 Policies in Designer 3 5 novdocx en 13 May 2009 Password Expands to the password specified in the current operation Example...

Страница 339: ...se when querying the Identity Vault For more information about indexes see the Novell eDirectory 8 8 Administration Guide http www novell com documentation edir88 edir88 index html page documentation...

Страница 340: ...340 Policies in Designer 3 5 novdocx en 13 May 2009 XPath 1 0 Expressions in Understanding Policies for Identity Manager 3 6 Chapter 5 Using the XPath Builder on page 71 Example...

Страница 341: ...Specify the name of the attribute Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected...

Страница 342: ...me of the entitlement Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks If the token is used in a context where a node set is expected the token exp...

Страница 343: ...o an association key or the association key to a DN in the specified data store Fields Datastore Select the destination or source datastore to be queried Resolve Type Select to resolve the association...

Страница 344: ...t Leave the field blank to use the class name from the current object Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Object Select the source object This...

Страница 345: ...set from the leaf most RDN towards the root most RDN Length Number of RDN segments to include Negative numbers are interpreted as total of segments length 1 For example for a DN with 5 segments a leng...

Страница 346: ...346 Policies in Designer 3 5 novdocx en 13 May 2009 Source Name Expands to the unqualified relative distinguished name RDN of the source DN specified in the current operation Example...

Страница 347: ...on 3 6 Variable Selector on page 35 Language Specify the language It defaults to the current system language Supports variable expansion For more information see Section 3 6 Variable Selector on page...

Страница 348: ...rdinates Start Search Select a starting point for the search The starting point can be the root of the data store or can be specified by a DN or association Pattern Specify patterns to use to generate...

Страница 349: ...til a name is found that does not return any instances or the counter is exhausted The counter starting value is specified by counter start and the counter maximum value is specified in terms of the m...

Страница 350: ...nstructed to provide unique names If this pattern does not generate a unique name a digit is appended incrementing up to the specified number of digits In this example nine additional unique names wou...

Страница 351: ...data store Remarks If there are no matches the entire DN is used Example The example is from the predefined rules that come with Identity Manager For more information see Section 8 12 Matching Subscri...

Страница 352: ...nds to the results of evaluating an XPath 1 0 expression Fields Expression XPath 1 0 expression to evaluate Remarks For more information on using XPath expressions with policies see XPath 1 0 Expressi...

Страница 353: ...lable through the Policy Builder interface Base64 Decode on page 354 Base64 Encode on page 355 Convert Time on page 356 Escape Destination DN on page 358 Escape Source DN on page 359 Join on page 360...

Страница 354: ...e specified character set Fields Character Set Specify the character set that converts the decoded bytes to a string It can be any character set supported by Java If the field is left blank the charac...

Страница 355: ...the bytes Fields Character Set Specify the character set that converts the string to bytes It can be any Java supported character set If the filed is left blank the character set defaults to the syste...

Страница 356: ...35 Destination Format Specify the destination date time format Select a named time format or specify a custom format pattern Supports variable expansion For more information see Section 3 6 Variable...

Страница 357: ...Verb Tokens 357 novdocx en 13 May 2009...

Страница 358: ...me with Identity Manager For more information see Section 8 16 Placement Publisher Flat on page 136 To view the policy in XML see predef_place_pub_flat xml samples predef_place_pub_flat xml The action...

Страница 359: ...Verb Tokens 359 novdocx en 13 May 2009 Escape Source DN Escapes the enclosed tokens according to the rules of the DN format of the source data store Example...

Страница 360: ...If the comma separated values CSV are true then CSV quoting rules are applied to the values Fields Delimiter Optional Specify the string used to delimit the joined values Supports variable expansion...

Страница 361: ...name is Policy Create E mail from Given Name and Surname and it is available for download at the Novell Support Web site For more information see Downloading Identity Manager Policies in Understandin...

Страница 362: ...ncluding policy Fields Mapping Table DN Specify the slash form DN of a Resource object containing the mapping table Supports variable expansion For more information see Section 3 6 Variable Selector o...

Страница 363: ...Verb Tokens 363 novdocx en 13 May 2009 Example...

Страница 364: ...rce DN Delimiter Specify the custom source DN delimiter set if Source DN Format is set to custom Destination DN Delimiter Specify the custom destination DN delimiter set if Destination DN Format is se...

Страница 365: ...aning Example The example uses the Parse DN token to build the value the Add Destination Attribute Value action The example is from the predefined rules that come with Identity Manager For more inform...

Страница 366: ...Specify the replacement string Supports variable expansion For more information see Section 3 6 Variable Selector on page 35 Remarks For details on creating regular expressions see Java Class Pattern...

Страница 367: ...tp java sun com j2se 1 4 docs api java util regex Pattern html Java Class Matcher information java lang String http java sun com j2se 1 4 docs api java util regex Matcher html replaceAll java lang Str...

Страница 368: ...docx en 13 May 2009 The regular expression of d d d s d d d d d d d represents nnn nnn nnnn and the regular expression of 1 2 3 represents nnn This rule transforms the format of the telephone number f...

Страница 369: ...ified by delimiter If comma separated values CSV are true then CSV quoting rules are honored during the parsing of the string Fields Delimiter Regular expression that matches the delimiter characters...

Страница 370: ...bstring Negative numbers are interpreted as total of characters length 1 For example 1 represents the entire length of the original string If 2 is specified the length is the entire string 1 For a str...

Страница 371: ...n 13 May 2009 The Substring token is used twice in the action Set Destination Attribute Value It takes the first character of the First Name attribute and adds eight characters of the Last Name attrib...

Страница 372: ...ibutes of the User object to uppercase The policy name is Policy Convert First Last Name to Uppercase and it is available for download at the Novell Support Web site For more information see Downloadi...

Страница 373: ...Parse Parses the result of the enclosed tokens as XML and returns the resulting document node in a node set If the result of the enclosed tokens is not well formed XML or cannot be parsed for any rea...

Страница 374: ...en 13 May 2009 XML Serialize Serializes the node set result of the enclosed tokens as XML Depending on the content of the node set the resulting string is either a well formed XML document or a well...

Страница 375: ...e 382 Section 16 6 Condition Argument Component Builder on page 383 Section 16 7 Match Attribute Builder on page 383 Section 16 8 Named String Builder on page 385 Section 16 9 Pattern String Builder o...

Страница 376: ...lect an action then click the Help icon to see information specific to that action 16 2 Actions Builder The Actions Builder allows you to create an action inside of another action To launch the Action...

Страница 377: ...Pre Identity Manager 3 5 Noun Tokens on page 475 for more information Verbs Contains a list of all of the available verb tokens Select a verb token then click Add to add the verb token to the Expressi...

Страница 378: ...n click the Edit the Arguments icon Add Association page 421 Add Destination Attribute Value page 422 Add Destination Object page 423 Add Source Attribute Value page 424 Append XML Text page 427 Clear...

Страница 379: ...stination Attribute Value page 454 when the selected object is DN or Association and Enter Value Type is not structured Set Destination Password page 455 Set Local Variable page 456 Set Operation Asso...

Страница 380: ...select the Given Name attribute 3 Double click Substring from the list of verbs 4 Type 1 in the Length field 5 Select the Given Name attribute then click the Move Down icon 6 Double click Attribute fr...

Страница 381: ...click the Edit components icon Add Destination Attribute Value page 422 Add Source Attribute Value page 424 Reformat Operation Attribute Value page 444 Remove Destination Attribute Value page 446 Remo...

Страница 382: ...OR Conditions AND Groups AND Conditions OR Groups Section 16 5 1 Creating a Condition on page 382 Section 16 5 2 Additional Options for the Condition Builder on page 382 16 5 1 Creating a Condition 1...

Страница 383: ...n to see information specific to that condition For additional information on the Condition Builder and the rules see Section 3 4 Creating a Rule on page 28 16 6 Condition Argument Component Builder T...

Страница 384: ...objects Select from entry subordinates or subtree 3 Specify the DN of the starting point for the search 4 Click the Edit match attributes icon to launch the Match Attribute Builder 5 Click the Browse...

Страница 385: ...se values from current object There are multiple value types to specify counter dn int interval octet state string structured teleNumber time To use the another value 1 Launch the Match Attribute Buil...

Страница 386: ...h For a Send Email action the named strings correspond to the elements of the e mail A complete list of possible values is contained in the help file corresponding to the action that launches the Name...

Страница 387: ...3 May 2009 Figure 16 6 Unique Name Token in the Argument Builder 1 Click the Edit patterns icon to launch the Pattern Builder 2 Specify the pattern or click the Edit the arguments icon to use the Argu...

Страница 388: ...4 Create the value of the action component You can type the value or click the Edit the arguments icon to create the value in the Argument Builder 5 Click Finish 16 11 Namespace Editor The Policy Bui...

Страница 389: ...sor html com novell nds dirxml driver XdsCommandProcessor http developer novell com documentation dirxml dirxmlbk api com novell nds dirxml driver XdsCommandProcessor html com novell nds dirxml driver...

Страница 390: ...390 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 391: ...CNF or DNF evaluates to True or when no conditions are specified This section contains detailed information about all conditions that are available through the pre Identity Manager 3 5 Policy Builder...

Страница 392: ...Equal Not Equal Operator Returns True when Associated There is an established association for the current object Not Association There is not an established association for the current object Availab...

Страница 393: ...rison is done Operator Returns True when Available There is a value available in either the current operation or the source data store for the specified attribute Not Available Available would return...

Страница 394: ...ter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for the des...

Страница 395: ...pecified value when compared by using the specified comparison mode Not Equal Equal would return False Mode Description Case Sensitive Character by character case sensitive comparison Case Insensitive...

Страница 396: ...396 Policies in Designer 3 5 novdocx en 13 May 2009 The operators that contain the comparison mode parameter are Equal Not Equal...

Страница 397: ...specified attribute Not Available Available would return False Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared...

Страница 398: ...Not Equal Destination DN Compares by using semantics appropriate to the DN format for the destination data store Numeric Compares numerically Binary Compares the binary information Structured Compares...

Страница 399: ...turn False Equal There is a destination DN available and it equals the specified value when compared by using semantics appropriate to the DN format of the destination data store Not Equal Equal would...

Страница 400: ...would return False Equal There is a value available for the specified attribute in the destination data store that equals the specified value when compared by using the specified comparison mode Not...

Страница 401: ...comparison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site http java sun com j2...

Страница 402: ...ct operator The value is used by the condition The operators that contain the value field are Equal Not Equal Comparison Mode The condition has a comparison mode parameter that indicates how a compari...

Страница 403: ...Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The pattern options CASE_INSENSITIVE DOTALL and UNICODE_CASE are used but can be reversed by using the appropriate embe...

Страница 404: ...tor Returns True when Available There is a local variable with the specified name that has been defined by an action of a earlier rule within the policy Not Available Available would return False Equa...

Страница 405: ...parameter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for t...

Страница 406: ...ation with the specified name The test performed depends on the selected operator Fields Name Specify the name of the named password to test for the selected condition Operator Select the condition te...

Страница 407: ...Equal There is a value available in the current operation other than a remove value for the specified attribute It equals the specified value when compared by using the specified comparison mode Not E...

Страница 408: ...on matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site http java sun com j2se 1 4 docs api java util regex Pattern html The p...

Страница 409: ...as a comparison mode parameter that indicates how a comparison is done Operator Returns True when Available There is an operation property with the specified name on the current operation Not Availabl...

Страница 410: ...ter are Equal Not Equal Source DN Compares by using semantics appropriate to the DN format for the source data store Destination DN Compares by using semantics appropriate to the DN format for the des...

Страница 411: ...ators that contain the value field are Equal Not Equal The values are the operations that the Metadirectory engine looks for add add association check object password check password delete get named p...

Страница 412: ...case insensitive comparison Regular Expression The regular expression matches the entire string It defaults to case insensitive but can be changed by an escape in the expression See Sun s Web site htt...

Страница 413: ...s a test on a password in the current operation The test performed depends on the specified operator Fields Operator Select the condition test type Operator Returns True when Available There is a pass...

Страница 414: ...for the specified attribute Not Available Available would return False Equal There is a value available in the source data store for the specified attribute It equals the specified value when compared...

Страница 415: ...qual Not Equal Destination DN Compares by using semantics appropriate to the DN format for the destination data store Numeric Compares numerically Binary Compares the binary information Structured Com...

Страница 416: ...e when Available There is a source DN available Not Available Available would return False Equal There is a source DN available and it equals the content of the specified value in container Not Equal...

Страница 417: ...ng an XPath 1 0 expression Fields Operator Select the condition test type Remarks For more information on using XPath expressions with policies see XPath 1 0 Expressions in Understanding Policies for...

Страница 418: ...418 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 419: ...lement on page 426 Append XML Text on page 427 Break on page 428 Clear Destination Attribute Value on page 429 Clear Operation Property on page 430 Clear Source Attribute Value on page 431 Clear SSO C...

Страница 420: ...on page 458 Set Operation Destination DN on page 459 Set Operation Property on page 460 Set Operation Source DN on page 461 Set Operation Template DN on page 462 Set Source Attribute Value on page 46...

Страница 421: ...ssociation to the Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store DN Specify the DN of...

Страница 422: ...object Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object type This object can...

Страница 423: ...ne in subsequent Add Destination Attribute Value actions using the same DN Fields Class Name Specify the class name of the object to be created Mode Select whether this action should be added to befor...

Страница 424: ...ct Leave the field blank to use the class name from the current object Object Select the target object type This object can be the current object or can be specified by a DN or an association DN Speci...

Страница 425: ...source data store with the name and location provided in the DN field Any attribute values to be added as part of the object creation must be done in subsequent Add Source Attribute Value actions usin...

Страница 426: ...e tag name of the XML element This name can contain a namespace prefix if the prefix has been previously defined in this policy XPath Expression Specify an XPath 1 0 expression that returns a node set...

Страница 427: ...expression Fields XPath Expression Specify the XPath 1 0 expression that returns a node set containing the elements to which the new elements should be appended String Specify the text to be appended...

Страница 428: ...428 Policies in Designer 3 5 novdocx en 13 May 2009 Break Ends processing of the current operation by the current policy Fields There are no fields for the Break action...

Страница 429: ...tional Specify the class name of the target object Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after the current op...

Страница 430: ...ty with the provided name from the current operation The operation property is the XML attribute attached to an operation data element by a policy An XML attribute is a name value pair associated with...

Страница 431: ...e Class Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object This value might be required for schema map purposes if the object...

Страница 432: ...al repository and application for which the credential is targeted For more information see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the D...

Страница 433: ...ource XPath Expression Specify the XPath 1 0 expression that returns a node set containing the nodes to be copied Destination XPath Expression Specify the XPath 1 0 expression that returns a node set...

Страница 434: ...ttribute Copies all occurrences of an attribute within the current operation to a different attribute within the current operation Fields Source Name Specify the name of the attribute to be copied fro...

Страница 435: ...hether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object type to delete in the destination data sto...

Страница 436: ...Deletes an object in the source data store Fields Object Select the target object type to delete in the source data store This object can be the current object or can be specified by a DN or an associ...

Страница 437: ...he current operation for each successful match that is returned No query is performed if the current operation already has a non empty association thus allowing multiple find matching object actions t...

Страница 438: ...t Remarks The current node is a different value for each iteration of the actions if a local variable is used If the current node in the node set is an entitlement element then the actions are marked...

Страница 439: ...that can cause parts of the Metadirectory engine or driver to malfunction log error Events describing errors that can be handled by the Metadirectory engine or driver log warning Negative events not...

Страница 440: ...256 bytes and the data field can contain up to 3 KB of information unless a larger data field is enabled in your environment text2 Text entered here is stored in the text2 event field text3 Text ente...

Страница 441: ...ions that implement an entitlement so that the status of those entitlements can be reported to the agent that granted or revoked the entitlement Fields Node Set Node set containing the entitlement bei...

Страница 442: ...he current operation or written directly to the destination data store Object to Move Select the object to be moved This object can be the current object or can be specified by a DN or an association...

Страница 443: ...n object in the source data store Fields Object to Move Select the object to be moved This object can be the current object or it can be specified by a DN or an association Select Container Select the...

Страница 444: ...peration by using a pattern Fields Name Specify the name of the attribute Value Type Specify the syntax of the new attribute value Value Specify a value to use as a pattern for the new format of the a...

Страница 445: ...iation Sends a remove association command to the Identity Vault Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination d...

Страница 446: ...e of the target object Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after the current operation or written directly...

Страница 447: ...me Specify the name of the attribute Class Name Optional Specify the class name of the target object Leave the field blank to use the class name from the current object Object Select the target object...

Страница 448: ...data store Fields Mode Select whether this action should be added to before or after the current operation or written directly to the destination data store Object Select the target object This object...

Страница 449: ...ons 449 novdocx en 13 May 2009 Rename Operation Attribute Renames all occurrences of an attribute within the current operation Fields Source Name Specify the original attribute name Destination Name S...

Страница 450: ...ay 2009 Rename Source Object Renames an object in the source data store Fields Select Object Select the target object This object can be the current object or can be specified by a DN or an associatio...

Страница 451: ...e Strings Specify the values containing the various e mail addresses subject and message The following table lists valid named string arguments String Name Description to Adds the address to the list...

Страница 452: ...ww novell com documentation idm35 index html Strings Specify additional fields for the e mail message The following table contains reserved field names which specify the various e mail addresses Each...

Страница 453: ...the current object in the source data store if no values for that attribute already exist It is only valid when the current operation is Add Fields Attribute Name Specify the name of the default attri...

Страница 454: ...he class name of the target object in the destination data store Leave the field blank to use the class name from the current object Mode Select whether this action should be added to before or after...

Страница 455: ...estination Password Sets the password for an object in the destination data store Fields Mode Select whether this action should be added to before or after the current operation or written directly to...

Страница 456: ...pecified the XPath 1 0 Node Set specified or the Java Object specified Fields Variable Name Specify the name of the new local variable Variable Type Select the type of local variable This can be a str...

Страница 457: ...Pre Identity Manager 3 5 Actions 457 novdocx en 13 May 2009 Set Operation Association Sets the association value for the current operation Fields Association Specify the new association value...

Страница 458: ...458 Policies in Designer 3 5 novdocx en 13 May 2009 Set Operation Class Name Sets the object class name for the current operation Fields String Specify the new class name...

Страница 459: ...Pre Identity Manager 3 5 Actions 459 novdocx en 13 May 2009 Set Operation Destination DN Sets the destination DN for the current operation Fields DN Specify the new destination DN...

Страница 460: ...An operation property is a named value that is stored within an operation It is typically used to supply additional context that might be needed by the policy that handles the results of an operation...

Страница 461: ...Pre Identity Manager 3 5 Actions 461 novdocx en 13 May 2009 Set Operation Source DN Sets the source DN for the current operation Fields DN Specify the new source DN...

Страница 462: ...ner 3 5 novdocx en 13 May 2009 Set Operation Template DN Sets the template DN for the current operation to the specified value This action is only valid when the current operation is Add Fields DN Spe...

Страница 463: ...ibute Name Specify the name of the attribute Class Name Optional Specify the class name of the target object in the source data store Leave the field blank to use the class name from the current objec...

Страница 464: ...464 Policies in Designer 3 5 novdocx en 13 May 2009 Set Source Password Sets the password for an object in the source data store Fields String Specify the password to be set...

Страница 465: ...see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository object Target User DN Specify the DN of the target users Application...

Страница 466: ...art of the Credential Provisioning policies For more information see Novell Credential Provisioning for Identity Manager 3 6 Fields Credential Repository Object DN Specify the DN of the repository obj...

Страница 467: ...me can contain a namespace prefix if the prefix has been previously defined in this policy XPath Expression XPath 1 0 expression that returns a node set containing the elements on which the XML attrib...

Страница 468: ...e by using the Argument Builder Remarks If level is retry then the policy immediately stops processing the input document and schedules a retry of the event currently being processed If the level is f...

Страница 469: ...entity Manager 3 5 Actions 469 novdocx en 13 May 2009 Strip Operation Attribute Strips all occurrences of an attribute from the current operation Fields Name Specify the name of the attribute to be st...

Страница 470: ...n XPath 1 0 expression Fields XPath Expression Specify the XPath 1 0 expression that returns a node set containing the nodes to be stripped Remarks For more information on by using XPath expressions w...

Страница 471: ...The message only appears if the specified trace level is less than or equal to the trace level configured in the driver For information on how to set the trace level on the driver see Viewing Identit...

Страница 472: ...472 Policies in Designer 3 5 novdocx en 13 May 2009 Veto Vetoes the current operation Fields There are no fields...

Страница 473: ...May 2009 Veto If Operation Attribute Not Available Conditionally cancels the current operation and ends processing of the current policy based on the availability of an attribute in the current opera...

Страница 474: ...474 Policies in Designer 3 5 novdocx en 13 May 2009...

Страница 475: ...476 Association on page 477 Attribute on page 478 Class Name on page 479 Destination Attribute on page 480 Destination DN on page 481 Destination Name on page 482 Entitlement on page 483 Global Confi...

Страница 476: ...ed in the current operation Fields Name Name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the values for...

Страница 477: ...Pre Identity Manager 3 5 Noun Tokens 477 novdocx en 13 May 2009 Association Expands to the association value from the current operation Fields There are no fields...

Страница 478: ...of the operation attribute token and the source attribute token It does not include the removed values from a Modify operation Fields Name Specify the name of the attribute Remarks If the token is use...

Страница 479: ...Pre Identity Manager 3 5 Noun Tokens 479 novdocx en 13 May 2009 Class Name Expands to the object class name from the current operation Fields There are no fields...

Страница 480: ...name of the target object Leave the field blank to use the class name from the current object Select Object Select Current Object DN or Association Remarks If the token is used in a context where a no...

Страница 481: ...Positive indexes are an offset from the root most RDN Index 1 is the leaf most segment Negative indexes are an offset from the leaf most RDN towards the root most RDN Length Specify the number of RDN...

Страница 482: ...licies in Designer 3 5 novdocx en 13 May 2009 Destination Name Expands to the unqualified Relative Distinguished Name RDN of the destination DN specified in the current operation Fields There are no f...

Страница 483: ...ement from the current object Fields Name Name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the values fo...

Страница 484: ...484 Policies in Designer 3 5 novdocx en 13 May 2009 Global Configuration Value Expands to the value of a global configuration variable Fields Name Name of the global configuration value...

Страница 485: ...Pre Identity Manager 3 5 Noun Tokens 485 novdocx en 13 May 2009 Local Variable Expands to the value of a local variable Fields Name Specify the name of the local variable...

Страница 486: ...486 Policies in Designer 3 5 novdocx en 13 May 2009 Named Password Expands to the Named Password from the driver Fields Name Specify the Named Password...

Страница 487: ...Pre Identity Manager 3 5 Noun Tokens 487 novdocx en 13 May 2009 Operation Expands to the name of the current operation Fields There are no fields...

Страница 488: ...er 3 5 novdocx en 13 May 2009 Operation Attribute Expands to the value of an attribute from the current operation It does not include the removed values from a modify operation Fields Name Specify the...

Страница 489: ...ty Manager 3 5 Noun Tokens 489 novdocx en 13 May 2009 Operation Property Expands to the value of the specified operation property on the current operation Fields Name Specify the name of the operation...

Страница 490: ...490 Policies in Designer 3 5 novdocx en 13 May 2009 Password Expands to the password specified in the current operation Fields There are no fields...

Страница 491: ...operation It applies only to a Modify operation Fields Name Specify the name of the attribute to remove Remarks If the token is used in a context where a node set is expected the token expands to a no...

Страница 492: ...in the current operation Fields Name Specify the name of the entitlement Remarks If the token is used in a context where a node set is expected the token expands to a node set containing all of the v...

Страница 493: ...blank to use the class name from the current object Name Name of the attribute Object Select the source object This object can be the current object or can be specified by a DN or an association Rema...

Страница 494: ...e indexes are an offset from the root most RDN Index 1 is the leaf most segment Negative indexes are an offset from the leaf most RDN towards the root most RDN Length Number of RDN segments to include...

Страница 495: ...ntity Manager 3 5 Noun Tokens 495 novdocx en 13 May 2009 Source Name Expands to the unqualified relative distinguished name RDN of the source DN specified in the current operation Fields There are no...

Страница 496: ...496 Policies in Designer 3 5 novdocx en 13 May 2009 Text Expands to the text Fields Text Specify the text...

Страница 497: ...stination data store using the arg dn element or the arg association element as the base of the query and scope as the scope of the query If the destination data store is the Identity Vault and name i...

Страница 498: ...cated by the counter pattern then the pattern is tested with a counter otherwise it is tested without a counter If no unique name has been found after the patterns have been exhausted and counter use...

Страница 499: ...f the source DN in the current operation that corresponds to the part of the DN that was not matched by the most recent match of an If Source DN condition Fields Convert Select whether or not to conve...

Страница 500: ...Expands to the results of evaluating an XPath 1 0 expression Fields Expression XPath 1 0 expression to evaluate Remarks For more information on using XPath expressions with policies see XPath 1 0 Expr...

Страница 501: ...that are subordinate to them This section contains detailed information about all verbs that are available through the pre Identity Manager Policy Builder interface Escape Destination DN on page 502...

Страница 502: ...502 Policies in Designer 3 5 novdocx en 13 May 2009 Escape Destination DN Escapes the enclosed tokens according to the rules of the DN format of the destination data store Fields There are no fields...

Страница 503: ...Pre Identity Manager 3 5 Verb Tokens 503 novdocx en 13 May 2009 Escape Source DN Escapes the enclosed tokens according to the rules of the DN format of the source data store Fields There are no fields...

Страница 504: ...504 Policies in Designer 3 5 novdocx en 13 May 2009 Lowercase Converts the characters in the enclosed tokens to lowercase Fields There are no fields...

Страница 505: ...DN Source DN Delimiter Specify the custom source DN delimiter set if Source DN Format is set to custom Destination DN Delimiter Specify the custom destination DN delimiter set if Destination DN Format...

Страница 506: ...and Relative RDN Delimiter are the same character the orientation of the name is root right otherwise the orientation is root left If there are more than eight characters in the delimiter set the extr...

Страница 507: ...replaced Replace With Specify the replacement string Remarks For details on creating regular expressions see Sun s Java Web site http java sun com j2se 1 4 docs api java util regex Pattern html Sun s...

Страница 508: ...marks The matching instance is replaced by the string specified in the Replace with field For details on creating regular expressions see Sun s Java Web site http java sun com j2se 1 4 docs api java u...

Страница 509: ...last character toward the start of the string For example if the start is specified as 2 then it starts reading at the first character from the end If 3 is specified then is starts 2 characters from t...

Страница 510: ...510 Policies in Designer 3 5 novdocx en 13 May 2009 Uppercase Converts the characters in the enclosed tokens to uppercase Fields There are no fields...

Отзывы:

Нет отзывов