AD Add Groups Policy

From MicroFocusInternationalWiki
Jump to: navigation, search

Add this policy to the Subscriber Command Transformation of the AD driver to allow existing eDirectory Group Membership for a User to be synchronized to AD at the time the User is created in AD. Remember that in order to synchronize group membership the Groups in AD must be associated with the Groups in eDirectory.


<?xml version="1.0" encoding="UTF-8"?>
<policy xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor">
 <rule>
  <description>Add new user to associated groups</description>
  <conditions>
   <and>
    <if-operation op="equal">add</if-operation>
    <if-class-name op="equal">User</if-class-name>
   </and>
  </conditions>
  <actions>
   <do-set-local-variable name="groupAssociations">
    <arg-node-set>
     <token-xpath expression="empty"/>
    </arg-node-set>
   </do-set-local-variable>
   <do-for-each>
    <arg-node-set>
     <token-src-attr name="Group Membership"/>
    </arg-node-set>
    <arg-actions>
     <do-set-local-variable name="groupAssociations">
      <arg-node-set>
       <token-local-variable name="groupAssociations"/>
       <token-xpath expression="query:readObject($srcQueryProcessor, '', $current-node, 'Group','')/association/text()[. != '']"/>
      </arg-node-set>
     </do-set-local-variable>
    </arg-actions>
   </do-for-each>
   <do-for-each>
    <arg-node-set>
     <token-local-variable name="groupAssociations"/>
    </arg-node-set>
    <arg-actions>
     <do-add-dest-attr-value class-name="Group" name="Member">
      <arg-association>
       <token-local-variable name="current-node"/>
      </arg-association>
      <arg-value type="string">
       <token-dest-dn/>
      </arg-value>
     </do-add-dest-attr-value>
    </arg-actions>
   </do-for-each>
  </actions>
 </rule>
</policy>