IDM - loop query result
To loop through a nodeset (objects, attributes) one can use for-each.
To do this one first have to have a nodeset, in this case I'll use a query to find a list of users:
<do-set-local-variable name="lv_manages" scope="policy">
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-dn>
<token-text xml:space="preserve">$dit.idv.user$</token-text>
</arg-dn>
<arg-match-attr name="manager">
<arg-value type="string">
<token-text xml:space="preserve">$lv_userdn$</token-text>
</arg-value>
</arg-match-attr>
</token-query>
</arg-node-set>
</do-set-local-variable>
This will find all users in dit.idv.users which have manager set to $lv_userdn, and store it in lv_managers:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test2" src-dn="VAULTNovelluserstest2" src-entry-id="32882"/>
<instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test1" src-dn="VAULTNovelluserstest1" src-entry-id="32881"/>
<status level="success"></status>
</output>
</nds>
Not the interesting part about XPath and nodeset's is that the root of the nodeset will always point at <output>/instance ... meaning that anything you need to look at in this case will be $lv_managers, which will have a list of instances.
Now to do anything interesting with the result, we have to use for-each (do-for-each):
<do-for-each>
<arg-node-set>
<token-local-variable name="lv_manages"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
Now there to two interesting things in this:
- normally we just address a local variable as $<variable name>, in this case we have to use <token-local-variable name="<variable name>"/> as we need the reference and not the value.
Also do-for-each will put the resulting node set (it will always return a node set) in $current-node, which means that looping through the above result (nodeset), will return:
1) <instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test2" src-dn="VAULTNovelluserstest2" src-entry-id="32882"/>
2) <instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test1" src-dn="VAYKTNovelluserstest1" src-entry-id="32881"/>
So to get the src-dn from this we need to get the value from $current-node/@src-dn
Unfortunately DirXML-Script does not have functions/procedures, or templates known from XSLT - I'm yet to get a reasonable explanation for this, and will not hold my breath till it happens. This means that one have to write the same code over and over again, or setup lots of variables, and then write library policies/rules which are then linked into the driver, which of cause would would, but it's kind of ugly. More about that later.
To do this one first have to have a nodeset, in this case I'll use a query to find a list of users:
<do-set-local-variable name="lv_manages" scope="policy">
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-dn>
<token-text xml:space="preserve">$dit.idv.user$</token-text>
</arg-dn>
<arg-match-attr name="manager">
<arg-value type="string">
<token-text xml:space="preserve">$lv_userdn$</token-text>
</arg-value>
</arg-match-attr>
</token-query>
</arg-node-set>
</do-set-local-variable>
This will find all users in dit.idv.users which have manager set to $lv_userdn, and store it in lv_managers:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test2" src-dn="VAULTNovelluserstest2" src-entry-id="32882"/>
<instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test1" src-dn="VAULTNovelluserstest1" src-entry-id="32881"/>
<status level="success"></status>
</output>
</nds>
Not the interesting part about XPath and nodeset's is that the root of the nodeset will always point at <output>/instance ... meaning that anything you need to look at in this case will be $lv_managers, which will have a list of instances.
Now to do anything interesting with the result, we have to use for-each (do-for-each):
<do-for-each>
<arg-node-set>
<token-local-variable name="lv_manages"/>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-xpath expression="$current-node/@src-dn"/>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
Now there to two interesting things in this:
- normally we just address a local variable as $<variable name>, in this case we have to use <token-local-variable name="<variable name>"/> as we need the reference and not the value.
Also do-for-each will put the resulting node set (it will always return a node set) in $current-node, which means that looping through the above result (nodeset), will return:
1) <instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test2" src-dn="VAULTNovelluserstest2" src-entry-id="32882"/>
2) <instance class-name="User" qualified-src-dn="O=NovellOU=usersCN=test1" src-dn="VAYKTNovelluserstest1" src-entry-id="32881"/>
So to get the src-dn from this we need to get the value from $current-node/@src-dn
Unfortunately DirXML-Script does not have functions/procedures, or templates known from XSLT - I'm yet to get a reasonable explanation for this, and will not hold my breath till it happens. This means that one have to write the same code over and over again, or setup lots of variables, and then write library policies/rules which are then linked into the driver, which of cause would would, but it's kind of ugly. More about that later.
Comments