A Forum reader recently asked:
“I am creating users from a vault to eDirectory (IDM 3.5), and I am building up the destination DN based on information stored in the vault. The problem I have is that some of the destination DNs do not exist. I want to do a check for the existence of a DN before trying to create the user – and if it does not exist, create the OU.
I have seen some XML code to do this but I would really prefer to this with Policy Builder and stay away from XML if possible.”
And here’s the response from Father Ramon …
Assuming you only need one level created at a time, try this:
<policy> <rule> <description>Check if destination container already exists</description> <conditions> <and> <if-operation op="equal">add</if-operation> </and> </conditions> <actions> <do-set-local-variable name="target-container"> <arg-string> <token-dest-dn length="-2"/> </arg-string> </do-set-local-variable> <do-set-local-variable name="does-target-exist"> <arg-string> <token-dest-attr name="Object Class"> <arg-dn> <token-local-variable name="target-container"/> </arg-dn> </token-dest-attr> </arg-string> </do-set-local-variable> </actions> </rule> <rule> <description>Create the target container if necessary</description> <conditions> <and> <if-local-variable name="does-target-exist" op="available"/> <if-local-variable name="does-target-exist" op="equal"/> </and> </conditions> <actions> <do-add-dest-object class-name="Organizational Unit" direct="true"> <arg-dn> <token-local-variable name="target-container"/> </arg-dn> </do-add-dest-object> </actions> </rule> </policy>
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.