6.6 Creating a Password: Example Creation Policy

The following style sheet can be used for a Creation policy. It creates a user, generates a password for the user from the user’s Surname and CN attributes, and performs an identity transformation that passes through everything in the document except the events you are trying to intercept and transform. To view the style sheet, see Create_Password.xsl.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!--   This stylesheet has an example of how to replace a create rule with 
        an XSLT stylesheet and supply an initial password for "User" objects. -->

<xsl:transform xmlns:xsl="http://www.w3.org/1999/XSL/Transform  
       "version="1.0">

<!-- ensure we have required NDS attributes -->
<xsl:template match="add">
   <xsl:if test="add-attr[@attr-name=’Surname’] and
                 add-attr[@attr-name='CN']">
      <!-- copy the add through -->
      <xsl:copy>
         <xsl:apply-templates select="@*|node()"/>
         <!-- add a <password> element -->
         <xsl:call-template name="create-password"/>
      </xsl:copy>
   </xsl:if>

<!-- if the xsl:if fails, we don't have all the required attributes
      so we won’t copy the add through, and the create rule will veto the add -->

</xsl:template>

<xsl:template name="create-password">
   <password>
      <xsl:value-of select="concat(add-attr[@attr-name=’Surname’]/value,
           '-',add-attr[@attr-name='CN']/value)"/>
   </password>
</xsl:template>

<!-- identity transform for everything we don’t want to change -->

<xsl:template match="@*|node()">
    <xsl:copy>
        <xsl:apply-templates select="@*|node()"/>
    </xsl:copy>        
</xsl:template>
   
</xsl:transform>

While constructing DirXML-PasswordSyncStatus, you may can encounter values like:

39DB7DED8436EE4DF38039DB7DED843620140325141422721000000000001Code(-8032) Operation vetoed by policy

The value of DirXML-PasswordSyncStatus is composed of the following: