The Identity Manager engine passes the policy style sheets the following parameters to the style sheet:
Table 6-1 Style Sheet Parameters
|
Parameter |
Description |
|---|---|
|
srcQueryProcessor |
A Java object that implements the XdsQueryProcessor interface. This allows the style sheet to query the source data store for more information. |
|
destQueryProcessor |
A Java object that implements the XdsQueryProcessor interface. This allows the style sheet to query the destination data store for more information. |
|
srcCommandProcessor |
A Java object that implements the XdsCommandProcessor interface. This allows the style sheet to write back a command to the event source. |
|
destCommandProcessor |
A Java object that implements the XdsCommandProcessor interface. This allows the style sheet to issue a command directly to send a command to the destination data store. |
|
dnConverter |
A Java object that implements the XdsCommandProcessor interface.This allows the style sheet to convert Identity Vault object DNs from one format to another. For more information, see Interface DNCoverter. |
|
fromNds |
A Boolean value that is True if the source data store is the Identity Vault and False if it is the connected application. |
When you create a new style sheet in iManager or Designer, it is prepopulated with a style sheet that contains the declarations for these parameters.
When using the query and command parameters with the schema mapping policies, input transformation policies, and output transformation policies, the following limitations apply:
Queries issued to the application shim must be in the form expected by the application shim. In other words, schema names must be in the application namespace and the query must conform to whatever XML vocabulary is used natively by the shim. No association references are added to the query.
Responses from the application shim are in the form returned by the shim with no modification or schema mapping performed and no resolution of association references.
Queries issued to the Identity Vault must be in the form expected by the Identity Vault. In other words, schema names must be in the Identity Vault namespace and the query must be XDS. Association references are not resolved.
Responses from the application shim are in the form returned by the shim with no modification or schema mapping performed.
Use of the query processors depends on the XSLT implementation of extension functions. To make a query, you need to declare a namespace for the XdsQueryProcessor interface. This is done by adding the following to the <xsl:stylesheet> or <xsl:transform> element of the style sheet.
xmlns:query="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor"
When you create a new style sheet in iManager or Designer, it is prepopulated with the namespace declaration. For more information about query processors see Class XdsQueryProcessor.
The following example uses one of the query processors (the long lines are wrapped and do not begin with a <): To view the style sheet, see Query_Processors.xsl.
<!-- Query object name queries NDS for the passed object name -->
<xsl:template name="query-object-name">
<xsl:param name="object-name"/>
<!-- build an xds query as a result tree fragment -->
<xsl:variable name="query">
<query>
<search-class class-name="{ancestor-or-self:
:add/@class-name}"/>
<!-- NOTE: depends on CN being the naming attribute -->
<search-attr attr-name="CN">
<value><xsl:value-of select="$object-name"/
></value>
</search-attr>
<!-- put an empty read attribute in so that we don’t get -->
<!-- the whole object back -->
<read-attr/>
</query>
</xsl:variable>
<!-- query NDS -->
<xsl:variable name="result" select="query:query($destQuery
Processor,$query)"/>
<!-- return an empty or non-empty result tree fragment -->
<!-- depending on result of query -->
<xsl:value-of select="$result//instance"/>
</xsl:template>
Here is another example.
<?xml version="1.0"?>
<xsl:transform
version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:cmd="http://www.novell.com/nxsl/java
com.novell.nds.dirxml.driver.XdsCommandProcessor"
>
<xsl:param name="srcCommandProcessor"/>
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="add">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
<!-- on a user add, add Engineering department to the source object -->
<xsl:variable name="dummy">
<modify class-name="{@class-name} "dest-dn="{@src-dn}">
<xsl-copy-of select="association"/>
<modify-attr attr-name="OU">
<add-value>
<value type="string">Engineering</value>
</add-value>
</modify-attr>
</modify>
</xsl:variable>
<xsl:variable name="dummy2"
select="cmd:execute($srcCommandProcessor, $dummy)"/>
</xsl:template>
</xsl:transform>