If Local Variable

Performs a test on a local variable. The test performed depends on the specified operator.

Remark

For more information on using variables with policies, see Understanding Policy Components in Understanding Policies for Identity Manager 3.6.

Fields

Name

Specify the name of the local variable to test for the selected condition. Supports variable expansion. For more information, see Section 3.6, Variable Selector.

Operator

Select the condition test type.

Operator

Returns True When...

Available

There is a local variable with the specified name that has been defined by an action of a earlier rule within the policy.

Equal

There is a local variable with the specified name, and its value equals the specified value when compared by using the specified comparison mode.

Greater Than

There is a local variable with the specified name, and its value is greater than the content of the condition when compared by using the specified comparison mode.

Less Than

There is a local variable with the specified name, and its value is less than the content of the condition when compared by using the specified comparison mode.

Not Available

Available would return False.

Not Equal

Equal would return False.

Not Greater Than

Greater Than or Equal would return False.

Not Less Than

Less than or equal would return False.
Value

Contains the value defined for the selected operator. The value is used by the condition. Each value supports variable expansion. For more information, see Section 3.6, Variable Selector. The operators that contain the value field are:

  • Equal

  • Greater Than

  • Less Than

  • Not Equal

  • Not Greater Than

  • Not Less Than

Comparison Mode

The condition has a comparison mode parameter that indicates how a comparison is done.

Mode

Description

Case Sensitive

Character-by-character case sensitive comparison.

Case Insensitive

Character-by-character case insensitive comparison.

Regular Expression

The regular expression matches the entire string. It defaults to case insensitive, but can be changed by an escape in the expression.

For more information, see Sun’s Web site.

The pattern options CASE_INSENSITIVE, DOTALL, and UNICODE_CASE are used but can be reversed by using the appropriate embedded escapes.

Source DN

Compares by using semantics appropriate to the DN format for the source data store.

Destination DN

Compares by using semantics appropriate to the DN format for the destination data store.

Numeric

Compares numerically.

Binary

Compares the binary information.

The operators that contain the comparison mode parameter are:

  • Equal

  • Not Equal

  • Greater Than

  • Not Greater Than

  • Less Than

  • Not Less Than

Example

The example adds a User object to the appropriate Employee or Manager group based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy is Govern Groups for User Based on Title Attribute, and it is available for download from the Novell Support Web site. For more information, see Downloading Identity Manager Policies in Understanding Policies for Identity Manager 3.6. To view the policy in XML, see 003-Command-AddCreate-Groups.xml.

Policy for creating manager group

The policy contains five rules that are dependent on each other.

Local variable to test for the existence of groups and for placement

For the If Locate Variable condition to work, the first rule sets four different local variables to test for groups and where to place the groups.

Local variable

The condition the rule looks for is to see if the local variable of manager-group-info is available and if manager-group-info is not equal to group. If these conditions are met, then the destination object of group is added.