The DirXML Script and XSLT methods of creating policies apply is-sensitive attribute on the XDS nodes to hide values of sensitive attributes such as passwords in the trace file. When this attribute is used with a driver, Identity Manager prints the trace output similar to the following:
Driver : Applying policy: %+C%14Cis-sensetive%-C.
Driver : Applying to add #1.
Driver : Evaluating selection criteria for rule 'is-senesitive '.
Driver : (if-attr 'secret' available) = TRUE.
Driver : Rule selected.
Driver : Applying rule 'is-senesitive '.
Driver : Action: do-set-xml-attr("is-sensitive","*[@attr-name='secret']","true").
Driver : arg-string("true")
Driver : token-text("true")
Driver : Arg Value: "true".
Driver :Policy returned:
Driver :
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="User" src-dn="data/users/user1">
<add-attr attr-name="secret" is-sensitive="true"><!-- content suppressed -->
</add-attr>
</add>
</input>
</nds>