Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <rule>
- <description>Acquire the Notes Deny Access Group UNID</description>
- <conditions>
- <and>
- <if-local-variable mode="regex" name="DenyAccessGrpUNID" op="not-equal">.+</if-local-variable>
- <if-operation op="equal">modify</if-operation>
- <if-class-name mode="nocase" op="equal">User</if-class-name>
- <if-op-attr mode="nocase" name="Login Disabled" op="changing"/>
- <if-global-variable name="DenyAccessGrpName" op="available"/>
- <if-global-variable name="DenyAccessGrpName" op="not-equal"/>
- </and>
- <and>
- <if-local-variable mode="regex" name="DenyAccessGrpUNID" op="not-equal">.+</if-local-variable>
- <if-operation op="equal">delete</if-operation>
- <if-class-name mode="nocase" op="equal">User</if-class-name>
- <if-global-variable mode="nocase" name="account.remove" op="equal">disable</if-global-variable>
- <if-global-variable name="DenyAccessGrpName" op="available"/>
- <if-global-variable name="DenyAccessGrpName" op="not-equal"/>
- </and>
- </conditions>
- <actions>
- <do-set-local-variable name="ReturnDenyAccessGrpDoc">
- <arg-node-set>
- <token-query class-name="Group" datastore="dest" scope="entry">
- <arg-dn>
- <token-global-variable name="DenyAccessGrpName"/>
- </arg-dn>
- </token-query>
- </arg-node-set>
- </do-set-local-variable>
- <do-set-local-variable name="DenyAccessGrpUNID" scope="driver">
- <arg-string>
- <token-xpath expression="$ReturnDenyAccessGrpDoc/association/text()"/>
- </arg-string>
- </do-set-local-variable>
- </actions>
- </rule>
- <rule>
- <description>Disable access for Notes Users when eDirectory 'Login Disabled' attribute is set true</description>
- <conditions>
- <and>
- <if-class-name mode="nocase" op="equal">User</if-class-name>
- <if-operation op="equal">modify</if-operation>
- <if-op-attr mode="nocase" name="Login Disabled" op="changing-to">true</if-op-attr>
- <if-local-variable name="DenyAccessGrpUNID" op="available"/>
- <if-local-variable name="DenyAccessGrpUNID" op="not-equal"/>
- </and>
- </conditions>
- <actions>
- <do-remove-dest-attr-value class-name="Group" name="Member">
- <arg-association>
- <token-local-variable name="DenyAccessGrpUNID"/>
- </arg-association>
- <arg-value type="dn">
- <token-src-dn/>
- </arg-value>
- </do-remove-dest-attr-value>
- <do-set-xml-attr expression="../modify[@class-name='Group' and last()]/modify-attr[@attr-name='Member' and last()]/remove-value[last()]/value[last()]" name="association-ref">
- <arg-string>
- <token-association/>
- </arg-string>
- </do-set-xml-attr>
- <do-add-dest-attr-value class-name="Group" name="Member">
- <arg-association>
- <token-local-variable name="DenyAccessGrpUNID"/>
- </arg-association>
- <arg-value type="dn">
- <token-src-dn/>
- </arg-value>
- </do-add-dest-attr-value>
- <do-set-xml-attr expression="../modify[@class-name='Group' and last()]/modify-attr[@attr-name='Member' and last()]/add-value[last()]/value[last()]" name="association-ref">
- <arg-string>
- <token-association/>
- </arg-string>
- </do-set-xml-attr>
- </actions>
- </rule>
- <rule>
- <description>Enable access for Notes Users when eDirectory 'Login Disabled' attribute is set false</description>
- <conditions>
- <and>
- <if-class-name mode="nocase" op="equal">User</if-class-name>
- <if-operation op="equal">modify</if-operation>
- <if-op-attr mode="nocase" name="Login Disabled" op="changing-to">false</if-op-attr>
- <if-local-variable name="DenyAccessGrpUNID" op="available"/>
- <if-local-variable name="DenyAccessGrpUNID" op="not-equal"/>
- </and>
- </conditions>
- <actions>
- <do-remove-dest-attr-value class-name="Group" name="Member">
- <arg-association>
- <token-local-variable name="DenyAccessGrpUNID"/>
- </arg-association>
- <arg-value type="dn">
- <token-src-dn/>
- </arg-value>
- </do-remove-dest-attr-value>
- <do-set-xml-attr expression="../modify[@class-name='Group' and last()]/modify-attr[@attr-name='Member' and last()]/remove-value[last()]/value[last()]" name="association-ref">
- <arg-string>
- <token-association/>
- </arg-string>
- </do-set-xml-attr>
- </actions>
- </rule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement