Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8"?><policy xmlns:es="http://www.novell.com/nxsl/ecmascript">
- <rule>
- <description>FindExpiredGuests</description>
- <comment xml:space="preserve">This is to find expired guest accounts</comment>
- <comment name="author" xml:space="preserve">CNM</comment>
- <conditions>
- <and>
- <if-operation mode="nocase" op="equal">trigger</if-operation>
- <if-op-property mode="nocase" name="source" op="equal">FindExpiredGuests</if-op-property>
- </and>
- </conditions>
- <actions>
- <do-trace-message level="1">
- <arg-string>
- <token-text xml:space="preserve">Policy rule triggered by job 'findExpiredGuests'</token-text>
- </arg-string>
- </do-trace-message>
- <do-set-local-variable disabled="true" name="lv-now" scope="policy">
- <arg-string>
- <token-time format="!CTIME" tz="UTC"/>
- </arg-string>
- </do-set-local-variable>
- <do-set-local-variable name="listOfExpiredGuests" scope="policy">
- <arg-node-set>
- <token-query class-name="User" datastore="src" max-result-count="200">
- <arg-dn>
- <token-global-variable name="idv.dit.data.users"/>
- </arg-dn>
- <arg-match-attr name="OSUaffiliationList">
- <arg-value type="string">
- <token-text xml:space="preserve">Guest</token-text>
- </arg-value>
- </arg-match-attr>
- </token-query>
- </arg-node-set>
- </do-set-local-variable>
- <do-append-xml-element expression="." name="ExpiredGuests"/>
- <do-set-local-variable disabled="true" name="ldap-filter" scope="policy">
- <arg-string>
- <token-text xml:space="preserve">(OSUguestExpires<</token-text>
- <token-local-variable name="lv-now"/>
- </arg-string>
- </do-set-local-variable>
- <do-set-local-variable name="ldap-filter" scope="policy">
- <arg-string>
- <token-text xml:space="preserve">(&(OSUaffiliationList=Guest)(OSUguestExpires>=</token-text>
- <token-convert-time dest-format="YYYYMMdd000000'Z'" src-format="!CTIME" src-tz="UTC">
- <token-time format="!CTIME" tz="UTC"/>
- </token-convert-time>
- <token-text xml:space="preserve">)(OSUguestExpires<=</token-text>
- <token-convert-time dest-format="YYYYMMdd235959'Z'" src-format="!CTIME" src-tz="UTC">
- <token-time format="!CTIME" tz="UTC"/>
- </token-convert-time>
- <token-text xml:space="preserve">))</token-text>
- </arg-string>
- </do-set-local-variable>
- <do-clone-xpath dest-expression="ExpiredGuests" src-expression="es:ldapSearchWithTLS('~NOVLLIBLDAP.host~','~NOVLLIBLDAP.port~','~NOVLLIBLDAP.user~','~NOVLLIBLDAP.password~','~NOVLLIBLDAP.base~','~NOVLLIBLDAP.scope~','~NOVLLIBLDAP.keystore~',$ldap-filter,'cn')"/>
- <do-for-each>
- <arg-node-set>
- <token-xpath expression="*/instance"/>
- </arg-node-set>
- <arg-actions>
- <do-set-local-variable name="userDN" scope="policy">
- <arg-string>
- <token-xpath expression="$current-node/@src-dn"/>
- </arg-string>
- </do-set-local-variable>
- <do-set-local-variable name="lv-CN" scope="policy">
- <arg-string>
- <token-parse-dn dest-dn-format="dot" length="-1" src-dn-format="ldap" start="-1">
- <token-local-variable name="userDN"/>
- </token-parse-dn>
- </arg-string>
- </do-set-local-variable>
- <do-trace-message notrace="true">
- <arg-string>
- <token-text xml:space="preserve">This is an expired guest.</token-text>
- <token-local-variable name="userDN"/>
- </arg-string>
- </do-trace-message>
- <do-trace-message level="1">
- <arg-string>
- <token-text xml:space="preserve">user account </token-text>
- <token-local-variable name="lv-CN"/>
- <token-text xml:space="preserve">flagged inactive (userStatus attribute = 0) </token-text>
- <token-text xml:space="preserve">based on a guest expiration with today's date</token-text>
- </arg-string>
- </do-trace-message>
- <do-set-src-attr-value class-name="User" disabled="true" name="userStatus">
- <arg-dn>
- <token-text xml:space="preserve">\ID1\OSUMC\users\</token-text>
- <token-local-variable name="lv-CN"/>
- </arg-dn>
- <arg-value type="string">
- <token-text xml:space="preserve">0</token-text>
- </arg-value>
- </do-set-src-attr-value>
- <do-add-src-attr-value class-name="User" disabled="true" name="IWS:User Comment">
- <arg-dn>
- <token-text xml:space="preserve">\ID1\OSUMC\users\</token-text>
- <token-local-variable name="lv-CN"/>
- </arg-dn>
- <arg-value type="string">
- <token-text xml:space="preserve">Account entered inactive status on </token-text>
- <token-time format="!MEDIUM.DATETIME"/>
- </arg-value>
- </do-add-src-attr-value>
- </arg-actions>
- </do-for-each>
- </actions>
- </rule>
- <rule>
- <description>Veto All</description>
- <conditions>
- <and/>
- </conditions>
- <actions>
- <do-veto/>
- </actions>
- </rule>
- </policy>
Add Comment
Please, Sign In to add comment