Sometimes there is a requirement to read the IDM Connector filter and process the data.

  • Set a node-set local variable for the Driver DN (not shown)
  • Query the Driver, and read three attributes. One of the attributes read is the DirXML-DriverFilter attribute
  • Set a node-set local variable for the Filter. The DirXML-DriverFilter attribute is actually Base64 encoded, so this needs to be decoded
  • Use a simple XPath function to return the value of @subscriber for the User Class

The code below shows how to accomplish this.

<do-set-local-variable name="varDriverQuery" scope="policy">
    <arg-node-set>
        <token-query scope="entry">
            <arg-dn>
                <token-local-variable name="varDriverDN"/>
            </arg-dn>
            <arg-string>
                <token-text xml:space="preserve">GUID</token-text>
            </arg-string>
            <arg-string>
                <token-text xml:space="preserve">DirXML-DriverFilter</token-text>
            </arg-string>
            <arg-string>
                <token-text xml:space="preserve">DirXML-Policies</token-text>
            </arg-string>
        </token-query>
    </arg-node-set>
</do-set-local-variable>

<do-set-local-variable name="varDriverFilter" scope="policy">
    <arg-node-set>
        <token-xml-parse>
            <token-base64-decode>
                <token-xpath expression="$varDriverQuery/attr[@attr-name='DirXML-DriverFilter']/value/text()"/>
            </token-base64-decode>
        </token-xml-parse>
    </arg-node-set>
</do-set-local-variable>

<do-set-local-variable name="varSubscriberOption" scope="policy">
    <arg-string>
        <token-xpath expression="$varDriverFilter/filter/filter-class[@class-name='User']/@subscriber"/>
    </arg-string>
</do-set-local-variable>