on 03-03-2015 8:29 PM
Hi there!
I don't know what it is with my current project, but it's really been a challenge. I honestly don't know where I would be without the support of my SCN friends!
Since yesterday's was so successful, here's today's question. As you may or may not know, I have a requirement to remove all Active Directory groups from a user during the deprovisioning process. ()
I developed a script to handle this which reads the LDAP Entry, gets the value of the memberOf attribute, breaks it apart, sets each value into a temporary attribute and then passes to uProvision().
The problem is that the script does not work the way I would like it to. The script iterates through the LDAP entry to get memberOf, and breaks it apart OK, but when it passes to uProvision(), only the last one gets passed. Here's the script:
// Main function: Z_Read_ADGROUPS
// *****
// When moving this script between environment, the variable ADRep must be updated accordingly
// e.g., Dev should use 7 (ADTEST)
// *****
function Z_Read_ADGROUPS(Par){
var dn;var entry;var attr;var attrName;var attrValue;var i;var ADGroups=new Array();
var memberOf = ''
var MSKEY = Par.get('MSKEY');
var ADRep = 7;
//Get Information about AD Entry
dn = "LDAP://" + '%$rep.LDAP_HOST%' + "/" + Par.get('ACCOUNTADTEST');
entry = uLDAPGetEntry(dn,'%$rep.LDAP_LOGIN%','%$rep.LDAP_PASSWORD%');
//Iterate through the attributes, look for attribute called memberof
attr = entry.firstAttr();
while (attr != null){
attrName = attr.getKey();
attrValue = attr.getValue();
if (attrName == 'memberOf'){
memberOf = attrValue;//uWarning (memberOf);
break;
}
attr = entry.nextAttr();
}
//Convert | to !! since it seems | doesn't work here.
memberOf = uReplaceString(memberOf, '|', '!!');
ADGroups = memberOf.split("!!");
//Run through all values of ADGroups, pass via uProvision to drop Groups
for (i=0; i < ADGroups.length; i++){
//set the adgroup to temp attr
var TEMPVAL = uIS_SetValue(MSKEY, '%SAP_MASTER_IDS_ID%', 'Z_TEMPVAL', ADGroups[i]);
uWarning ('i: ' + i + ' Z_TEMPVAL: ' + ADGroups[i]);
//call the uprovision
uProvision(MSKEY, 1002353, 0, ADRep, 'SAP IDM', 0);
}
}
I took the wait delay off of uProvision() and put it on the task itself, and it didn't work even when I had one there. I'm guessing I did something fairly stupid and I just don't see it. So if anyone has any ideas, I'd love to hear them.
Thanks,
Matt
Hi Matt,
I had similar thing some times already. You are setting a value that you need in the task you start with uProvision and then you overwrite it already.
First of all: I would use context variables for those kind of purposes as they only life as long as I need it.
What you need is some kind of logic to wait for the task you started via uProvision to be done before you loop through the values and change the attribute value (or context variable value).
What I have done in those cases is:
var chieldAudit = uProvision(...);
var status = 1;
do {
uSleep(5000);
var status = uSelect(... get audit status of chield audit from mxp_audit);
} while (status < 1000)
(all in your for loop for sure)
Regards
Norman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Matt,
When we did this exact thing, we had the same problem.
I assume Z_TEMPVAL is a single value attribute? Ours was, and it was constantly overwritten as the script churned through.
I handled this by adding a username in the IS_SetValue and in the uProvision that incremented with the loop iterator.
OutString = uIS_SetValue(mskey, CurrentIDStore, 'TEMP_MEMBEROF', grouparray[i], "USER" + j);
OutString = uProvision(mskey, 1051, AuditID, 0, "USER" + j, 1);
j++;
time = uSelect("select CURRENT_TIMESTAMP");
uErrMsg(1, grouparray[i] + " " + time); uSleep(2000);
One the other side, in the "Drop Groups" task, I had a script on the temp attribute check if the user on the attribute and the provisioning user matched up. If it did, it returned the original value. If it did not, it queried Old_Values for the one that matched the provisioning user.
function getTopGroup(Par){
//Example calling DSE internal function
//uStop("Terminated by user");
dn = Par;
AuditID = uGetAuditID();
userID = uGetProvisionUser(AuditID);
getCallingAuditID = "select refaudit from MXP_AUDIT where AuditID = '" + AuditID + "'";
CallingAuditID = uSelect(getCallingAuditID);
getCurrentDN = "select searchvalue from idmv_value_basic where userID = '" + userID + "' and valueAuditID = '" + CallingAuditID +"' and attrname = 'TEMP_MEMBEROF'";
CurrentDN = uSelect(getCurrentDN);
if(CurrentDN.indexOf("OU") >= 0)
{
dn = CurrentDN;
}
else
{
getoldDN = "select avalue from idmv_ovalue_basic_all where userID like '%" + userID + "' and AuditID = '" + CallingAuditID +"' and attrname = 'TEMP_MEMBEROF'";
oldDN = uSelect(getoldDN);
dn = oldDN;
}
uErrMsg(1, "Returned: " + dn);
return dn;
}
Jared
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.