Solved: uProvison problem

former_member2987 · ‎03-03-2015

Hi there!

I don't know what it is with my current project, but it's really been a challenge. I honestly don't know where I would be without the support of my SCN friends!

Since yesterday's was so successful, here's today's question. As you may or may not know, I have a requirement to remove all Active Directory groups from a user during the deprovisioning process. ()

I developed a script to handle this which reads the LDAP Entry, gets the value of the memberOf attribute, breaks it apart, sets each value into a temporary attribute and then passes to uProvision().

The problem is that the script does not work the way I would like it to. The script iterates through the LDAP entry to get memberOf, and breaks it apart OK, but when it passes to uProvision(), only the last one gets passed. Here's the script:

// Main function: Z_Read_ADGROUPS

// *****

// When moving this script between environment, the variable ADRep must be updated accordingly

// e.g., Dev should use 7 (ADTEST)

// *****

function Z_Read_ADGROUPS(Par){

var dn;var entry;var attr;var attrName;var attrValue;var i;var ADGroups=new Array();

var memberOf = ''

var MSKEY = Par.get('MSKEY');

var ADRep = 7;

//Get Information about AD Entry

dn = "LDAP://" + '%$rep.LDAP_HOST%' + "/" + Par.get('ACCOUNTADTEST');

entry = uLDAPGetEntry(dn,'%$rep.LDAP_LOGIN%','%$rep.LDAP_PASSWORD%');

//Iterate through the attributes, look for attribute called memberof

attr = entry.firstAttr();

while (attr != null){

attrName = attr.getKey();

attrValue = attr.getValue();

if (attrName == 'memberOf'){

memberOf = attrValue;//uWarning (memberOf);

break;

}

attr = entry.nextAttr();

}

//Convert | to !! since it seems | doesn't work here.

memberOf = uReplaceString(memberOf, '|', '!!');

ADGroups = memberOf.split("!!");

//Run through all values of ADGroups, pass via uProvision to drop Groups

for (i=0; i < ADGroups.length; i++){

//set the adgroup to temp attr

var TEMPVAL = uIS_SetValue(MSKEY, '%SAP_MASTER_IDS_ID%', 'Z_TEMPVAL', ADGroups[i]);

uWarning ('i: ' + i + ' Z_TEMPVAL: ' + ADGroups[i]);

//call the uprovision

uProvision(MSKEY, 1002353, 0, ADRep, 'SAP IDM', 0);

}

I took the wait delay off of uProvision() and put it on the task itself, and it didn't work even when I had one there. I'm guessing I did something fairly stupid and I just don't see it. So if anyone has any ideas, I'd love to hear them.

Thanks,

Matt

normann · ‎03-04-2015

Hi Matt,

I had similar thing some times already. You are setting a value that you need in the task you start with uProvision and then you overwrite it already.

First of all: I would use context variables for those kind of purposes as they only life as long as I need it.

What you need is some kind of logic to wait for the task you started via uProvision to be done before you loop through the values and change the attribute value (or context variable value).

What I have done in those cases is:

var chieldAudit = uProvision(...);

var status = 1;

do {

uSleep(5000);

var status = uSelect(... get audit status of chield audit from mxp_audit);

} while (status < 1000)

(all in your for loop for sure)

Regards

Norman

jared_kobe · ‎03-03-2015

Matt,

When we did this exact thing, we had the same problem.

I assume Z_TEMPVAL is a single value attribute? Ours was, and it was constantly overwritten as the script churned through.

I handled this by adding a username in the IS_SetValue and in the uProvision that incremented with the loop iterator.

OutString = uIS_SetValue(mskey, CurrentIDStore, 'TEMP_MEMBEROF', grouparray[i], "USER" + j);

OutString = uProvision(mskey, 1051, AuditID, 0, "USER" + j, 1);

j++;

time = uSelect("select CURRENT_TIMESTAMP");

uErrMsg(1, grouparray[i] + " " + time); uSleep(2000);

One the other side, in the "Drop Groups" task, I had a script on the temp attribute check if the user on the attribute and the provisioning user matched up. If it did, it returned the original value. If it did not, it queried Old_Values for the one that matched the provisioning user.

function getTopGroup(Par){

//Example calling DSE internal function

//uStop("Terminated by user");

dn = Par;

AuditID = uGetAuditID();

userID = uGetProvisionUser(AuditID);

getCallingAuditID = "select refaudit from MXP_AUDIT where AuditID = '" + AuditID + "'";

CallingAuditID = uSelect(getCallingAuditID);

getCurrentDN = "select searchvalue from idmv_value_basic where userID = '" + userID + "' and valueAuditID = '" + CallingAuditID +"' and attrname = 'TEMP_MEMBEROF'";

CurrentDN = uSelect(getCurrentDN);

if(CurrentDN.indexOf("OU") >= 0)

{

dn = CurrentDN;

}

else

{

getoldDN = "select avalue from idmv_ovalue_basic_all where userID like '%" + userID + "' and AuditID = '" + CallingAuditID +"' and attrname = 'TEMP_MEMBEROF'";

oldDN = uSelect(getoldDN);

dn = oldDN;

}

uErrMsg(1, "Returned: " + dn);

return dn;

}

Jared

uProvison problem

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

1 xBet Promo Code 'NEWUSERBONUS': Claim Your Welco...

Re: Best practice to connect to multiple databases...

Re: Crystal Report for Visual Studio 2022 on Windo...

Re: Can CrestalReports.NET be developed even if th...

Re: Bought a new laptop and trying to install Crys...