Skip to main content

NetIQ IDM - Trigger idm job from driver policy on driver startup with dynamic argument values


Looking at this article:
https://www.netiq.com/communities/cool-solutions/how-start-idm-job-policy/

it shows you the complete recipe, except it does not show how to deal with dynamic argument values for the method itself; here is my version;

I wanted to run this on the driver startup and wanted to let driver die if job execution did not succeed.

1. username must be "dotted" format; one can use parseDN; example:

<token-parse-dn dest-dn-format="dot" src-dn-format="ldap">
                        <token-local-variable name="local.sub.etp.resource.UserId"/>
                    </token-parse-dn>

2. Jobname must be in "dotted" format too.


3. For more java lovers, one can dig into this: https://www.novell.com/documentation/developer/dirxml/dirxmlbk/api/com/novell/nds/dirxml/util/DxCommand.html




<rule> <description>Schedule job on the startup</description> <conditions> <and> <if-operation mode="nocase" op="equal">status</if-operation> <if-xpath op="true">@type="startup"</if-xpath> </and> </conditions> <actions> <do-set-local-variable name="local.sub.etp.ScheduleArguments" scope="policy"> <arg-string> <token-text xml:space="preserve">-user </token-text> <token-local-variable name="local.sub.etp.resource.UserId" /> <token-text xml:space="preserve"> </token-text> <token-text xml:space="preserve"> -password </token-text> <token-local-variable name="local.sub.etp.resource.Password" /> <token-text xml:space="preserve"> -startjob </token-text> <token-local-variable name="local.sub.ctp.JobName" /> </arg-string> </do-set-local-variable> <do-trace-message> <arg-string> <token-text xml:space="preserve">Prepare cmdline =&gt; </token-text> <token-local-variable name="local.sub.etp.ScheduleArguments" /> </arg-string> </do-trace-message> <do-set-local-variable name="local.sub.etp.Scheduleob" scope="policy"> <arg-object> <token-xpath expression="jcmd:commandLine(string($local.sub.etp.ScheduleArguments))" /> </arg-object> </do-set-local-variable> <do-trace-message> <arg-string> <token-text xml:space="preserve">Initiate startup token job =&gt; </token-text> <token-local-variable name="local.sub.etp.Scheduleob" /> </arg-string> </do-trace-message> <do-if> <arg-conditions> <and> <if-local-variable mode="nocase" name="local.sub.etp.Scheduleob" op="not-equal">0</if-local-variable> </and> </arg-conditions> <arg-actions> <do-set-local-variable name="local.sub.startup.Message" scope="policy"> <arg-string> <token-text xml:space="preserve">Driver could not run token refresh job with arguments </token-text> <token-local-variable name="local.sub.etp.ScheduleArguments" /> <token-text xml:space="preserve"> Please fix the error, clean driver event cache before starting the driver again.</token-text> </arg-string> </do-set-local-variable> <do-status level="error"> <arg-string> <token-local-variable name="local.sub.startup.Message" /> </arg-string> </do-status> <do-status level="fatal"> <arg-string> <token-local-variable name="local.sub.startup.Message" /> </arg-string> </do-status> </arg-actions> <arg-actions /> </do-if> </actions> </rule>

Comments

Post a Comment

Popular posts from this blog

NetIQ IDM - JDBC statemens using policy builder

Few examples of using JDBC statements using dirxml policies On the Output policy: Handling matching policies with operation-data support: < rule > < description > [DB] Convert Query to DDL doc </ description > < comment name = "author" xml:space = "preserve" > Maqsood Ali Bhatti </ comment > < comment name = "version" xml:space = "preserve" > 5 </ comment > < comment name = "lastchanged" xml:space = "preserve" > Dec 20, 2017 </ comment > < conditions > < and > < if-operation mode = "case" op = "equal" > query </ if-operation > </ and > </ conditions > < actions > < do-append-xml-element expression = ".." name = "jdbc:statement" /> < do-append-xml-element expression = "../jdbc:statement[las...
Post a Comment
Read more

NetIQ IDM - Strip unwanted group member values from current operation

This code example shows how to remove unwanted group members from current operation based on some business logic. Optimization group members add to avoid  "ALREADY_EXIST_VALUE" kind of errors. when IDM engine fails to do so. Here I am doing look up in AD for members, and for each added member from IDM if user is already member of AD group, i am just striping out current member value from the current operaiton. < do-set-local-variable name = "group-dn" scope = "policy" > < arg-string > < token-src-dn /> </ arg-string > </ do-set-local-variable > < do-set-local-variable name = "group-members" scope = "policy" > < arg-node-set > < token-dest-attr class-name = "Group" name = "Member" /> </ arg-node-set > </ do-set-local-variable > < do-trace-message > < arg-string ...
Post a Comment
Read more

NetIQ IDM - Adding operation-data to subscriber command transformaiton custom commands

Recently i had to execute EOL cmdlets using psexecute though new NetIQ azure ad driver, since this operation is fire and forget in nature, i would like to track whole request and response for my own generated commands from subscriber command transofrmaiton policy, so i solved it by following policy: < do-set-dest-attr-value direct = "true" name = "psexecute" > < arg-association > < token-resolve datastore = "src" > < arg-dn > < token-text xml:space = "preserve" > {userref} </ token-text > </ arg-dn > </ token-resolve > </ arg-association > < arg-value type = "string" > < token-local-variable name = "cmdlet" /> </ arg-value > </ do-set-dest-attr-value > < do-append-xml-element expression = "../modify[@direct]" na...
2 comments
Read more