Skip to main content

NetIQ IDM - Trigger idm job from driver policy on driver startup with dynamic argument values


Looking at this article:
https://www.netiq.com/communities/cool-solutions/how-start-idm-job-policy/

it shows you the complete recipe, except it does not show how to deal with dynamic argument values for the method itself; here is my version;

I wanted to run this on the driver startup and wanted to let driver die if job execution did not succeed.

1. username must be "dotted" format; one can use parseDN; example:

<token-parse-dn dest-dn-format="dot" src-dn-format="ldap">
                        <token-local-variable name="local.sub.etp.resource.UserId"/>
                    </token-parse-dn>

2. Jobname must be in "dotted" format too.


3. For more java lovers, one can dig into this: https://www.novell.com/documentation/developer/dirxml/dirxmlbk/api/com/novell/nds/dirxml/util/DxCommand.html




<rule> <description>Schedule job on the startup</description> <conditions> <and> <if-operation mode="nocase" op="equal">status</if-operation> <if-xpath op="true">@type="startup"</if-xpath> </and> </conditions> <actions> <do-set-local-variable name="local.sub.etp.ScheduleArguments" scope="policy"> <arg-string> <token-text xml:space="preserve">-user </token-text> <token-local-variable name="local.sub.etp.resource.UserId" /> <token-text xml:space="preserve"> </token-text> <token-text xml:space="preserve"> -password </token-text> <token-local-variable name="local.sub.etp.resource.Password" /> <token-text xml:space="preserve"> -startjob </token-text> <token-local-variable name="local.sub.ctp.JobName" /> </arg-string> </do-set-local-variable> <do-trace-message> <arg-string> <token-text xml:space="preserve">Prepare cmdline =&gt; </token-text> <token-local-variable name="local.sub.etp.ScheduleArguments" /> </arg-string> </do-trace-message> <do-set-local-variable name="local.sub.etp.Scheduleob" scope="policy"> <arg-object> <token-xpath expression="jcmd:commandLine(string($local.sub.etp.ScheduleArguments))" /> </arg-object> </do-set-local-variable> <do-trace-message> <arg-string> <token-text xml:space="preserve">Initiate startup token job =&gt; </token-text> <token-local-variable name="local.sub.etp.Scheduleob" /> </arg-string> </do-trace-message> <do-if> <arg-conditions> <and> <if-local-variable mode="nocase" name="local.sub.etp.Scheduleob" op="not-equal">0</if-local-variable> </and> </arg-conditions> <arg-actions> <do-set-local-variable name="local.sub.startup.Message" scope="policy"> <arg-string> <token-text xml:space="preserve">Driver could not run token refresh job with arguments </token-text> <token-local-variable name="local.sub.etp.ScheduleArguments" /> <token-text xml:space="preserve"> Please fix the error, clean driver event cache before starting the driver again.</token-text> </arg-string> </do-set-local-variable> <do-status level="error"> <arg-string> <token-local-variable name="local.sub.startup.Message" /> </arg-string> </do-status> <do-status level="fatal"> <arg-string> <token-local-variable name="local.sub.startup.Message" /> </arg-string> </do-status> </arg-actions> <arg-actions /> </do-if> </actions> </rule>

Comments

Post a Comment

Popular posts from this blog

Experience writing a Java based DirXML Driver

Based on the customer project, I wrote a DirXML driver which provision users through Novell Identity Manager 3.5.1 to their company intranet portal ( A Plone System). The portal exposed the RESTful API interfaces. So I started looking first at the Novell SOAP driver to see if it fit our needs. But while reading the driver documentation i felt it required too much XSLT knowledge + more customization and testing on the driver. And again it used the Apache HttpClient, Which is more a HttpClient rather then it targets to any specific protocol implementation. So If you could build SOAP messages at your own so it would help you in transporting these message back and forth between IDM and Application. The Novell SOAP driver comes up with two built in configurations "SPML and DSML", but in my case none of them were suitable. I had always wished to write my own DirXML driver at my own, so I thought why not just take this opportunity to fulfill my wish and at the same time get s...
1 comment
Read more

NetIQ IDM - JDBC statemens using policy builder

Few examples of using JDBC statements using dirxml policies On the Output policy: Handling matching policies with operation-data support: < rule > < description > [DB] Convert Query to DDL doc </ description > < comment name = "author" xml:space = "preserve" > Maqsood Ali Bhatti </ comment > < comment name = "version" xml:space = "preserve" > 5 </ comment > < comment name = "lastchanged" xml:space = "preserve" > Dec 20, 2017 </ comment > < conditions > < and > < if-operation mode = "case" op = "equal" > query </ if-operation > </ and > </ conditions > < actions > < do-append-xml-element expression = ".." name = "jdbc:statement" /> < do-append-xml-element expression = "../jdbc:statement[las...
Post a Comment
Read more

Reading Component type attribute values such Email Address

Read Email Attribute from Group: < do-set-local-variable name = "local.sub.etp.MailboxEmail" scope = "policy" > < arg-node-set > < token-src-attr class-name = "Group" name = "EMail Address" > < arg-dn > < token-local-variable name = "loca.sub.etp.Group" /> </ arg-dn > </ token-src-attr > </ arg-node-set > </ do-set-local-variable > This would do following Output: < nds dtdversion = "4.0" ndsversion = "8.x" > < source > < product edition = "Advanced" version = "4.5.6.0" > DirXML </ product > < contact > NetIQ Corporation </ contact > </ source > < output > < instance class-name = "Group" qualified-src-dn = "/N/A" src-dn = "/N/A" src-entry-id = "1...
Post a Comment
Read more