NetIQ IDM - Query only drivers own associated groups user is member of

NetIQ IDM - Strip unwanted group member values from current operation

This code example shows how to remove unwanted group members from current operation based on some business logic. Optimization group members add to avoid "ALREADY_EXIST_VALUE" kind of errors. when IDM engine fails to do so. Here I am doing look up in AD for members, and for each added member from IDM if user is already member of AD group, i am just striping out current member value from the current operaiton. < do-set-local-variable name = "group-dn" scope = "policy" > < arg-string > < token-src-dn /> </ arg-string > </ do-set-local-variable > < do-set-local-variable name = "group-members" scope = "policy" > < arg-node-set > < token-dest-attr class-name = "Group" name = "Member" /> </ arg-node-set > </ do-set-local-variable > < do-trace-message > < arg-string ...

NetIQ IDM - SOAP driver -- Handling SOAP service response and manufacturing user association without XSLT

Always pain working with SOAP service and its handling of service response on Query(matching) for user to work with matching policies? Here is the quick wins; without reading those long lengthy & boring useless SOAP driver blog series at netIQ forums; 1. Make sure you have mapped User class in the schema map with some service attributes 2. Make sure Input and Output policy is registered with all the namespaces you have in your request/response soap messages, example <policy xmlns:soap="http://www.w3.org/2003/05/soap-envelope" 3. I have added operation-data (which is being generated from the Output policy) as part of the SOAP query, but you can skip it if you do not need this. src-dn and association are important to indicate engine for building association. Operation data will help you to identify operation type and you can carry actions according to it. Inject this on Output ( To support user matching) to send service request: < rule > ...

Reading Component type attribute values such Email Address

Read Email Attribute from Group: < do-set-local-variable name = "local.sub.etp.MailboxEmail" scope = "policy" > < arg-node-set > < token-src-attr class-name = "Group" name = "EMail Address" > < arg-dn > < token-local-variable name = "loca.sub.etp.Group" /> </ arg-dn > </ token-src-attr > </ arg-node-set > </ do-set-local-variable > This would do following Output: < nds dtdversion = "4.0" ndsversion = "8.x" > < source > < product edition = "Advanced" version = "4.5.6.0" > DirXML </ product > < contact > NetIQ Corporation </ contact > </ source > < output > < instance class-name = "Group" qualified-src-dn = "/N/A" src-dn = "/N/A" src-entry-id = "1...

Maqsood Bhatti - iDENTITY

Search This Blog