Modify attribute value of a role in LDAP from ISIM Operation workflow
156 views
Skip to first unread message
Rafa
Sep 1, 2021, 11:33:11 AM9/1/21
to
Hi everyone,
We are developing a custom global operation in ISIM.
We need to modify an attribute value from 'true' to 'false' in role in LDAP.
We have done it easily in an AL using LDAP Connector, but we don´t get it in the operation workflow.
We have tried this code:
var role = (new RoleSearch()).searchByName("test_role");
var modattr = "attribute";
var modval = "false";
role[0].setProperty(modattr,modval);
roleUnmarked.set(role);
roleUnmarked is declared in the Operation properties, defined as Requestee and type 'Directory Object', also we tried as 'Organizational Role'... but it doesn´t modify the attribute value rol in LDAP, only locally in the script.
Anyone knows if it possible or how to do it?
We are developing a custom global operation in ISIM.
We need to modify an attribute value from 'true' to 'false' in role in LDAP.
We have done it easily in an AL using LDAP Connector, but we don´t get it in the operation workflow.
We have tried this code:
var role = (new RoleSearch()).searchByName("test_role");
var modattr = "attribute";
var modval = "false";
role[0].setProperty(modattr,modval);
roleUnmarked.set(role);
roleUnmarked is declared in the Operation properties, defined as Requestee and type 'Directory Object', also we tried as 'Organizational Role'... but it doesn´t modify the attribute value rol in LDAP, only locally in the script.
Anyone knows if it possible or how to do it?
Rafa
Sep 15, 2021, 3:38:13 AM9/15/21
to
Hi,
A teammate gave me the solution, I hope could be useful:
var sb = "ou=roles,erglobalid=00000000000000000000,ou=XXXXXXX";
var base = new com.ibm.itim.dataservices.model.DistinguishedName(sb);
var params = new com.ibm.itim.dataservices.model.SearchParameters();
var search = new com.ibm.itim.dataservices.model.DirectoryObjectSearch();
var sf = "(errolename=test_role)";
var results = search.fetch(base,sf,params).iterator();
while (results.hasNext()){
var dirObj = results.next().getDirectoryObject();
var attr = new com.ibm.itim.common.AttributeValue("attributeName","false");
dirObj.setAttribute(attr);
var dirObjEntity = new com.ibm.itim.dataservices.model.DirectoryObjectEntity(dirObj);
dirObjEntity.update(); //This line update the LDAP element
}
A teammate gave me the solution, I hope could be useful:
var sb = "ou=roles,erglobalid=00000000000000000000,ou=XXXXXXX";
var base = new com.ibm.itim.dataservices.model.DistinguishedName(sb);
var params = new com.ibm.itim.dataservices.model.SearchParameters();
var search = new com.ibm.itim.dataservices.model.DirectoryObjectSearch();
var sf = "(errolename=test_role)";
var results = search.fetch(base,sf,params).iterator();
while (results.hasNext()){
var dirObj = results.next().getDirectoryObject();
var attr = new com.ibm.itim.common.AttributeValue("attributeName","false");
dirObj.setAttribute(attr);
var dirObjEntity = new com.ibm.itim.dataservices.model.DirectoryObjectEntity(dirObj);
dirObjEntity.update(); //This line update the LDAP element
}
Franzw
Sep 16, 2021, 4:53:42 AM9/16/21
to
I would recommend you ask here instead on the IBM Verify user group discussion forum : https://community.ibm.com/community/user/security/communities/community-home/digestviewer?communitykey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d&tab=digestviewer
And there a couple of things I would definitely do different - you should search your roles using the JavaScript RoleSearch https://www.ibm.com/docs/en/sim/7.0.1?topic=reference-rolesearch and then get the DN of the role as string using the role.dn syntax. That way you code will be portable..
HTH
Regards
Franz Wolfhagen
Rafa
Sep 16, 2021, 5:06:49 AM9/16/21
to
sorry about the topic, I didn´t know that forum that you post it, thanks about it.
Thanks too for the tip, in this case really we need to find severals roles with a attribute on 'true' to change 'false'.
Best regards.
Rafa
Reply all
Reply to author
Forward
0 new messages