Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ

More documents

Recommendations

Info

Developing a custom driver with Shell scripts is discussed in the following topics: • Section 5.5.1, “Application Tools Evaluation,” on page 46 • Section 5.5.2, “Policy and Script Development,” on page 47 • Section 5.5.3, “Deployment,” on page 58 5.5.1 Application Tools Evaluation To change the data in your external application, you need to know how to use the application’s tools or API (Application Programming Interface). These tools must provide automated operation and not require user input. Application Command Line Tools An application often provides command line tools. These tools are manually executed from a shell, and they can be executed from scripts. Suppose the application provides a tool to add identities with a program called appadd. appadd -n "Bob Smith" -t "818-555-2100" This command adds an identity named “Bob Smith” with the specified phone number. The strings following the program name are called parameters or arguments. The Linux and UNIX Scripting driver provides a function called EXEC to execute external programs, log the command to the system log and produce a status document indicating the level of success. CommandLine="appadd -n $UserName -t $PhoneNumber" EXEC $CommandLine For command line tools, you can construct the command line’s parameters using the values passed to the script, then execute the program. Application Event Monitoring You also need to determine what tools are available for monitoring event changes in the application. The Scripting driver works on a polling system. It periodically calls a polling script to determine what has changed in the external application. You can use the following ideas for monitoring changes: • The first time the polling script is run, a list of identities and relevant attributes is read from the application using an application-provided tool. This list is stored as a file. On subsequent polls, a new list is generated and compared to the old list. Any differences are submitted as events to the driver. • The application provides a tool that allows you to request all identities that have changed after a certain point in time. The polling script requests events that have occurred since the previous poll. • The application allows a script to be run when an event occurs. You can write a script that stores the event data into a file. When the Script driver polling script runs, it consumes this file and submits the data as an event to the driver using the change log tool, usclh. For detailed information on usclh, see Section D.3, “Publisher Change Log Tool,” on page 167 Monitoring the application’s changes might be the most difficult aspect of developing your driver. You must study your application’s tools to determine the best way to achieve synchronization. 46 Identity Manager 4.0.1 Driver for Scripting Implementation Guide
5.5.2 Policy and Script Development At this point you should have a list of what data will be synchronized, how events will be handled and what application tools are available. It is time to develop the heart of your driver in policies and scripts. Many types of tasks can be handled in driver policies. You can import the driver configuration provided with the Scripting driver, and then edit policies in Novell iManager. You can also edit policies and simulate their operation in Novell Designer. The extensive functionality of policies is outside the scope of this document, so you should refer to the appropriate publications at the Identity Manager 4.0.1 Documentation Web site (http://www.novell.com/documentation/idm401). It’s often difficult to write complex tasks inside policies, such as executing external commands, processing input and output, and file I/O. Tasks requiring such operations are better suited in scripts, where an entire language environment and tools are available. You can also accomplish many of the operations performed in policies, so if you are more familiar with your scripting language than policies, you can develop your driver more quickly by using scripts. Scripting languages such as Perl and Shell scripts offer an environment that is often well suited for your target application’s APIs or developer kits. For example, your target application might already contain Perl library routines for manipulating the application’s identities. Event Data Format Event data is submitted to the scripts in name/value pair format. This format consists of lines containing a name, an equal sign (=) and a value. Therefore each line is a name/value pair. Each name/value pair is unique, but there can be multiple name/value pairs with identical names but different values. ASSOCIATION=BobUser ADD_TELEPHONE=818-555-2100 ADD_TELEPHONE=818-555-9842 You typically don’t need to worry about the format. The script library provides functions for retrieving event data. Subscriber Script Development After all Policy processing is complete, Identity Manager submits the event in XML format to the driver shim. The driver shim submits the event data to the scripts. In the default Scripting driver, the subscriber.sh script in the scripts folder is called. This script does some preliminary processing, and then calls a routine from an included script. The included scripts correspond to the Subscriber event types: add.sh, modify.sh, modify-password.sh, delete.sh, rename.sh, move.sh, and query.sh. For each event type, you should retrieve the information you need from the event data, submit changes to the external application using application-provided tools, and return a status (such as success or failure) to Identity Manager. Event data is retrieved primarily using the IDMGETVAR function. For detailed information on how to use IDMGETVAR, see Section C.1, “UNIX Shell (idmlib.sh) Reference,” on page 143.This function returns an array of values corresponding to the name specified as the function’s parameter. The following table shows many item names. Customizing the Scripting Driver 47
Page 1 and 2: AUTHORIZED DOCUMENTATION Implementa
Page 4 and 5: 4 Identity Manager 4.0.1 Driver for
Page 6 and 7: 5 Customizing the Scripting Driver
Page 8 and 9: C.3.3 Publisher Functions . . . . .
Page 10 and 11: For additional documentation about
Page 12 and 13: The Publisher shim of the embedded
Page 14 and 15: 1.2.1 Data Flow Filters and policie
Page 16 and 17: 2.1.2 Supported Operating Systems
Page 18 and 19: Operation [Entry Rights] [All Attri
Page 20 and 21: 8 If you select Perl, you are optio
Page 22 and 23: 3.2.4 Running the Script Service fo
Page 24 and 25: Removing an Instance To remove an i
Page 26 and 27: Table 4-1 Driver Import-Only Parame
Page 28 and 29: Remote Loader Connection Parameters
Page 30 and 31: Property Name Publish Passwords to
Page 32 and 33: Notify the User of Password Synchro
Page 34 and 35: 34 Identity Manager 4.0.1 Driver fo
Page 36 and 37: • What types of identities exist
Page 38 and 39: • Modify-password: An identity’
Page 40 and 41: 5.3 The Connected System Include/Ex
Page 42 and 43: EXCLUDE . . . ENDEXCLUDE You can us
Page 44 and 45: A plus sign (+) indicates that the
Page 48 and 49: Table 5-1 Items Name COMMAND ASSOCI
Page 50 and 51: # Removing an association IDMSETVAR
Page 52 and 53: Value Name SEARCH_CLASSES SEARCH_AT
Page 54 and 55: Publisher Script Development Events
Page 56 and 57: Table 5-5 Scripting Driver Paramete
Page 58 and 59: 2. Authenticate by using any userna
Page 60 and 61: For command line tools, you can con
Page 62 and 63: Name DEST_ENTRY_ID ADD_{attr_name}
Page 64 and 65: Returning an Event Status On the Su
Page 66 and 67: Execute the query against the exter
Page 68 and 69: Polling for Application Events The
Page 70 and 71: Parameter Name Driver/Channel Descr
Page 72 and 73: 5.6.3 Deployment The Scripting driv
Page 74 and 75: Application Event Monitoring You al
Page 76 and 77: Name REMOVE_REF_attr_name OLD_PASSW
Page 78 and 79: Table 5-14 STATUS Subroutines Subro
Page 80 and 81: Table 5-16 Query Values Value Name
Page 82 and 83: #!/usr/bin/python import os from id
Page 84 and 85: Parameter Name Driver/Channel Descr
Page 86 and 87: Deploying a Custom Driver To deploy
Page 88 and 89: IDMExecuteIO’s first parameter is
Page 90 and 91: Value SRC_DN EVENT_ID SRC_ENTRY_ID
Page 92 and 93: Table 5-21 Query Values Value Name
Page 94 and 95: If Results(0) = 0 Then Phone = Resu
Page 96 and 97:
functions can be used to retrieve t
Page 98 and 99:
IDMQueryInit IDMQuerySetAssociation
Page 100 and 101:
Directory Description Required File
Page 102 and 103:
# Create an array with two lines $i
Page 104 and 105:
Value SRC_DN EVENT_ID SRC_ENTRY_ID
Page 106 and 107:
Handling Query Events For Query eve
Page 108 and 109:
Handling a query is similar, except
Page 110 and 111:
The response to the heartbeat is im
Page 112 and 113:
Function idm_getqueryinstanceparent
Page 114 and 115:
Deploying a Custom Driver To deploy
Page 116 and 117:
116 Identity Manager 4.0.1 Driver f
Page 118 and 119:
Operating System Windows Command/Ta
Page 120 and 121:
Page 122 and 123:
Ensure that the security certificat
Page 124 and 125:
Page 126 and 127:
Table A-1 Message Priorities Messag
Page 128 and 129:
A.2.1 Driver Shim Installation Fail
Page 130 and 131:
• To provision identities from th
Page 132 and 133:
Page 134 and 135:
Possible Cause: Action: The stateme
Page 136 and 137:
LWS0002I All services are now activ
Page 138 and 139:
Action: Action: Action: Action: Ver
Page 140 and 141:
OAP004E HTTP Error: cause. Explanat
Page 142 and 143:
Possible Cause: Possible Cause: Pos
Page 144 and 145:
IDMTRACE Message Appends the specif
Page 146 and 147:
This is a heartbeat message HEARTBE
Page 148 and 149:
idmsetvar($Name, $Value) Sets a sin
Page 150 and 151:
status(Level, Message) Sends a stat
Page 152 and 153:
C.4 Microsoft VBScript (IDMLib.vbs)
Page 154 and 155:
Function IDMGetSubscriberParam(Para
Page 156 and 157:
Sub IDMQueryInit Initializes a quer
Page 158 and 159:
The Publisher calls Heartbeat.ps1 p
Page 160 and 161:
function idm_writevalue($name, $val
Page 162 and 163:
function idm_querysetreadparent($re
Page 164 and 165:
Page 166 and 167:
5 Click Apply. 6 Restart the driver
Page 168 and 169:
[-r] [-y old-association] [-z new-a
Page 170 and 171:
some new value ^d D.4 Files an
Page 172 and 173:
Page 174:
show all

Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?