Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Example 2:<br />
EXEC "$cmd"<br />
if [ $? -eq 0 ]; then<br />
if [ -z "$password" ]; then<br />
# created, but no password<br />
STATUS_WARNING "User added without password"<br />
fi<br />
fi<br />
Example 3:<br />
EXEC "$cmd"<br />
if [ $? -ne 0 ]; then<br />
STATUS_ERROR "Command failed"<br />
fi<br />
Writing Values<br />
IDMSETVAR is used to set values to return to <strong>Identity</strong> <strong>Manager</strong>. For detailed in<strong>for</strong>mation on how<br />
tus IDMSETVAR, see Section C.1, “UNIX Shell (idmlib.sh) Reference,” on page 143. It is passed a<br />
name and value. In the previous ADD_ASSOCIATION example, IDMSETVAR is used to set the<br />
ASSOCIATION value. You can specify values <strong>for</strong> items listed in the table above. Generally, the only<br />
time IDMSETVAR is used is to add, modify and delete associations or return in<strong>for</strong>mation <strong>for</strong> a<br />
query operation. Other in<strong>for</strong>mation returned to the shim by the scripts is done through other<br />
command functions, such as STATUS_SUCCESS, which use IDMSETVAR indirectly.<br />
Handling Query Events<br />
For Query events, <strong>Identity</strong> <strong>Manager</strong> submits values that define the parameters of a search of the<br />
external application’s identity management system. Queries are usually issued from the Policies you<br />
have defined <strong>for</strong> your system. The table below specifies values that can be specified in queries. Not<br />
all values are relevant to your external application.<br />
Table 5-3 Values <strong>for</strong> Queries<br />
Value Name<br />
SCOPE<br />
ASSOCIATION<br />
DEST_DN<br />
CLASS_NAME<br />
EVENT_ID<br />
Description<br />
Specifies what identities will be searched. A base object is specified<br />
with the ASSOCIATION or DEST_DN values (see below). The value<br />
“entry” means that only the base object is searched. The value<br />
“subordinates” means that the immediate subordinates of the base<br />
object are searched. The value “subtree” (the default) indicates that<br />
the base object and all subordinates are searched. The last two<br />
values are only relevant in a hierarchical system.<br />
The base object <strong>for</strong> the search. If both ASSOCIATION and<br />
DEST_DN have values, ASSOCIATION is used. If neither is<br />
specified, the base object is the root of the identity management<br />
system.<br />
The base object <strong>for</strong> the search (see also ASSOCIATION above).<br />
The base class of the base object.<br />
An identifier <strong>for</strong> the event.<br />
Customizing the <strong>Scripting</strong> <strong>Driver</strong> 51