ACF2 Scripted Host Adapter | Add groups to users

I am exploring options to provision to ACF2. We need to assign ACF2 groups to users and the ACF2 resource (or mainframes) behave different from other resources. Users get assigned into groups rather than groups getting added to the user.
To accommodate this we plan to use the ScriptedHost adapter and write a ResourceAction Update script to actually add the user to the group requested. The side effect to this approach is that we now need to code scripts for all other actions like create, delete, disable, enable etc.. Is this how everybody does it - or is there a better approach? I am thinking around the lines of after actions with an ACF2 adapter...
Also - once you create the scripts as resource actions in the ScriptedHost adapter, do we have control to call them whenever we like - or are they automatically triggered - like the Create resourceaction script is called when a user is assigned the scriptedhost as a resource. So apart from configuring the different script names in the ScriptedHost resource wizard, nothing else needs to be done to make the provisioning work with the ACF2 resource?
And is the order of script execution automatically maintained - like Login action is called first before the Create action and finally the Logoff action.
Thanks in advance.

Hey Anokun,
I am reading up on how to create Scripted Host Adapters. I will be creating 13 of them soon. I have looked over all the docs I could find and am still a little bit lost. I think that the samplescreenactions can be used as a template. I'm still not quite sure how to go about creating these actual Adapters. I would was wondering if you had an example of a scripted host adapter you had that you could share with me.
Thanks,
Nik

Similar Messages

Scripted Host Adapter - Workflow

I was wondering if anyone knew the best way to get the Scripted Host Resource Adapter that I created in the admin console and then call the scripts that were assigned to this Scripted Host Adapter from a workflow. I am just trying to do some initial Proof of Concept work so I can understand how to do this for an upcoming project. I am a little lost on how this works. I have used LDAP adapters before in workflows but it seems this is different with having scripts attached.

Hi,
creating users in mysql-db is pretty easy. just use the scripted jdbc-adapter;
see documentation Identity Manager Resource Reference and look at sample code in .../idm/sample/ScriptedJdbc - pretty easy, script language is java script or beanshell (in IDM 8.x).
you define a scripted jdbc resource - and add resource actions for create, update, delete.
when you assign this resource to a user in admin ui than the create user resource action will be called.
yours,
mst1234

Scripted Host Adapter and calling Scripts

I have a Scripted Host Adapter that I created in the admin console under resources. I have attached 6 scripts to the adapter to do different functions on the mainframe. We aren't going to use this adapter as an adapter per say. We want to just be able to call the scripts from a workflow to do the intended actions that we need done on the mainframe. How do I go about calling various scripts from a workflow? Does anyone know exactly how I would go about doing this? Not sure how much anyone uses Scripted Host Adapter.

Hi i need to call the action script from the workflow .and modify the account in top-secret,
i used the fallowing code for this but nothing is found...
can u plz help me on this issue..
i am using the fallowing code

<TaskDefinition id='#ID#8FD20508FFD1CFF7:5DA25165:1122E531698:-7FFC' name='Modify TopSecret Account' creator='Configurator' createDate='1177601623578' lastModifier='Configurator' lastModDate='1178229418812' lastMod='494' taskType='Workflow' executor='com.waveset.workflow.WorkflowExecutor' suspendable='true' syncControlAllowed='true' execMode='sync' execLimit='0' resultLimit='0' resultOption='delete' visibility='runschedule' progressInterval='0'>
<Extension>
<WFProcess name='Modify TopSecret Account' maxSteps='0'>
<Variable name='modifyObject' input='true'/>
<Variable name='accountId' input='true'/>
<Variable name='tempPassword' input='true'/>
<Variable name='modifyview'/>
<Variable name='view'/>
<Variable name='TSResource' value='TopSecret'/>
<Activity id='0' name='start'>
<Transition to='Modify Accounts'/>
<WorkflowEditor x='127' y='49'/>
</Activity>
<Activity id='1' name='Modify Accounts'>
<Action id='0' name='Checkout View' application='com.waveset.session.WorkflowServices' hidden='true'>
<Argument name='op' value='checkoutView'/>
<Argument name='type' value='User'/>
<Argument name='id' value='$(accountId)'/>
<Return from='view' to='user'/>
</Action>
<Action id='1' name='get Resource Object' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getObject'/>
<Argument name='type' value='Resource'/>
<Argument name='name' value='ScriptedHost'/>
<Return from='object' to='resourceObject'/>
</Action>
<Action id='2' name='get Resource Action' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getObject'/>
<Argument name='type' value='ResourceAction'/>
<Argument name='name' value='Example Login Action'/>
<Return from='object' to='resourceAction'/>
</Action>
<Action id='3'>
<expression>
<block>
<set name='ScriptedHostResource'>
<new class='com.waveset.adapter.ScriptedHostResourceAdapter'>
<ref>resourceObject</ref>
<invoke name='getCache'>
<invoke name='getLighthouseContext'>
<ref>WF_CONTEXT</ref>
</invoke>
</invoke>
</new>
</set>
<set name='actionResult'>
<invoke name='TS Update User Action'>
<ref>ScriptedHostResource</ref>
<ref>resourceAction</ref>
<map>
<block trace='true'>
<append name='TSuser.waveset.resources'>
<s>TopSecret</s>
</append>
<set name='user.accounts[TopSecret].accountId'>
<ref>modifyObject.accountId</ref>
</set>
<set name='user.accounts[TopSecret].fullname'>
<ref>modifyObject.fullname</ref>
</set>
<set name='user.accounts[TopSecret].job'>
<ref>modifyObject.job</ref>
</set>
<set name='user.accounts[TopSecret].TSO Access'>
<ref>modifyObject.TSO_Access</ref>
</set>
<set name='user.accounts[TopSecret].Department'>
<ref>modifyObject.department</ref>
</set>
</block>
</map>
</invoke>
</set>
</block>
</expression>
</Action>
<Action id='4' name='Checkin User View' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkinView'/>
<Argument name='view' value='$(user)'/>
</Action>
<Transition to='end'/>
<WorkflowEditor x='219' y='178'/>
</Activity>
<Activity id='2' name='end'>
<WorkflowEditor x='454' y='181'/>
</Activity>
</WFProcess>
</Extension>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
<Properties>
<Property name='editorOriginalName' value='Ameren Modify TopSecret Account'/>
</Properties>
</TaskDefinition>
plz do correct if needed .........
thanks in adavce..
--jem

Can't add groups or users to the wiki

I've found a few threads on this, but none of them have presented a solution.
Setup:
XServe with Leopard 10.5.4 on it.
Advanced mode.
Problem:
Under the Server Admin panel, if I add a user or group to have Wiki and Blog permissions, if I click save, the user and or groups do not stay in the list. And on the site they do not have wiki or blog options. The group/user vanished.
If I try to enable wiki and blog options for a group under the "basic" tab in Workgroup Manager, all options are disabled (i.e. - "Enable the following services for this group on: (None)" is disabled.
The DNS is set appropriately.
The machine is (correctly) set for Open Directory - Stand Alone server.
Here is an interesting addition to the problem.
1.) Through the System Admin panel, if I add a user to the wiki permission list, and click save
2.) Open a broswer over the System Admin panel (without navigating to anywhere else in System Admin) and log in to the local wiki
3.) The "groups" button is enabled, but the "users" button is not.
4.) Click on "groups"
5.) Now the "users" button is also enabled.
6.) Go to "Users"
7.) Select "create a blog" and enter my username and password.
8.) Give my blog a name.
9.) Now the blog shows up under the Users list.
10.) Open my blog in the users list.
11.) Create a new blog entry.
12.) Go back to System Admin panel, navigate anywhere else, and then return to the wiki settings for the appropriate site, the user and or groups are gone once again.
13.) Go back to the web broswers and pull up the local wiki.
14.) "groups" will be enabled. "users" will be disabled.
15.) Click "groups"
16.) "Users" is now enabled.
17.) Click on "users"
18 a.) Often a 404 page appears, or a wiki page that is pure text (no html).
18 b.) Refresh the page, and now the normal list of user blogs appears.
19.) Click on the blog I created previously.
20.) Viola! It is completely usable and viewable, but the User will NEVER appear as having permissions under the Web options in Server Admin.

@ Pope7
Hi
The machine is (correctly) set for Open Directory - Stand Alone server
If this is truly what is says then whatever you are trying to achieve won't happen. The Server has to be an OD Master and users and groups need to exist in the LDAP node. Wiki, Blog and iCal will not be available as services until you you do this.
The DNS is set appropriately
The foundation for a successful Open Directory Master offering LDAP and SSO is DNS. Don't confuse an external DNS service with an internal one that the server will require. You don't have to configure DNS on the server itself just as long as it is configured on another server on the same network will do.
@ simonblackledge
Hi
Using DM to make a group. Goto the tab for services and everything ..wiki etc.. is ghosted out
What's DM? If you are not seeing an option to enable calendaring in the Users Advanced Tab or similar options for Wiki, Blog etc in the Groups Tab then either you are in the Local node in which case these services won't work or your Server is not configured as an OD Master. Same advice applies to you really.
The admin manual although poor does clearly state what's required:
http://images.apple.com/server/macosx/docs/iCalService_Admin_v10.5_2ndEd.pdf
You should download this one as well:
http://images.apple.com/server/macosx/docs/OpenDirectory_Admin_v10.5_2ndEd.pdf
Finally there is a requirement for clients to be bound to the Server for this to be truly effective. Use Directory Utility found in /Applications/Utilites to achieve this.
If I'm telling you something you already know then please accept my apologies.
Tony

WS2012r2 - Cross-forest trust - Can add groups to user but when I open it again, groups are not listed

Hello Everyone,
I hope you can help me resolve this issue, I'm missing something but I don't know what.
I have 2 ws2012r2 domain controllers, each one with it's own forest (Lets call them A.com and B.com).
I have a validated 2 way external trust relationship between those domains.
I've added the domain admin "B\Administrator" to the DL group "A\Administrators", so I have permissions to modify everything on A.com
From "Active Directory Users and Computers" on B.com, I can see all users and "Domain Local" groups of A.com
From "Active Directory Users and Computers" on A.com, I can see all users and "Domain Local" groups of B.com
What I need: Add users from B.com to DL groups in A.com using the "B\Administrator" account
The problem: I'm able to open a user from B.com, add a DL group from A.com, click Apply, then OK.
But if I open the user again and go to the "Member of" tab, the group is no longer listed there.
If I go to the A.com domain and open the DL group membership tab, I can see the user from B.com listed there.
So there's something wrong, cause even If the user is listed in the group in A.com, It's not assigning the right permissions when trying to access the resources that group grants access to.
Any ideas what did I do wrong ot forget to do?
Thanks!

Hi,
Have you tried to take a force replication or refresh and then check the membership? Please verify DNS is well configured and we got a GC in both sides of the two forests.
In addition, please take a look at the below link:
Understanding the Global Catalog
Hope that may help
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Scriped Host Adapter in IDM

Hi,
I just want to know is Scripted Host Adapter In IDM is supported for AS400 Machine.
As i know AS400 is using TN5250 emulation but Scriped Host Adapter support TN3270 emulation.
If any body have any idea about it will be great help.
Thanx
Shant

Hi,
could anyone provide me sample resource action files for modify and delete action for a scripted host adapter which is used to connect an mainframe resource?
Thanks,

How to add a default user group for multiple document type's?

Hi,
I am trying to add same default user group for different document types when MA is created. Is there any way to setup using a single "Document Security Template"? Or I need to create different templates for different document types?
Please confirm.
Thanks,
Saloni

Hi Saloni,
Based on what your specific requirement, it might be easier to do it with scripting.
If you are doing it using Document Security Templates, you would have to create a Document Security Template for each of the 6 MA types and assign the default group. Create another one and leave the Document Type field blank, so it will apply to the other 4 MA types that don't have a default group.
Regards,
Vikram

Is there a way to create an automated job to add andupdate groups and users for Connect?

Is it possible and does anyone have experience with being able to create an automated load of new groups and users in Adobe Connect. We have an On-premise deploymentwill be setting up the application to be open outside our company to train channel partners. We have a separate database of channel partner contacts, email addresses, passwords, and training groups that they should be in based on their partner company or product knowledge. We would like to be able to create a front end database that would create a group based on the partner company or based on product knowledge. Then we would like to add users to these groups. Any knowledge of whether this is possible and if anyone has done it?

There are also size limitations or rather suggestions for particle size. If I were creating an animated 3D shape using Form or C4D and wanted to use it as a particle I would keep the size of the particle about 1/6 to 1/8 of the comp size. You would create a new comp for your particle, animate it, then nest the particle comp in your main comp, turn off visibility, and then use it as a particle in Particular.

Add userid to user group in Windows Vista OS

The operating system is WINDOWS VISTA on my machine. I successfully installed Oracle 10 R2 10.2.0.3 and upgraded it to 10.2.0.4.
I have the following issue after upgrading to 10.2.0.4:
From the DOS command prompt, I ran as "Run as Administrator" and then did I did sqlplus /nolog.
I have the following issue when I CONNECT / AS SYSDBA:
When I do sqlplus /nolog and CONNECT / AS SYSDBA, I get the following error:
SQL> connect / as sysdba
ORA-01031 insufficient privileges
{color:#0000ff}I should be able to CONNECT / AS SYSDBA without using the SYS password to do exports and imports.
Oracle suggests that I could ADD my userid on my machine to the ORA_DBA group (Windows Group) and this could fix the issue.
Please let me know where I can find the ORA_DBA group (Windows Group) in WINDOWS VISTA.
How do I add my userid to the ORA_DBA group in Windows Vista?
{color}
Thanks!

Duplicate Thread.
Add userid to user group in

Powershell script for security groups and users for multiple share folders

Hi scripting team,
I need your help with powershell script for the below queries
1. List out the security groups for more than one server share path and output it to a file ( csv )
For eg.
If the are are two share paths
\\servername\foldermain\folder1
\\servername\foldermain\folder2
So I needs the list of security groups for each share path
And the output needs to be under each any every path.
2. Grab the users belongs to main security groups and it nested groups for more than one security group and listed the users under each and every group. No need to display nested groups. Just users belongs to main group and users under nested.
Your teams help is much appreciated
Thank you.
Thilochana kumararatne

Hi Braham,
Thanks for your quick reply.
Are we able to do this on two stage method
1. grab the security groups from the share paths
if can grab the share path from a separate txt file than copying it to the <your path> location
so i can modify the txt file
once run the script
if can the output like below to a CSV file
\\servername\foldermain\folder1group 1group 2group 3\\servername\foldermain\folder2group 1group 2group 3then i know which groups belongs to which share paththen i can remove the duplicate groups and keep the common groups to grab the users belongs to itso with the second script same as the first copy the security groups to a txt file and the out put as below.what I needs is the users full name and the samaccount name ( user id )group 1user1user2user3
group 2user1user2user3looking forward your help on thisThank you.Thilo

Task assignment adapter - dynamic route to either group or user

I have configured an approval process in design console and I want to be able to dynamically route the approval request to either the target user manager OR a group. I have written logic/code to automatically determine what group or user to route the request to and also to set the key type to either user or group depending on my logic conditions.
This code is executed in a task assignment adapter and set the values for the key type and key depending on the logic.
i.e. the key type would be "user" and key would be the user key for the target user manager, if my logic determines it should be routed to a manager
OR
the key type would be "group" and key would be the group key for the approval group, if my logic determines it should be routed to a group
HOWEVER MY PROBLEM is with assigning the adapter to a process task. I am thinking I would need to have two entries in the Assignment tab of the process task. The first entry has the default rule and I assigned the target type to "group" and include my adapter here.
How do I go about assigning the second entry for target type "user"? Since "Default" is the only rule option and I am not able to use it twice.
I tried to create a rule in the Rule Definition form and create a Task Assignment rule that might do something to check if a task is assigned to "user", so that I can have this as my second rule in the Assignment tab of the process task and if it is true, it would call my adapter that would return the key for the target user's manager.
I DO NOT KNOW what conditions to set in the Rule Element window for the Task Assignment rule. Can someone tell me what to do here OR provide me with a better alternative.

Thanks for all the responses. Approvals are now being routed correctly.
I have a follow-up question though........ I created a process adapter to send notifications to either the target user manager or members of the group that is the approval is routed to.
I have a notification process task as part of my approval process and in its Integration tab, I added my process adapter that sends notifications.
The code for the adapter uses the same logic I described in my original question to determine if the approval is being routed to a user of group. If it is routed to a group, the notification adapter identifies members of the group and sends email to them, this part works fine.
However the problem is when the logic determines it should be routed to the target user's manager. One of the variables of this notification process adapter is username of the target user. Using that username, my code determines who the manager, gets the manager's email address and sends the email. Problem with this is that when mapping variables for process adapters in the Integration tab, in the Map To field, it does not give you the option of mapping to Request Target User, which would have provided me with user attributes of the target user such as the user name. It provides option for the Requester, but my reality is that the Requester is not always the Target User.
Any suggestions for fixing this would be greatly appreciated.

Invoke an adapter on change of User's Group Membership details

Hi
I need to invoke an adapter on change of User’s Group Membership details. I am not able to figure out from where I can invoke my adapter.
Does anyone have any idea about this?
-- Another Question: what is the purpose of having “tcUSRautoGroupMembership” in User’s Object Form on Post Update. It would be nice if you give some details about this task.
-Hardew

Thanks for quick response.
What you have mentioned, is applicable for a specific value of a user’s OIM Profile filed; that means it will triggered only if a user has specified value i.e. "blah blah" for that field i.e. fieldA.
However my scenario is slightly different. Let me explain my scenario by example:-
I have N numbers of OIM groups i.e. g1, g2, g3, g4……, gn and a user called myUser. This user is a member of two groups’ g1 and g2, now if I make myUser to member of one more group i.e. g3 or remove i.e. g1; then I want to perform a custom task using adapter on this Group Membership change.
Is there any “Data Object Form” where I can associate my adapter on post-update to detect change of User’s Group Membership?
_hardew

Add Group of LDAP Users

I want to add just a group of users to our Teaming 2.0 server. I have a group in eDir that I created so that I don't have to synch a Context. How do I add this group? I've specified the context that the group is in, but when I try applying, nothing happens. Am I incorrect that you can add a group of users to teaming using LDAP?
jv

johnnyv5,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Add groups to a user

Hello,
we want do add groups (groupwise memberships) to a user. We have groupsie 8. But the commit don't add the group. The user, who wants to write to the nds have admin rights. What shell i do?
Kind regards
monika

we use visual Basic 6

How to get repitative group a user is member of

Hi,
i have a user in our domain who is member of number of groups. This means in MemberOF tab of the user there are larg number of groups. Now i want to remove some groups which are repitated.
Example -
1. In MemberOf Tab - properties tab -- of John, there are 3 DL/SG "Group_1" and "Group_2" and "Group_3".
2. Now "Group_3" is a member of "group_1". So i want to remove "Group_3" from the MemberOf Tab of John properties. This will reduce the MemberOf List.
3. how to do i find this repetative Groups using powershell ?
Please let me know if my query is not clear.
Thanks for your help.

The following PowerShell script worked well in my test domain. I did not use the AD Module cmdlets, as they are generally slower when you deal with large resultsets (all groups and all users in the domain). This script simply outputs all cases where any
user is a member of both a group, and a nested member of the group. This will reveal the extent of issue, and whether you want to "correct" all such cases. In place of the statement that outputs the cases, you can add code to "correct"
it (remove membership in $Member, the child group, for the user).
# UserNestedGroups.ps1
# Script to find cases where users are members of both a group and a
# nested group member of the group.
# Hash table of groups and their direct group members.
$GroupMembers = @{}
# Search entire domain.
$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Root =
$Domain.GetDirectoryEntry()
$Searcher = [System.DirectoryServices.DirectorySearcher]$Root
$Searcher.PageSize
= 200
$Searcher.SearchScope
= "subtree"
$Searcher.PropertiesToLoad.Add("distinguishedName") >
$Null
$Searcher.PropertiesToLoad.Add("member") >
$Null
# Filter on all group objects.
$Searcher.Filter =
"(objectCategory=group)"
$Results =
$Searcher.FindAll()
# Enumerate groups and populate Hash table. The key value will be
# the Distinguished Name of the group. The item value will be an array
# of the Distinguished Names of all members of the group that are groups.
# The item value starts out as an empty array, since we don't know yet
# which members are groups.
ForEach ($Group
In $Results)
    $DN
= [string]$Group.properties.Item("distinguishedName")
    $Script:GroupMembers.Add($DN, @())
# Enumerate the groups again to populate the item value arrays.
# Now we can check each member to see if it is a group.
ForEach ($Group
In $Results)
    $DN
= [string]$Group.properties.Item("distinguishedName")
    $Members
= @($Group.properties.Item("member"))
    # Enumerate the members of the group.
    ForEach ($Member
In $Members)
        # Check if the member is a group.
        If ($Script:GroupMembers.ContainsKey($Member))
            # Add the Distinguished Name of this member to the item value array.
            $Script:GroupMembers[$DN] +=
$Member
# Retrieve all user objects and their direct group memberships (except primary).
$Searcher2 = [System.DirectoryServices.DirectorySearcher]$Root
$Searcher2.PageSize
= 200
$Searcher2.SearchScope
= "subtree"
$Searcher2.PropertiesToLoad.Add("distinguishedName") >
$Null
$Searcher2.PropertiesToLoad.Add("memberOf") >
$Null
# Filter on all user objects.
$Searcher2.Filter =
"(&(objectCategory=person)(objectClass=user))"
$Results =
$Searcher2.FindAll()
# Enumerate users and their direct group memberships.
ForEach ($User
In $Results)
    $DN
= [string]$User.properties.Item("distinguishedName")
    $Groups
= @($User.properties.Item("memberOf"))
    ForEach ($Group
In $Groups)
        # Enumerate all group members of $Group.
        ForEach ($Member
In $Script:GroupMembers[$Group])
            # Check if user is also a member of $Member.
            If ($Groups
-Contains $Member)
                "User $DN is a member of:`n  Parent: $Group`n  Child: $Member"
Note, if you copy the script above you will need to correct the cases of word wrapping. I try to avoid using scroll bars, even for code.
Richard Mueller - MVP Directory Services

ACF2 Scripted Host Adapter | Add groups to users

Similar Messages

Maybe you are looking for