How Create LDAP Group Inside Active Sync Form?
I have an Active Sync form that is working well to synchronize (and slightly massage) data from an Active Directory source to a Sun Directory Server destination.
I need to synchronize group information from AD to DS. It must automatically create groups during the Active Sync processing. It can't be done externally using another scripting language; it must be done within IdM.
I have the following code...
<Action id='0' application='com.waveset.provision.WorkflowServices'>
<Argument name='op' value='createResourceObject'/>
<Argument name='object'>
<Object>
<Attribute name='resourceId' value='DS'/>
<Attribute name='resourceName' value='DS'/>
<Attribute name='resourceType' value='LDAP'/>
<Attribute name='objectName' value='abcd'/>
<Attribute name='attributes'>
<Object>
<Attribute name='cn' value='abcd'/>
<Attribute name='groupType' value='abcd'/>
</Object>
</Attribute>
<Attribute name='objectType' value='group'/>
<Attribute name='objectId' value='CN=abcd,ou=Groups,dc=blah,dc=com>
</Object>
</Argument>
<Argument name='objectType' value='group'/>
<Argument name='resourceId' value='DS'/>
</Action>However with that code inside the <Field><Expansion>...</Expansion><Field> section the group is not created. I've enabled tracing and as best I can determine the code isn't even executed.
I have created resource schemas for accounts[DS].ldapGroups and accounts[AD].groups and that works well. I can read group memberships from those lists. However I can't simply append to those lists to automatically create groups (which would be nice). That's why I've gone down this path of attempting to create the groups programatically.
I've scoured the groups and the course notes and found nothing relevant here. The examples all refer to creating the groups within an interactive form. I'm trying to do the same within the <Field> section of an Active Sync form.
TTSLSAB wrote:
Hi Vladimir,
can you please tell me what should i import in the java class inorder to avoid the below error (session) for the line
Resource resource = (Resource)session.getObject(Type.RESOURCE, resId);
ResourceAdapter ra = ResourceOp.findAdapter(resource, session.getCache());Error, which i am getting is
Exception in thread "main" java.lang.Error: Unresolved compilation problems:
session cannot be resolved
session cannot be resolvedsession is your LighthouseContext handle so depending on how you are implementing the class you quoted, you will either need to pass it in, for example via the invoke tag from your form/workflow, or get your own - don't know how this is done but I'm assuming authenticating to IdM would have to be done.
For all those interested, I have implemented the Java code snippet listed by Vladimir in XPRESS.
idmSessionHandle - is the LighthouseContext for the current session
currentOUDN - is a string representing the AD DN of the OU to be created
<defvar name='resourceAdapterHandle'/>
<set name='resourceAdapterHandle'>
<invoke name='findAdapter' class='com.waveset.provision.ResourceOp'>
<ref>resourceObject</ref>
<invoke name='getCache'>
<ref>idmSessionHandle</ref>
</invoke>
</invoke>
</set>
<defvar name='newOUGenericObject'/>
<set name='newOUGenericObject'>
<new class='com.waveset.object.GenericObject'>
<map>
<s>objectId</s>
<ref>currentOUDN</ref>
<s>objectType</s>
<s>Organizational Unit</s>
</map>
</new>
</set>
<invoke name='createObject'>
<ref>resourceAdapterHandle</ref>
<ref>newOUGenericObject</ref>
<new class='java.util.HashMap'/>
</invoke>
[...]Although the above works well, to create OUs in AD, I have not yet tested its real life application with regards to the initial mass loading of users (from LDAP (auth source) to IdM to AD) and ActiveSyncing. My concerns are two threads attempting to create the OU at roughly the same time, the first succeeds, and second one fails because AD will reply with the fact that the object already exists. The workaround would be to do a recheck of the existence of the OU, after a failure was encountered. This ties into exception handling in general in this approach.
If anyone can contribute exception handling and possibly a create with retries approach, to the above code, I'd appreciate it.
Cheers.
Similar Messages
-
How to Create a Microsoft Exchange Active Sync Account
Okay people: This is what I was given, "How toCreate a Microsoft Exchange Active Sync Account" in a recent post in regarding to eliminate the "Invalid Email Account" notice box which appears every other day, after I deleted and added the email account.
I still have one email account functioning which is fine, but still, I'd like to have both of my accounts working. Anyhow, I found the webpage for this creating a Microsoft Exchange Active Sync Account. Setting up an Exchange email account on BlackBerry PlayBook OS 2.0 | BrightPoint GB Blog
I need help here. I have no idea what "Domain Field" indicates, and what is the IT Department? Would that be my server for my private WiFi connection? I need a more specific instructions. Plus the Server Address, what would that be?
Signed: Confused and Bewildered.
Solved!
Go to Solution.in options goto accounts
choose acount type Email, Calendar, contacts
tap on advanced on bottom
choose Email, Calendar, contacts
Set the Incoming Mail Server to m.gmail.com
Leave Domain blank
Set your username to your full email address
set password and continue
Click here to Backup the data on your BlackBerry Device! It's important, and FREE!
Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
BESAdmin's, please make a signature with your BES environment info.
SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope
Want to thank me? Buy my KnottyRope App here
BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V -
Passing A Variable From Active Sync Form To WorkFlow
Hi All,,
I am calling a Workflow from the Active Sync form, Which is fine.
But, the problem is , i am having a variable "xxx" in the active sync form, but, i am unable to use this in the workflow.
So, Please any one can tell how to use a variale in Workflow, passed from a Form.
Waiting for reply....Thank you for your response.
Do you have a code snippet or other example that shows how to do this?
Thanks
Tim -
Parameterized Active Sync Form generating random password
Hi im looking for an sample of an Parameterized Active Sync Form which generates a random password.
Thanks!
Michael--I think password from AD not put in to activeSync.
--Why?
You cannot change the user's password from the activeSync RA. The password is encrypted in Active Directory and you can't decrypt it.
You can read the Idm Resources Reference - Active Directory. There's a table with all the supported fields; the userPassword field is write-only.
If you want to take the AD password and send it to IDM, you want to use Password Sync.
Good luck -
I would like to how to create a group for email.
You cannot create a group in the built in mail app. You need a third party mail app to do that. I have never used either app, but both of theses will fulfill that function.
MailShot
https://itunes.apple.com/us/app/mailshot-pro-group-email-done/id445996226?mt=8
Group Email!
https://itunes.apple.com/us/app/group-email!-mail-client-attachments/id380690305 ?mt=8 -
Securing AnyConnect VPN user access via specific LDAP groups in Active Directory?
Is there a brief tutorial on how to secure AnyConnect VPN access using Active Directoty security groups?
I have AAA LDAP authentication working on my ASA5510, to authenticate users against my internal AD 2008 R2 server, but the piece I'm missing is how to lock down access to AnyConnect users ONLY if they are a member of a specific Security Group (i.e. VPNUsers) within my AD schema.This looks fairly complete
http://www.compressedmatter.com/guides/2010/8/19/cisco-asa-ldap-authentication-authorization-for-vpn-clients.html
Sent from Cisco Technical Support iPad App -
How to use group by in tabular form
Hi all
i have a tabular form and i need to issue the goods not more then five and in 1 row i will issue only 1 qty
so i use only five rows . but by mistake i will use 6 rows then it is wrong how to restrict it
please guide
Thanks and Regards
vikasHi Ammad Ahmed
i have a order of dresses
Dress name qty
a 5
b 8
c 55
d 8
now i issuing it for production
and the issuing form is tabular and the way of issuing is like this
dress name qty
a 1
a 1
b 1
a 1
a 1
a 1
d 1
d 1
i need when i issue for production then i need to calculate the a,b and d are not more then the orderThanks and Regards
Vikas Singhal
Edited by: vikas singhal on Jan 14, 2011 3:46 PM -
How create Nested Child Nodes in XML Forms
Hello All:
I am very new to XML Forms/KM. I am trying to figure out a way to create Nested Child Nodes schema in XML Forms. Is there a way we can do it?
Thanks and Regards,
Vasu.Document document;
NodeList[] dataNodeList=new NodeList[2];
NodeList nodeList=document.getElementsByTagName("MyData");
for(int i=0; i<nodeList.getLength(); i++)
dataNodeList=nodeList.getChildNodes(); -
HT1692 how do I get photos to sync form pc to my ipad
i used to be able to sync my photos from itunes to my ipad ..niow the menu does not contain photo or syncr
Sure it does. Resize the iTunes window. He photos tab is simply hidden due to a display issue
-
How to find out exchange active sync server address
Hi, I have just had exchange set up at work, I cannot get it working on the iPhone, the guy who set it up doesnt know what it may be. I have tried all sorts of things like the static ip address and domain name but just cant seem to get it working.
Any suggestions?
Thank youHi, its Exchange 2003 SP2, OWA was working up till some updates where done on the server last week, now after you enter the user name and password I get a error HTTP/1.1 503 Service Unavailable, the guy who installed the server has been rolling back the updates to try and get it working but still hasnt been able to. Its problem after problem ATM, I cant VPN in either, the installer can from his place though.
-
Active sync : process selection values are not persistent
Hi,
Version: IDM : 6
I am attempting to provision oracle user accounts through IDM active sync process running against an AD LDAP server.
I want to use default forms/views supplied by IDM product, and configure active sync to use my custom workflow on create/update events.
I was not able to save my workflow for any of the events in process selection module of active sync configuration.
this is what i did..
======================================================
Active sync in (advanced mode) ->Process Selection
Process Mode
Use the event type to determine the process / workflow ? (enabled)
Create -> (from available workflows i select my custom workflow ) save
======================================================
after saving my changes , i again re-visited active sync-> process selection : to confirm my changes.
i do not see my saved workflow for create , but i see "default" as selected.
Is assigning custom workflows through actives syncs process selection allowed?
If Yes, How do i preserve my active sync-> process selection configurations?
Thanks
Edited by: idm_new_user on Jun 3, 2008 9:44 AMHi Chapo,
Thanks for trying to help me out...
Issue is not with assigning my custom form to my active sync process, it works that way...(i can achieve AD->IDM->ORACLE provisioning) using custom form/workflow...i now want to use, forms/workflow shipped out of box by IDM product to achieve provisioning of oracle accounts(Target) with Active Sync configured on AD (source).I am having issues with this configuration...i am not sure , it even works, out of box with out editing any forms/workflows !!!
what i now to achieve is a partial customization, i.e use forms supplied out of box by idm's active sync process, and ONLY use my custom workflows to do create/updates...
This is what i am trying to do, for an active sync configured on AD resource in advanced mode.
Find the AD LDAP resource under the Resources tab.
The check the box on the left hand side.
Now select "edit Active Sync process" from the drop down box.
In the active sync ->process selection view...select "use event type to determine the process/workflow ?"
and assign my custom workflows for create/update events...
after saving this, i revisit to confirm my changes...only to find that , they get lost/replaced by "default"
so, my question is how do i configure an active sync to use my workflow on create/update events...with out using my custom forms? if "process selection" module of active sync wizard is the way to do this, how can i save my configurations? -
Role updation during Flat File Active Sync
Hi
I have defined a role which assigns default values to some attributes for a particular resource.
And this role am assigning it to the user in the Flat File Active Sync form during user creation.
But the problem is the attribute-values defined in the Role are not getting updated in the user data during the creation process. The next time there is an update, the values get reflected.
I want this to be reflected during the first creation process itself. Please let me know what changes needs to be done in the following code -
<Field name='accounts[Lighthouse].roles'>
<Expansion>
<filterdup>
<appendAll>
<ref>accounts[Lighthouse].roles</ref>
<s>Initial-Provision-Role</s>
</appendAll>
</filterdup>
</Expansion>
</Field>
This is done after assigning the user to the resources.
Please help asap
Thanks
Bushrano....what i mean is that instead of using the user forms to set all the values, call a workflow instead. I believe the field in the configuration is called "process workflow" or something like that. this will be called instead of the forms. inside that workflow create a view, or get the existing view...set the new role....refresh the view...then call the create/update/delete user etc.
a create view is s provisioning task...so you cant call it from a workflow. take the "provisioning task" part out of the header of the create user workflow and it should work just fine.
this may be much more complicated than what you actually need. Its just the way i would handle it. I dont like using the user forms and always call a workflow instead. gives me much more flexibility
dana -
How to pass a rule in activesync Form
Hi All,
I have created a rule with 2 arguments say A and B.
I want to pass this rule in a activesync form.
As per the sun technical ref am passing the rule as
<Field name='waveset.Type'>
<Expansion>
<rule name='CALL'>
<argument name='dataType' value='A'/>
<argument name='data' value='$(activesync.B)'/>
</rule>
<Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Field>
When am passing this value in to a form this code is not at all working.
Where as the same rule when am passing it in a field in a ordinary form its working fine.
Can any one please analyse the code and say whats going wrong in the code or how to make the code workable.
Thanks in advance.
Regards
Gajendra NagapurkarI have also gone thorugh the same. For some reason when u pass an argument in an active sync form it wouldn't work properly. Instead if u hard code the argument value as activeSync.B in the rule itself it will work. I don't know for what reason it happens. But I have experienced the same and modified my rule and hard-coded to the active sync field.
I don't know whether anybody has tried passing arguments from an active sync form and been successful. This is no special type of form and excutes like anyother form but during active sync process it doesn't work. -
Creating a user in Active Direcory
Hi,
Here is the scenario.
I am loading accounts into IdM through flatfile, after loading accounts into IdM, through actvesync I am trying to push any updated or new accounts into Active Directory.
but I am unable to create account in AD, strangely I am not seeing any error too.
test connection was successful and I reconciled AD, unmatched accounts gets loaded into Idm.
any ideas please....why I am not able to load accounts from IdM to AD?
In the activesync form I specified waveset.resources field to AD(resource name) and viewOptions.Process field to CreateUser(workflow name). I specified the CreateUser workflow in the pre-process workflow option.
am I doing in the right way?
Any ideas please..
Thanksthe fields in the active sync form
<Field name='waveset.accountId'>
<Comments> email. </Comments>
<Expansion>
<block name='checkTrace' trace='true'>
<ref>activeSync.accountId</ref>
</block>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='global.firstname'>
<Comments> fullname. </Comments>
<Expansion>
<ref>activeSync.firstname</ref>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='global.lastname'>
<Comments> firstname. </Comments>
<Expansion>
<ref>activeSync.lastname</ref>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='waveset.password'>
<Comments>
 Make up a password for accounts that are being created.
 </Comments>
<Expansion>
<cond>
<notnull>
<ref>activeSync.password</ref>
</notnull>
<ref>activeSync.password</ref>
<s>change12345</s>
</cond>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='waveset.resources'>
<Expansion>
<list>
<s>AD</s>
</list>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='viewOptions.Process'>
<Expansion>
<s>Create User</s>
</Expansion>
</Field> -
Emailing a completed active PDF form using a Submit buttom? (Acrobat XI Pro.)
I have created a very large active PDF form with hundreds of fields, with text boxes, drop downs, radio buttons, check boxes and I think the kitchen sink. But for the life of me I cannot figure out how to create a Submit button that will send the completed form to an email address that is set to print anything that hits it.
I have read so much on it that I'm thoroughly confused. Do I need a script, is there a method through Acrobat menus I'm missing, or am I barking at the moon? Any help just getting me going in the right direction would be appreciated more than I could even say. Thanks!Simply add a button and set it's Mouse Up action to "Submit a Form" and use a mailto type URL and specify that the complete PDF is sent. If it needs to work with Reader prior to version 11, it will additionally need to be Reader-enabled: File > Save As Other > Reader Extended PDF > Enable More Tools
Note that emailing is unreliable compared to submitting to a web server, and it's difficult to make secure, which is relatively easy with a web server.
Maybe you are looking for
-
My I-Touch is not showing up on I-Tunes when I connect it to my Mac. Is there something I can do to make it show up?
-
Dear experts Our client implemented sap in 2006 ECC 6 version and 2011 they want to implement new profit center instead of old profit center .I have discussed with client what they are saying they have implemented document
-
can anybody help me here. I want to take some data from the backend system and want to display it into a table.
-
Unable to sync contacts and calendar to outlook 2010 or iphone 5
I work in IT and several of our clients are have trouble syncing contacts and calendar to outlook 2010 or iphones. I have uninstall itunes completely from the computer, deleted the backup and clear the sync history nothing seems to be working. Is the
-
Help regarding search functionality... pls...
Hello All, While selecting a Business Scenario/Process/Step in SolMan, the search functionality is not working. Is there any configuration that needs to be done for the search functionality to work? Pls help. Any information in this regard will be gr