Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Linking Multiple Resource Accounts via Active Sync

Ok guys/gals the scenario is... We have one idm account linked to accounts on one resource, and we want to be able to link them up via Active Sync...We don't care about the attributes, just want to make sure that if a another account for a user is created outside of IDM we can grab it and link it. So far, I've seen that the active sync process will see the new account, correlate it to a user, but it will not link the user...And outside of doing a custom Process Rule workflow, I'm not seeing any other way to get the accounts to link via active sync. Is what we are trying to do a reconciliation thing only? Have I missed something?

[646 byte] By [dmac] at [2007-11-26 9:51:41]
«« MDB listening to a remote Topic or Queue
»» SMTP Security for Roaming Users
# 1

Yes. You can add a field to your ActiveSync form to do this: Here is an example with AD:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE Configuration PUBLIC 'waveset.dtd' 'waveset.dtd'>

<Configuration name="Sample ActiveDirectory ActiveSync Form" wstype="UserForm">

<Extension>

<Form name="Sample ActiveDirectory ActiveSync Form">

<Field name="processType">

<Default>

<s>NONE</s>

</Default>

</Field>

<Field name="dispatcher">

<Expansion>

<cond>

<eq>

<upcase>

<ref>feedOp</ref>

</upcase>

<s>UPDATE</s>

</eq>

<block>

<set name="update.selectAll">

<s>false</s>

</set>

<dolist name="resObj">

<ref>waveset.accounts</ref>

<block>

<set name="resName">

<get>

<split>

<ref>resObj</ref>

<s>:</s>

</split>

<i>1</i>

</get>

</set>

<set>

<concat>

<s>update.accounts[</s>

<ref>resName</ref>

<s>].selected</s>

</concat>

<s>false</s>

</set>

<cond>

<match>

<ref>resName</ref>

<ref>activeSync.resourceName</ref>

</match>

<cond>

<eq>

<ref>

<concat>

<s>waveset.accounts[</s>

<ref>resName</ref>

<s>].accountGUID</s>

</concat>

</ref>

<ref>activeSync.objectGUID</ref>

</eq>

<set name="resourceName">

<ref>resName</ref>

</set>

</cond>

</cond>

</block>

</dolist>

<cond>

<isnull>

<ref>resourceName</ref>

</isnull>

<set name="processType">

<s>LINK</s>

</set>

<set name="processType">

<s>UPDATE</s>

</set>

</cond>

</block>

</cond>

</Expansion>

</Field>

<Field name="IAPI.cancel">

<Expansion>

<s>true</s>

</Expansion>

<Disable>

<eq>

<ref>processType</ref>

<s>LINK</s>

</eq>

</Disable>

</Field>

<Field name="doLinking">

<Expansion>

<block>

<append name="waveset.resources">

<ref>activeSync.resourceName</ref>

</append>

<set>

<concat>

<s>waveset.accounts[</s>

<ref>activeSync.resourceName</ref>

<s>].accountId</s>

</concat>

<ref>activeSync.identity</ref>

</set>

<set>

<concat>

<s>waveset.accounts[</s>

<ref>activeSync.resourceName</ref>

<s>].sAMAccountName</s>

</concat>

<ref>

<s>activeSync.sAMAccountName</s>

</ref>

</set>

<set>

<concat>

<s>waveset.accounts[</s>

<ref>activeSync.resourceName</ref>

<s>].accountGUID</s>

</concat>

<ref>activeSync.objectGUID</ref>

</set>

</block>

</Expansion>

<Disable>

<neq>

<ref>processType</ref>

<s>LINK</s>

</neq>

</Disable>

</Field>

</Form>

</Extension>

<MemberObjectGroups>

<ObjectRef type="ObjectGroup" id="#ID#Top" name="Top"/>

</MemberObjectGroups>

</Configuration>

MattP at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

MattP,

Thanks for the post!! For the most part I understand what the form is doing. I have a couple of questions though... My number 1 burning question is how did you figure out how to do this? Some of the things you're using I've never seen in any of the documentation, and I'd love to get a deeper understanding of it!. But off to the technical ones.

I noticed you set update.selectAll and update.accounts.resname.selected to false. What's the purpose of this?

Also would this force IDM to increment it's resource values...what I mean by this is...Say Joe Blow has 2 accounts on AD..his first account is accounts[AD].*, while his second is accounts[AD|2].*...Is this something IDM handles, or do I need to handle it myself in the form?

I appreciate all the help so far..the form you posted has been terrific help! :0).

dmac at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

Hello, I tried that code but it says the AD identity is null, and Im getting this error:

WavesetException: Error opening object 'LDAP://1.261.11.221/cn=John\\, Perez(111134123),ou=Users,ou=DMV,ou=US,ou=Americas,ou=ARR,dc=mydepartment,dc=my company,dc=com': ADsOpenObject(): 0X80072032: , 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece, An invalid dn syntax has been specified.

Do you know what can be causing this error?

thx

dieraven2003 at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4
Hello, the problem was solved defining the identity template as:John\, Perez(11113),ou=Users,ou=DMV,ou=US,ou=America,ou=XA,dc=mydepartment,dc=my company,dc=comonly one backslash,
dieraven2003 at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
# 5

>

> Also would this force IDM to increment it's resource

> values...what I mean by this is...Say Joe Blow has 2

> accounts on AD..his first account is accounts[AD].*,

> while his second is accounts[AD|2].*...Is this

> something IDM handles, or do I need to handle it

> myself in the form?

Hi,

when I handled it myself, it worked. I send the code with multi account support, but it's created via genetic programming - "do one character mutation, lets's see what it will do it, and so on..." - so no guaranty. Critisms welcomed, I want it really use. :-)

<Field name='processType'>

<Default>

<s>NONE</s>

</Default>

</Field>

<Field name='dispatch'>

<Expansion>

<block>

<dolist name='resObj'>

<ref>waveset.accounts</ref>

<set name='resName'>

<get>

<split>

<ref>resObj</ref>

<s>:</s>

</split>

<i>1</i>

</get>

</set>

<cond>

<eq>

<indexOf>

<ref>resName</ref>

<ref>activeSync.resourceName</ref>

</indexOf>

<i>0</i>

</eq>

<cond>

<eq>

<ref><concat>

<s>waveset.accounts[</s>

<ref>resName</ref>

<s>].accountId</s>

</concat></ref>

<ref>activeSync.identity</ref>

</eq>

<set name='resourceName'>

<ref>resName</ref>

</set>

</cond>

</cond>

</dolist>

<cond>

<isnull>

<ref>resourceName</ref>

</isnull>

<set name='processType'>

<s>LINK</s>

</set>

<set name='processType'>

<s>UPDATE</s>

</set>

</cond>

</block>

</Expansion>

<Disable>

<neq>

<ref>feedOp</ref>

<s>update</s>

</neq>

</Disable>

</Field>

<Field name='doLinking'>

<Expansion>

<block>

<defvar name='i'>

<i>1</i>

</defvar>

<defvar name='resName'>

<ref>activeSync.resourceName</ref>

</defvar>

<while>

<not>

<isnull>

<ref><concat>

<s>waveset.accounts[</s>

<ref>resName</ref>

<s>]</s>

</concat></ref>

</isnull>

</not>

<set name='i'>

<add>

<ref>i</ref>

<i>1</i>

</add>

</set>

<set name='resName'>

<concat>

<ref>activeSync.resourceName</ref>

<s>|</s>

<ref>i</ref>

</concat>

</set>

</while>

<set name='waveset.resources'>

<filterdup>

<append>

<ref>waveset.resources</ref>

<ref>activeSync.resourceName</ref>

</append>

</filterdup>

</set>

<set>

<concat>

<s>waveset.accounts[</s>

<ref>resName</ref>

<s>].accountId</s>

</concat>

<ref>activeSync.identity</ref>

</set>

<set>

<concat>

<s>waveset.accounts[</s>

<ref>resName</ref>

<s>].resource</s>

</concat>

<ref>activeSync.resourceName</ref>

</set>

</block>

</Expansion>

<Disable>

<neq>

<ref>processType</ref>

<s>LINK</s>

</neq>

</Disable>

</Field>

Cheers,

Milan

ceciik at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
# 6
I forgot to mention - this was above 'Database Table' resource type.
ceciik at 2007-7-7 1:05:10 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified