Send information to IDM through Scripting Driver

Hi all

I'm using an Scripting Driver for multiple uses with powershell, in this particular scenario my script calls another script which makes all the magic and returns a response to the first script to be evaluated and an status is sent back to the driver for IDM to make all of its magic there. For this to happen i'm triggering the logic with a JOB but when the status comes, it only gives me the "Trigger" and "EventID" information and i really need to have like Class Name and the DN of the user being affected.

This is how im setting up the powershell script:

idm_statussuccess $statusMsg
idm_writevalue "CLASS_NAME" $className
idm_writevalue "DEST_DN" $src_dn

Of course i have previously set $className and $src_dn with the information that i need

This is the response i see in my driver log:

<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
Here goes the status message
</output>
</nds

According to the Documentation of the driver i should be able to use the idm_writevalue to send information with the status but i don't seem to make it possible.

Any ideas? 

Thanks in advance 

pd: IDM is 4.7.2

  • IDM is a framework. Each driver can do whatever it is configured to do, and there is a lot there.

    Scripting is another framework.  You send it an IDM event and it does what it tells you to (basically nothing out of the box).

    So a trigger event is not helpful, since the sub channel sends it to the shim, you get it in the Scripting shim, the 'wrong' kind of event.

    Now, is the trigger coming on a specific object?  If that is the case, you can get the src-dn from the event and that is the object in play.   A trigger can be a single event on an object (even a container) or 'unrolled' to all objects inside the container. 

    If you look at the XML of the Trigger event on the engine trace side, you will see the XML attribute for the src-dn (Which I do think is src-dn in the trigger node)

    Now I THINK, that setvalue with a Status event may not work.  I would actually, simply reorder your output to write value then status success.

  • Hello,

    idm_writevalue calls should indeed proceed idm_statussuccess. However, if we look at the DTD for the status tag (https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/status.html), we see that only event-id (EVENT_ID), level and type attributes are used (along with message text). So you'll need to alter your message text:

       idm_statussuccess ("Success for object '" $src_dn "' (class '" $className ')")

    Give that a try with any necessary adjustments. Functions like idm_statussuccess are in ...\WSDriver\scripts\powershell\IDMLib.ps1 if you need to see how they work. I don't recommend changing IDMLib.ps1 though, as it may get overwritten by an upgrade.

    -- Sam

     

  • You are somewhat limited in what you can send back in a status element.

    If you look at the relevant part of the DTD ndsdtd for status element there is little you can add.

    The "level" is implicitly set by the status variant you call like "idm_statussuccess"

    You can return a different "type" by specifying:

     

    idm_statussuccess $statusMsg idm_writevalue "STATUS_TYPE" "my type"

     

    but the engine might complain if you get too funky there.
     
    What I normally do is B64 encode a blob and return it in as part of the $statusMsg then parse it out from there on engine side. You should in theory be able to embed any XML in the message blob, but I think the scripting shim choked on that.
  • Verified Answer

    Thank you so much guys for your answers. I managed to solve the problem by setting operation data through the subscriber channel of the Driver instead from the script per se. 

    For those who might wanna know a little bit more of information i just added a "set operation property" action in my subscriber channel and i get this information with the response from the Script.

    Thank you so much guys!