Read Users using Query

I am using Identity Manager 4.7.
I have configured one Job on Null Driver Subscriber channel, In this how can I read all Users who have "testAttrib" is available using Query?
  • fartyalvikram wrote:

    > how
    > can I read all Users who have "testAttrib" is available using Query?


    Try this:

    <do-for-each>
    <arg-node-set>
    <token-query class-name="User" datastore="src">
    <arg-match-attr name="testAttrib">
    <arg-value type="string">
    <token-text xml:space="preserve">*</token-text>
    </arg-value>
    </arg-match-attr>
    <arg-string>
    <token-text xml:space="preserve">Surname</token-text>
    </arg-string>
    </token-query>
    </arg-node-set>
    <arg-actions>
    <do-trace-message>
    <arg-string>
    <token-text xml:space="preserve">Found: </token-text>
    <token-xpath expression="$current-node/@src-dn"/>
    <token-text xml:space="preserve"> with Surname "</token-text>
    <token-xpath
    expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
    <token-text xml:space="preserve">"</token-text>
    </arg-string>
    </do-trace-message>
    </arg-actions>
    </do-for-each>

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • Thanks for reply.
    Attribute "testAttrib" syntax is "Time" Single Valued.
    Rule is given below
    <do-for-each>
    <arg-node-set>
    <token-query class-name="User" datastore="src">
    <arg-match-attr name="testAttrib">
    <arg-value type="string">
    <token-text xml:space="preserve">*</token-text>
    </arg-value>
    </arg-match-attr>
    <arg-string>
    <token-text xml:space="preserve">Surname</token-text>
    </arg-string>
    </token-query>
    </arg-node-set>
    <arg-actions>
    <do-trace-message>
    <arg-string>
    <token-text xml:space="preserve">Found: </token-text>
    <token-xpath expression="$current-node/@src-dn"/>
    <token-text xml:space="preserve"> with Surname "</token-text>
    <token-xpath expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
    <token-text xml:space="preserve">"</token-text>
    </arg-string>
    </do-trace-message>
    </arg-actions>
    </do-for-each>

    And I am getting the following exception in the log
    <status level="error">Code(-9053) One or more errors occurred while processing a query: Code(-8009) Error processing <search-attr>: java.lang.NumberFormatException: For input string: "*".</status>

    Can we compare "testAttrib" value (which is in time) with some other time or timestamp?
  • fartyalvikram wrote:

    > Can we compare "testAttrib" value (which is in time) with some other
    > time or timestamp?


    Seems like token query does not support the "exists" syntax ("*") for time
    syntax attributes. I'd probably use an ldapsearch ecma instead, which should
    allow both testAttrib=* as well as testAttrib<=20180528120100Z comparisons.
    ECMA versions of ldapsearch are contained in one of the "Common" packages from
    MF/NetIQ, iirc, or can be pulled off my public repo at
    https://www.brummelhook.com/download/idm/packages/ as part of the "Bits and
    Pieces" package. Another version is mentioned at
    https://www.netiq.com/communities/cool-solutions/open-call-useful-ecma-functions-use-identity-manager/

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)

  • > <token-query class-name="User" datastore="src">
    > <arg-match-attr name="testAttrib">
    > <arg-value type="string">
    > <token-text xml:space="preserve">*</token-text>
    > </arg-value>
    > </arg-match-attr>
    > <arg-string>
    > <token-text xml:space="preserve">Surname</token-text>
    > </arg-string>
    > </token-query>


    Is asterisk as a wild card legal here? LDAP yes, IDM Query not so much?
    I have been bugging Rajiv to get the Query token to have more LDAP
    semantic support as well, but I did not think those changes were yet to
    be made...

  • On 5/28/2018 7:09 AM, Lothar Haeger wrote:
    > fartyalvikram wrote:
    >
    >> Can we compare "testAttrib" value (which is in time) with some other
    >> time or timestamp?

    >
    > Seems like token query does not support the "exists" syntax ("*") for time
    > syntax attributes. I'd probably use an ldapsearch ecma instead, which should


    I was thinking LDAP ECMA approach as well.

    Does Query support * for string syntaxes though?
  • Geoffrey Carman wrote:

    > Is asterisk as a wild card legal here? LDAP yes, IDM Query not so much?


    I thought * was supported for substring searches but docs do not mention it,
    now that I try to look it up...

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • geoffc;2481602 wrote:
    On 5/28/2018 7:09 AM, Lothar Haeger wrote:
    > fartyalvikram wrote:
    >
    >> Can we compare "testAttrib" value (which is in time) with some other
    >> time or timestamp?

    >
    > Seems like token query does not support the "exists" syntax ("*") for time
    > syntax attributes. I'd probably use an ldapsearch ecma instead, which should


    I was thinking LDAP ECMA approach as well.

    Does Query support * for string syntaxes though?


    I don't think, that Query token support any "wildcard" search syntax.
    This is a long time pending request for extension for Query token.

    Currently this option available only for LDAP query.
  • On 5/28/2018 2:36 PM, al b wrote:
    >
    > geoffc;2481602 Wrote:
    >> On 5/28/2018 7:09 AM, Lothar Haeger wrote:
    >>> fartyalvikram wrote:
    >>>
    >>>> Can we compare "testAttrib" value (which is in time) with some other
    >>>> time or timestamp?
    >>>
    >>> Seems like token query does not support the "exists" syntax ("*") for

    >> time
    >>> syntax attributes. I'd probably use an ldapsearch ecma instead, which

    >> should
    >>
    >> I was thinking LDAP ECMA approach as well.
    >>
    >> Does Query support * for string syntaxes though?

    >
    > I don't think, that *Query* token support any "wildcard" search syntax.
    > This is a long time pending request for extension for Query token.
    >
    > Currently this option available only for LDAP query.


    Right, and you cannot query for presence = * or absence (Not = *) or
    time synatx. Wait... Did I remember something about adding Time syntax
    fields and < and > or am I losing my mind?

  • al b wrote:

    > I don't think, that Query token support any "wildcard" search syntax.


    You are probably right when querying the ID Vault. I may have mixed that up
    with queries against the application side, which do support * in some cases,
    like
    https://www.netiq.com/documentation/identity-manager-47-drivers/sap_user/data/byi8iee.html


    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • Lothar Haeger wrote:

    > Geoffrey Carman wrote:
    >
    > > Is asterisk as a wild card legal here? LDAP yes, IDM Query not so much?

    >
    > I thought * was supported for substring searches but docs do not mention it,
    > now that I try to look it up...


    I thought it depended on the attribute syntax. Was sure we discussed this
    before.

    If you look up the relevant attribute syntax: it mentions what matching rules
    are supported.

    For example our fave Case Ignore String should support it.
    https://www.novell.com/documentation/developer/ndslib/schm_enu/data/sdk5561.html

    But not supported with Time syntax:
    https://www.novell.com/documentation/developer/ndslib/schm_enu/data/sdk5701.html

    --
    If you find this post helpful, and are viewing this using the web, please show
    your appreciation by clicking on the star below