Related Tips & Info

Use iManager Plugin Studio to create Custom Plugins

khurni1
1 Likes

iManager RBS setup with Plugin Studio



Contents












Overview




The purpose of this document is to show how you can use the Plugin Studio in iManager to create a custom role with custom screens to allow certain users to do specific tasks within iManager. Plugin Studio is a fairly powerful utility that is supplied with iManager and can be used to create custom "screens" that can be used to further create custom roles and tasks. For example, in our environment, we have a section of staff responsible for creating user accounts. Now, while the IDM UserApp can be used for provisioning, it is fairly complex to setup, and you may just need something more simple. Also, while the default Create User role is sufficient, it presents the staff with a plethora of options that we do not want or need them to see or use. Also, to avoid typos and data inconsistency, we needed to present the data fields in a particular format. In this example, I want to create a role that lets a user perform specific tasks: Create a User (with a custom screen, so that they can only fill in certain information), certain password tasks, and MODIFY users (but with a customized screen of WHAT they can modify).


iManager RBS Configuration



Login to iManager (as the RBS Administrator-usually Admin), click Configure on the top menu buttons.

imanager-rbs-1




You see the next screen.

imanager-rbs-2



Click the Role Based Services menu item, and then click the RBS Configuration item.

imanager-rbs-3



Click the Role Based Service link


Create New Role



You are presented with 2 options: iManager Role, and eGuide Role. Select the iManager Role.

imanager-rbs-4



 

imanager-rbs-5



Name the role appropriately (Company ABC-Create User, or something like that). I strongly advise to set the description accordingly as well.

Click Next

imanager-rbs-6



Select the two tasks above. The other task should get auto-assigned when the Plugin Studio module is copied. Remember, we are creating a custom role to set the password, clear intruder lockouts, and create users.

Click Next

imanager-rbs-7



Select the User & Groups from the left-hand column so that it's added to the right-hand side (I believe you click the right arrow) and click Next


imanager-rbs-8



Choose a user to assign the role to, and WHERE (the scope) they should be able to perform the tasks. You can ONLY select eDirectory containers as the scope. Click Add.

Click Next

imanager-rbs-9



Click Finish

Click OK

So now we have created a custom role with some of the pre-built tasks, and assigned the rights to a specific portion of the eDirectory tree. Now we need to create a custom Plugin via Plugin Studio so that we can control the data fields on the screen that is presented to the staff once as assign the role to them.



Plugin Studio:



In iManager, select the Configure -> Role Based Services -> Plugin Studio:

imanager-rbs-10




Create User Plugin



Important thing to note here. If you have custom schema extensions (for example, we created some Aux Classes and Aux Class Attributes), you can only select these ONCE, and that's during the creation of the new plugin. If you later extend the schema again, or add more aux classes, you will have to create a NEW plugin from scratch. The ability to edit the existing plugin and choose new/additional classes does not exist. Keep this in mind.

Click New

imanager-rbs-11



Since we're modifying User Create/edit screens, the class is User. The Plug-in type is Task for Create (initially). As you can see from the above, you get ONE chance to check the box, and select "Add aux classes". To be honest, once I get there, I select them all. Remember, you can't go back and ADD later. So add 'em all now in case you ever need them, unless you don't mind creating a lot of extra work for yourself. For example, we wished to see the AD UPN values in iManager (or be able to set a UPN in iManager). Now you ask, "wait a minute, that's AD, not eDirectory, why are you doing that?" We use NetIQ IDM to sync eDir to AD, but for the time being, eDirectory is still our authoritative source for users. The DirXML-ADAliasName is an aux class attribute that is used by the IDM driver to sync UPN values. So I want to make sure I pick that aux class. Again, these are just examples.

Click Next

imanager-rbs-12




We are presented with the DEFAULT screen. We want to change some things like removing some of the fields (click the red X to remove something). To ADD items, Double-Click them from the right-hand Attributes column into the Plugin Fields area. Add them in the order that you want them to appear (although you can move them around later, just sometimes easier to add them correctly). You can also Modify/Edit the fields.

In THIS example, we don't want to use Email address, but rather Internet Email Address. (Internet Email Address is the value that we sync to and from AD). So we remove the one we don't want, and add the field we DO want.

To ADJUST an item you can change the Control Values. For example we don't want to use "CN" as the label, but rather we will present the name/label as: Userid:

imanager-rbs-13



Now this is where things can get useful. Almost everything in eDirectory is setup as a multi-valued attribute in the schema. AD, on the other hand is almost opposite and set to single-value. Since we do also let our users self-edit some things, we don't want them (or our staff) adding multiple values to certain things as that can make for interesting results in AD (or other data repositories). Therefore, we choose to set most of these as single-valued. NOTE: We are NOT actually changing the eDirectory schema. We are changing the display of that attribute. (ie, even though we set it for Single-Valued, you could still add multiple values via LDAP or a non-customized iManager Plugin). You can also set things as mandatory (in this case CN is already mandatory as defined by the schema). You can also set field limits. Just remember: Anything you change here does not change the underlying schema. So if the schema has a field limit of say, 8, and you set it to 25, you will get errors when attempting to populate the field with more than 8 characters.


In this case, we also want to make Last Name be single-valued:

We change the Control of SurName to: Textfield

imanager-rbs-14



In this case, I want to FORCE the account to be created in a specific container (ie, I don't let the user CHOOSE)

imanager-rbs-15



 

imanager-rbs-16



Keep editing the items as necessary

Password is different. There's not an actual attribute you can use for password. Rather, use the SET PASSWORD (it's a yellow star):

imanager-rbs-17




For the Plug-in Properties, give it a meaningful name (this is what shows up in the plugin list). Specify the appropriate RBS collection you are adding this into, along with the role you are adding this into. Example:

imanager-rbs-18




Then click Install and then click OK


We can even do some more interesting things like populate a drop-down list so that the Staff doesn't mis-type something, and this also forces a "default" setting for that attribute. An example is shown below for the "OU" (We rename this to Department):

imanager-rbs-19



Click the little "Plus" sign to add the items you want. NOTE: There are some downsides to this. Specifically two that I can think of:

1) You cannot import a list. You have to type and manually add each item one at a time. Yes, it is very time consuming for a large list.

2) The items appear in the order OPPOSITE of what you add them. In other words, let's say you have an alphabetical list of 5 items. So you enter Apple, Banana, Charlie, etc. When you preview, the list (or click the pulldown) you'll see them presented as: Charlie, Banana,Apple. You CAN re-order them but it's a lot of extra mouse clicks. So you want to add these from the "bottom" up, as it were.

I like to Preview things as I go along. But definitely preview before you save.

imanager-rbs-20



 


imanager-rbs-21




I clicked the pulldown so you can see what it looks like.

When finished, at the bottom of the Plugin Studio are 3 fields you need to fill in:

imanager-rbs-22




You can call the Plug-In id pretty much whatever you want.

You have to select the RBS collection

Select the Role you created previously


Install
OK
Done


Modify User Plugin



While still in the Plugin Studio, create a new Plugin for the Modify User task.


imanager-rbs-23



 

imanager-rbs-24



Again, you can customize what shows up on this screen. For example, if you only want people to be able to modify telephone numbers, (there's mobile, fax, etc. in eDir), add/remove the attributes as necessary. You can CHANGE the attributes as well (for example, if you don't want people to add multiple phone numbers, you can modify the attribute so that it's not multi-valued in terms of the UI in iManager).

When finished, assign the Plug-in ID (give it a meaningful name), the RBS and the role to which you are assigning this to.

Click OK

At any time you can click Preview to see what it would look like/function (for the most part) in I Manager.


Install Plugin(s)



While still in the Plugin Studio, click the Install to install the plugins.

imanager-rbs-25



Then you can Exit the Plugin Studio

Now you'll see your plugins in the PlugIn Studio list.

I would advise that you EXPORT the custom plugins, give them meaningful names and save them somewhere that gets backed up to tape. (Check the box next to the item you want to export, then select Actions -> Export). You can also use this if you need to have the plugins on multiple iManager servers. Yes, that is right. You just changed a specific iManager SERVER plugin. Even though you installed the plugin into eDirectory RBS, the actual files (the .npm file) that controls what you did needs to be present on any iManager server you are using. Once you exported the plugin you now have a backup, plus the ability to import that to another server if you need to do so.

There are times when upgrades to iManager will remove the plugins and you'll need to reinstall them. Or if you need to install these on more than one iManager server, you will need to export them and import them to the other servers. So I would strongly advise that after upgrading (ie: OES2 SP2 to OES2 SP3, or OES2 SP3 to OES11 SPwhatever) that you check/verify your custom plugins. If they are not the current ones you think (or they don't load at all), go to the Plugin Studio and try to Install them again. IF that fails, then re-import and then re-install them.

As you can see, Plugin Studio can be powerful to customize data fields. A few things are still missing in terms of enhancements, for example, the ability to import a list (CSV file, something) for drop-downs, and the abilitly to edit an existing customized Plugin and ADD new Aux Classes would be great.

IDM UserApp can also be used, however, customization there is a bit more complex, as is the server maintenance and patching/upgrading side of things. For more simple solutions, Plugin Studio can be used to solve your design dilemma.


 

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.