Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Knowledge Partner Knowledge Partner
Knowledge Partner
578 views

4.7.1 new shim capabilities: "return-on-first-match-supported" and "granular-search-supported"

Watching a trace scoll by, I just stumbled over

<instance class-name="__driver_identification_class__">
<attr attr-name="driver-id">
<value type="string">LBACK</value>
</attr>
<attr attr-name="driver-version">
<value type="string">4.7.1.0</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">0</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
<attr attr-name="granular-search-supported">
<value type="state">true</value>
</attr>
<attr attr-name="return-on-first-match-supported">
<value type="state">true</value>
</attr>
</instance>

The last two nodes are new in 4.7.1 (or even 4.7.0...?), it seems. What do they
do, which shims (apart from LBACK, of course) support them? A quick serach of
the docs did not return any results... anyone with a hint or idea?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
Labels (1)
0 Likes
13 Replies
Absent Member.
Absent Member.

Hello,

Have not tried it but it is a way of combining and grouping search conditions in a query. More info can be found in the DTD
documentation within the SDK: https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html

Unfortunately the direct documentation links isn't updated but the one in the SDK is:

from query.html:
---
When the attribute return-on-first-match = true , the incoming query will be interpreted into multiple search criteria(i.e each
of <search-condition> or <search-attr> will be treated as a seperate search criteria and expected to have the attribute
search-criteria-id set) and are executed sequentially in the same order as received.

As and when a non-empty result is received for particular search criteria or sub query, the associated search-criteria-id will
be appended to the instance documents and returned. We exit from the query execution i.e we will not proceed to the next
search-criteria when a match has been found.
---

and from search-condition.html
---
<search-condtion> is used specify a logical conditional search expression to be evaluated while performing a search. It can be
enclosed inside a <query> or a <search-condtion>.

A <search-condtion> element can have combination of <search-attr> and <search-condtion>.

A <search-condtion> element along with its children can be read as a prefix expression, where the <search-condtion> is the
operator and its children are the operands in the expression.

Possible names for the search condition are:

and
a logical and operation should be performed on the enclosed operands.
or
a logical or operation should be performed on the enclosed operands.
not
a logical not operation should be performed on the enclosed operand. If the attribute name is set to not, the
search-condition should have only one child, either <search-attr>> or a <search-condtion>

With a combination <search-condtion> and <search-attr> elements, more granular search filters can specified while performing a
query.
---

Best regards,
Tobias

On 2018-12-03 12:45, Lothar Haeger wrote:
> Watching a trace scoll by, I just stumbled over
>
> <instance class-name="__driver_identification_class__">
> <attr attr-name="driver-id">
> <value type="string">LBACK</value>
> </attr>
> <attr attr-name="driver-version">
> <value type="string">4.7.1.0</value>
> </attr>
> <attr attr-name="min-activation-version">
> <value type="int">0</value>
> </attr>
> <attr attr-name="query-ex-supported">
> <value type="state">true</value>
> </attr>
> <attr attr-name="granular-search-supported">
> <value type="state">true</value>
> </attr>
> <attr attr-name="return-on-first-match-supported">
> <value type="state">true</value>
> </attr>
> </instance>
>
> The last two nodes are new in 4.7.1 (or even 4.7.0...?), it seems. What do they
> do, which shims (apart from LBACK, of course) support them? A quick serach of
> the docs did not return any results... anyone with a hint or idea?
>


0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Tobias Ljunggren <jtl@no-mx.forums.microfocus.com> wrote:
> Hello,
>
> Have not tried it but it is a way of combining and grouping search
> conditions in a query. More info can be found in the DTD
> documentation within the SDK:
> https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html
>
> Unfortunately the direct documentation links isn't updated but the one in the SDK is:
>


Exciting stuff. But if they have improved the query token - they should
have also added less than/greater than range operators (especially for
dates).
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Alex McHugh wrote:

> if they have improved the query token - they should
> have also added less than/greater than range operators (especially for
> dates).


They did not add support for granular queries to token-query yet, it seems. At
least it is not mentioned in the 4.7.1 DTDs and I cannot see anything like it
in Designer.

https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 12/4/2018 3:03 AM, Lothar Haeger wrote:
> Alex McHugh wrote:
>
>> if they have improved the query token - they should
>> have also added less than/greater than range operators (especially for
>> dates).

>
> They did not add support for granular queries to token-query yet, it seems. At
> least it is not mentioned in the 4.7.1 DTDs and I cannot see anything like it
> in Designer.
>
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html


Are you using this to suggest it IS or IS NOT updated? Or are you saying
the DTD is updated, but the GUI is not yet updated?

> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/


And this was just recently updated for 4.7. Yay!


Added <arg-query-condition>.
Updated <token-query> to support <arg-query-condition>.
Updated <do-find-matching-object> to support <arg-query-condition>
and return-on-first-match feature.
Updated <arg-match-attr> with search-criteria-id attriubte to be
used with return-on-first-match.
Updated to allow specifying :CorrelationID for <do-remove-role>,
<do-add-resource> and <do-remove-resource>.
Updated <do-add-role> to allow specifying the originator and
:CorrelationID.
Updated <do-start-workflow> to use event correlation id by default.
Changed <do-send-email-from-template> to allow specifying from
address and sending attachments.

That last one is interesting and the format is attachment1, attachment2,
but that is no where near enough info to know how to use it. Where is
the file? What file system is it looking in? Local? RL? Local I assume.
Is it absolute path? Relative to the engine path?





0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Geoffrey Carman wrote:

> >

https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/
>
> And this was just recently updated for 4.7. Yay!


When I looked earlier this day, he 4.7 update was not yet there. Maybe someone
read this thread...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 12/4/2018 7:35 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>>>

> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/
>>
>> And this was just recently updated for 4.7. Yay!

>
> When I looked earlier this day, he 4.7 update was not yet there. Maybe someone
> read this thread...


I agree. As soon as you raised the issue, that was the first place I
checked.

I emailed Tom, and he is off travelling, but suddenly that changed.
Regardless, we are all happy to see the update!

Now, to get more information...


0 Likes
Micro Focus Expert
Micro Focus Expert

On 2018-12-04 13:31, Geoffrey Carman wrote:
>>
>> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
>>

>
> Are you using this to suggest it IS or IS NOT updated? Or are you saying
> the DTD is updated, but the GUI is not yet updated?


According to engineering, it is supported in the Engine - but not yet in
Designer.

--
Norbert
--
Norbert
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 12/4/2018 8:44 AM, Norbert Klasen wrote:
> On 2018-12-04 13:31, Geoffrey Carman wrote:
>>>
>>> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
>>>

>>
>> Are you using this to suggest it IS or IS NOT updated? Or are you
>> saying the DTD is updated, but the GUI is not yet updated?

>
> According to engineering, it is supported in the Engine - but not yet in
> Designer.


Ok, so the engine in 4.7 supports it but you need a driver that supports
it as well. I guess Loopback as the first is simplest. I.e. All queries
are to the engine source and dest, pub or sub channel. Or put another
way, do nothing and it just works.

I am curious HOW they will add GUI support to this. 🙂

Side note: since you have a sidebar conversation, the Attachment option
in do-send-email-from-template update to support attachment as a String
could you find out the formatting and starting location to provide a
real path? I.e. Still in that stupid mt_task style directory, or
anywhere on teh server local file system?





0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Tobias Ljunggren wrote:

> More info can be found in the DTD documentation within the SDK:
>

https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html

I think this remark deserves to be elevated into it's own thread. Seems like
the IDM SDK has been silently updated after more than 10 years! Great to see
this happen, but sad to see there was no advertising whatsoever about it. I
would not have noticed for another 10 years if Tobias did not mention it...

MF, you need to improve on self-marketing a LOT!

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Lothar Haeger wrote:

> it's own thread


that did not work, obviously...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Tobias Ljunggren wrote:

> Unfortunately the direct documentation links isn't updated but the one in the
> SDK is:
>
> from query.html:


And here some examples of how it will look like...

....in DirXMLScript:

<token-query class-name="User" datastore="dest" scope="subordinates">
<arg-dn>
<token-text>Users/</token-text>
<token-attr name="OU"/>
</arg-dn>
<arg-match-attr name="CN"/>
<arg-match-attr name="Title"/>
<arg-query-condition name="or">
<arg-match-attr name="L">
<arg-value>
<token-text>Provo</token-text>
</arg-value>
</arg-match-attr>
<arg-match-attr name="L">
<arg-value>
<token-text>Bangalore</token-text>
</arg-value>
</arg-match-attr>
</arg-query-condition>
<arg-string>
<token-text>Surname</token-text>
</arg-string>
<arg-string>
<token-text>Given Name</token-text>
</arg-string>
</token-query>

....in XDS:

<!--Search for user whose Surname is Smith or -->
<!--belong to the department(OU) IAM and not a Software Engineer -->
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-condition name="or">
<search-attr attr-name="Surname">
<value type="string">Smith</value>
</search-attr>
<search-condition name="and">
<search-attr attr-name="OU">
<value type="string">IAM</value>
</search-attr>
<search-condition name="not">
<search-attr attr-name="Title">
<value type="string">Software Engineer</value>
</search-attr>
</search-condition>
</search-condition>
</search-condition>
<read-attr/>
</query>


--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.