4.7.1 new shim capabilities: "return-on-first-match-supported" and "granular-search-suppor... - Micro Focus Community

lhaeger · ‎2018-12-03

Watching a trace scoll by, I just stumbled over

<instance class-name="__driver_identification_class__">
<attr attr-name="driver-id">
<value type="string">LBACK</value>
</attr>
<attr attr-name="driver-version">
<value type="string">4.7.1.0</value>
</attr>
<attr attr-name="min-activation-version">
<value type="int">0</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
<attr attr-name="granular-search-supported">
<value type="state">true</value>
</attr>
<attr attr-name="return-on-first-match-supported">
<value type="state">true</value>
</attr>
</instance>

The last two nodes are new in 4.7.1 (or even 4.7.0...?), it seems. What do they
do, which shims (apart from LBACK, of course) support them? A quick serach of
the docs did not return any results... anyone with a hint or idea?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

jtl1 · ‎2018-12-03

Hello,

Have not tried it but it is a way of combining and grouping search conditions in a query. More info can be found in the DTD
documentation within the SDK: https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html

Unfortunately the direct documentation links isn't updated but the one in the SDK is:

from query.html:
---
When the attribute return-on-first-match = true , the incoming query will be interpreted into multiple search criteria(i.e each
of <search-condition> or <search-attr> will be treated as a seperate search criteria and expected to have the attribute
search-criteria-id set) and are executed sequentially in the same order as received.

As and when a non-empty result is received for particular search criteria or sub query, the associated search-criteria-id will
be appended to the instance documents and returned. We exit from the query execution i.e we will not proceed to the next
search-criteria when a match has been found.
---

and from search-condition.html
---
<search-condtion> is used specify a logical conditional search expression to be evaluated while performing a search. It can be
enclosed inside a <query> or a <search-condtion>.

A <search-condtion> element can have combination of <search-attr> and <search-condtion>.

A <search-condtion> element along with its children can be read as a prefix expression, where the <search-condtion> is the
operator and its children are the operands in the expression.

Possible names for the search condition are:

and
a logical and operation should be performed on the enclosed operands.
or
a logical or operation should be performed on the enclosed operands.
not
a logical not operation should be performed on the enclosed operand. If the attribute name is set to not, the
search-condition should have only one child, either <search-attr>> or a <search-condtion>

With a combination <search-condtion> and <search-attr> elements, more granular search filters can specified while performing a
query.
---

Best regards,
Tobias

On 2018-12-03 12:45, Lothar Haeger wrote:
> Watching a trace scoll by, I just stumbled over
>
> <instance class-name="__driver_identification_class__">
> <attr attr-name="driver-id">
> <value type="string">LBACK</value>
> </attr>
> <attr attr-name="driver-version">
> <value type="string">4.7.1.0</value>
> </attr>
> <attr attr-name="min-activation-version">
> <value type="int">0</value>
> </attr>
> <attr attr-name="query-ex-supported">
> <value type="state">true</value>
> </attr>
> <attr attr-name="granular-search-supported">
> <value type="state">true</value>
> </attr>
> <attr attr-name="return-on-first-match-supported">
> <value type="state">true</value>
> </attr>
> </instance>
>
> The last two nodes are new in 4.7.1 (or even 4.7.0...?), it seems. What do they
> do, which shims (apart from LBACK, of course) support them? A quick serach of
> the docs did not return any results... anyone with a hint or idea?
>

Alex McHugh · ‎2018-12-03

Tobias Ljunggren <jtl@no-mx.forums.microfocus.com> wrote:
> Hello,
>
> Have not tried it but it is a way of combining and grouping search
> conditions in a query. More info can be found in the DTD
> documentation within the SDK:
> https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html
>
> Unfortunately the direct documentation links isn't updated but the one in the SDK is:
>

Exciting stuff. But if they have improved the query token - they should
have also added less than/greater than range operators (especially for
dates).

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.

lhaeger · ‎2018-12-04

Alex McHugh wrote:

> if they have improved the query token - they should
> have also added less than/greater than range operators (especially for
> dates).

They did not add support for granular queries to token-query yet, it seems. At
least it is not mentioned in the 4.7.1 DTDs and I cannot see anything like it
in Designer.

https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

geoffc · ‎2018-12-04

On 12/4/2018 3:03 AM, Lothar Haeger wrote:
> Alex McHugh wrote:
>
>> if they have improved the query token - they should
>> have also added less than/greater than range operators (especially for
>> dates).
>
> They did not add support for granular queries to token-query yet, it seems. At
> least it is not mentioned in the 4.7.1 DTDs and I cannot see anything like it
> in Designer.
>
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html

Are you using this to suggest it IS or IS NOT updated? Or are you saying
the DTD is updated, but the GUI is not yet updated?

> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/

And this was just recently updated for 4.7. Yay!

Added <arg-query-condition>.
Updated <token-query> to support <arg-query-condition>.
Updated <do-find-matching-object> to support <arg-query-condition>
and return-on-first-match feature.
Updated <arg-match-attr> with search-criteria-id attriubte to be
used with return-on-first-match.
Updated to allow specifying :CorrelationID for <do-remove-role>,
<do-add-resource> and <do-remove-resource>.
Updated <do-add-role> to allow specifying the originator and
:CorrelationID.
Updated <do-start-workflow> to use event correlation id by default.
Changed <do-send-email-from-template> to allow specifying from
address and sending attachments.

That last one is interesting and the format is attachment1, attachment2,
but that is no where near enough info to know how to use it. Where is
the file? What file system is it looking in? Local? RL? Local I assume.
Is it absolute path? Relative to the engine path?

lhaeger · ‎2018-12-04

Geoffrey Carman wrote:

> >
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/
>
> And this was just recently updated for 4.7. Yay!

When I looked earlier this day, he 4.7 update was not yet there. Maybe someone
read this thread...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

geoffc · ‎2018-12-04

On 12/4/2018 7:35 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>>>
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/dirxmlscript/
>>
>> And this was just recently updated for 4.7. Yay!
>
> When I looked earlier this day, he 4.7 update was not yet there. Maybe someone
> read this thread...

I agree. As soon as you raised the issue, that was the first place I
checked.

I emailed Tom, and he is off travelling, but suddenly that changed.
Regardless, we are all happy to see the update!

Now, to get more information...

klasen · ‎2018-12-04

On 2018-12-04 13:31, Geoffrey Carman wrote:
>>
>> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
>>
>
> Are you using this to suggest it IS or IS NOT updated? Or are you saying
> the DTD is updated, but the GUI is not yet updated?

According to engineering, it is supported in the Engine - but not yet in
Designer.

--
Norbert

--
Norbert

geoffc · ‎2018-12-04

On 12/4/2018 8:44 AM, Norbert Klasen wrote:
> On 2018-12-04 13:31, Geoffrey Carman wrote:
>>>
>>> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/query.html
>>>
>>
>> Are you using this to suggest it IS or IS NOT updated? Or are you
>> saying the DTD is updated, but the GUI is not yet updated?
>
> According to engineering, it is supported in the Engine - but not yet in
> Designer.

Ok, so the engine in 4.7 supports it but you need a driver that supports
it as well. I guess Loopback as the first is simplest. I.e. All queries
are to the engine source and dest, pub or sub channel. Or put another
way, do nothing and it just works.

I am curious HOW they will add GUI support to this. 🙂

Side note: since you have a sidebar conversation, the Attachment option
in do-send-email-from-template update to support attachment as a String
could you find out the formatting and starting location to provide a
real path? I.e. Still in that stupid mt_task style directory, or
anywhere on teh server local file system?

lhaeger · ‎2018-12-04

Tobias Ljunggren wrote:

> More info can be found in the DTD documentation within the SDK:
>
https://www.netiq.com/documentation/identity-manager-developer/driver-developer-kit.html

I think this remark deserves to be elevated into it's own thread. Seems like
the IDM SDK has been silently updated after more than 10 years! Great to see
this happen, but sad to see there was no advertising whatsoever about it. I
would not have noticed for another 10 years if Tobias did not mention it...

MF, you need to improve on self-marketing a LOT!

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

lhaeger · ‎2018-12-04

Lothar Haeger wrote:

> it's own thread

that did not work, obviously...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

lhaeger · ‎2018-12-04

Tobias Ljunggren wrote:

> Unfortunately the direct documentation links isn't updated but the one in the
> SDK is:
>
> from query.html:

And here some examples of how it will look like...

....in DirXMLScript:

<token-query class-name="User" datastore="dest" scope="subordinates">
<arg-dn>
<token-text>Users/</token-text>
<token-attr name="OU"/>
</arg-dn>
<arg-match-attr name="CN"/>
<arg-match-attr name="Title"/>
<arg-query-condition name="or">
<arg-match-attr name="L">
<arg-value>
<token-text>Provo</token-text>
</arg-value>
</arg-match-attr>
<arg-match-attr name="L">
<arg-value>
<token-text>Bangalore</token-text>
</arg-value>
</arg-match-attr>
</arg-query-condition>
<arg-string>
<token-text>Surname</token-text>
</arg-string>
<arg-string>
<token-text>Given Name</token-text>
</arg-string>
</token-query>

....in XDS:



<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-condition name="or">
<search-attr attr-name="Surname">
<value type="string">Smith</value>
</search-attr>
<search-condition name="and">
<search-attr attr-name="OU">
<value type="string">IAM</value>
</search-attr>
<search-condition name="not">
<search-attr attr-name="Title">
<value type="string">Software Engineer</value>
</search-attr>
</search-condition>
</search-condition>
</search-condition>
<read-attr/>
</query>

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)

______________________________________________
https://www.is4it.de/identity-access-management

4.7.1 new shim capabilities: "return-on-first-match-supported" and "granular-search-supported"

Engine-Drivers