Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
245 views

I5osdrv: adding attributes to the publisher channel


I have built quite a few drivers over the years using DirXML (IDM). I
have been recently tasked with attaching our identity vault to our main
frame. The issue I have is in finding any documentation on how to add
attributes to the publisher channel on the mainframe. Any direction
would be greatly appreciated. An example would be even better.

I am specifically wanting to get out intruder attempts and last login.


--
stuartbyrnes
------------------------------------------------------------------------
stuartbyrnes's Profile: https://forums.netiq.com/member.php?userid=1312
View this thread: https://forums.netiq.com/showthread.php?t=51760

Labels (1)
0 Likes
10 Replies
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel

On Tue, 16 Sep 2014 13:55:25 +0000, stuartbyrnes wrote:

> I have built quite a few drivers over the years using DirXML (IDM). I
> have been recently tasked with attaching our identity vault to our main
> frame. The issue I have is in finding any documentation on how to add
> attributes to the publisher channel on the mainframe.


Does the connected system support the attributes you're trying to get? Is
this a question of how to get the shim to do so?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel


Thanks for the reply!

The attributes do not exist. I need to add them. I need to know how to
get at the shim to do so. Specifically, I need to get out last login and
intruder attempts.


--
stuartbyrnes
------------------------------------------------------------------------
stuartbyrnes's Profile: https://forums.netiq.com/member.php?userid=1312
View this thread: https://forums.netiq.com/showthread.php?t=51760

0 Likes
Knowledge Partner
Knowledge Partner

Re: I5osdrv: adding attributes to the publisher channel

On 9/16/2014 1:45 PM, stuartbyrnes wrote:
>
> Thanks for the reply!
>
> The attributes do not exist. I need to add them. I need to know how to
> get at the shim to do so. Specifically, I need to get out last login and
> intruder attempts.


So the way IDM works is, the source system has to have the data.

Does AS400 have the data?

If not, how do you expect to get something the system does not contain?

Now, having said all that, it is nice if you understand how the AS400
driver works. It is basically a Scripting driver for AS400, I think
using the CL command language.

So... Do you have an AS400 resource? Does he know AS400 well enough to
figure out how to get the data you want? If so, he can look at the CL
Scripts and modify them to generate the attributes if the shim asks for
them.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel


Thanks for replying!

The data is there and I already have some queries written by our
resource to get it out. I just can't find where the CL scripts are that
need editing. I can find the CL scripts for the subsciber, but not the
publisher. I assume it works by polling for changes, but I could be
wrong.


--
stuartbyrnes
------------------------------------------------------------------------
stuartbyrnes's Profile: https://forums.netiq.com/member.php?userid=1312
View this thread: https://forums.netiq.com/showthread.php?t=51760

0 Likes
Knowledge Partner
Knowledge Partner

Re: I5osdrv: adding attributes to the publisher channel

On 9/16/2014 9:55 AM, stuartbyrnes wrote:
>
> I have built quite a few drivers over the years using DirXML (IDM). I
> have been recently tasked with attaching our identity vault to our main
> frame. The issue I have is in finding any documentation on how to add
> attributes to the publisher channel on the mainframe. Any direction
> would be greatly appreciated. An example would be even better.
>
> I am specifically wanting to get out intruder attempts and last login.


Side note: i5os - aka AS400 aka IBM something or other series is a Midrange.

RACF, Top Secret, and ACF2 are the security frameworks (each with their
own custom driver) that are commonly known as mainframes.

So step 1, are you on the right driver? 🙂

If you look at schema after you extend it with the file from the
AS400/i5os driver, you will see a ton of DirXML-i5osXXXXXXX atributes.

In principle those are the known set of AS400 side attributes you can
pick out of AS400. You will need to know their name on teh AS400 side
of course.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel


I am using the iseries driver connected to iseries (midrange). The
driver is up and connected and working with built in attributes out of
the box. I just need a bit more information out of the iseries side.
specifically I need intruder attempts and last login.


--
stuartbyrnes
------------------------------------------------------------------------
stuartbyrnes's Profile: https://forums.netiq.com/member.php?userid=1312
View this thread: https://forums.netiq.com/showthread.php?t=51760

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel


stuartbyrnes;248740 Wrote:
> I have built quite a few drivers over the years using DirXML (IDM). I
> have been recently tasked with attaching our identity vault to our main
> frame. The issue I have is in finding any documentation on how to add
> attributes to the publisher channel on the mainframe. Any direction
> would be greatly appreciated. An example would be even better.
>
> I am specifically wanting to get out intruder attempts and last login.


Hi,

The i5os Driver leverages the QIDM_QSY_CHG_PROFILE exit point to capture
i5os Profile changes for the Publisher channel. Unfortunately, the
driver's implementation has a hard-coded list of attributes that it
listens for, and Last Login and Intruder Attempts are not in that list.
The list was chosen for attributes that can be synchronized
bidirectionally. There wouldn't be any scripts that you could modify to
plug-in to this process and the changelog functionality does not have a
public interface.

I would recommend you open an enhancement request at bugzilla.novell.com
and request additional attributes be added to the Exit implementation.

Thanks,
-Jeremy


--
jgrieshop
------------------------------------------------------------------------
jgrieshop's Profile: https://forums.netiq.com/member.php?userid=483
View this thread: https://forums.netiq.com/showthread.php?t=51760

0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: I5osdrv: adding attributes to the publisher channel

On 9/17/14, 9:57 PM, jgrieshop wrote:
>
> stuartbyrnes;248740 Wrote:
>> I have built quite a few drivers over the years using DirXML (IDM). I
>> have been recently tasked with attaching our identity vault to our main
>> frame. The issue I have is in finding any documentation on how to add
>> attributes to the publisher channel on the mainframe. Any direction
>> would be greatly appreciated. An example would be even better.
>>
>> I am specifically wanting to get out intruder attempts and last login.

>
> Hi,
>
> The i5os Driver leverages the QIDM_QSY_CHG_PROFILE exit point to capture
> i5os Profile changes for the Publisher channel. Unfortunately, the
> driver's implementation has a hard-coded list of attributes that it
> listens for, and Last Login and Intruder Attempts are not in that list.
> The list was chosen for attributes that can be synchronized
> bidirectionally. There wouldn't be any scripts that you could modify to
> plug-in to this process and the changelog functionality does not have a
> public interface.
>
> I would recommend you open an enhancement request at bugzilla.novell.com
> and request additional attributes be added to the Exit implementation.
>
> Thanks,
> -Jeremy


For enhancement requests please use https://www.novell.com/rms

Casper

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: I5osdrv: adding attributes to the publisher channel


jgrieshop;248822 Wrote:
> Hi,
>
> The i5os Driver leverages the QIDM_QSY_CHG_PROFILE exit point to capture
> i5os Profile changes for the Publisher channel. Unfortunately, the
> driver's implementation has a hard-coded list of attributes that it
> listens for, and Last Login and Intruder Attempts are not in that list.
> The list was chosen for attributes that can be synchronized
> bidirectionally. There wouldn't be any scripts that you could modify to
> plug-in to this process and the changelog functionality does not have a
> public interface.
>
> I would recommend you open an enhancement request at bugzilla.novell.com
> and request additional attributes be added to the Exit implementation.
>
> Thanks,
> -Jeremy


Thanks for the info. I will figure out a work around for now and put in
an enhancement request.


--
stuartbyrnes
------------------------------------------------------------------------
stuartbyrnes's Profile: https://forums.netiq.com/member.php?userid=1312
View this thread: https://forums.netiq.com/showthread.php?t=51760

0 Likes
Knowledge Partner
Knowledge Partner

Re: I5osdrv: adding attributes to the publisher channel

On 9/18/2014 1:55 PM, stuartbyrnes wrote:
>
> jgrieshop;248822 Wrote:
>> Hi,
>>
>> The i5os Driver leverages the QIDM_QSY_CHG_PROFILE exit point to capture
>> i5os Profile changes for the Publisher channel. Unfortunately, the
>> driver's implementation has a hard-coded list of attributes that it
>> listens for, and Last Login and Intruder Attempts are not in that list.
>> The list was chosen for attributes that can be synchronized
>> bidirectionally. There wouldn't be any scripts that you could modify to
>> plug-in to this process and the changelog functionality does not have a
>> public interface.
>>
>> I would recommend you open an enhancement request at bugzilla.novell.com
>> and request additional attributes be added to the Exit implementation.
>>
>> Thanks,
>> -Jeremy

>
> Thanks for the info. I will figure out a work around for now and put in
> an enhancement request.


Do let us know if you do figure out a way.

Perhaps the developers could consider the case of 'reading' the
attribute on demand, versus 'eventing' on the change of the attribute.
If that would be of value. You could poll for it, if that was important
as a workaround?


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.