Knowledge Partner
Knowledge Partner

Re: Invoke an external script from IDM


You can but it's not as pretty.

The scripting driver is far better suitedfor this but this is a rule I
have in the AD driver for creating home directories din the creation
process.
The acual script is a home made ps script that is local to the RL box.

> <do-set-dest-attr-value name="PSexecute" when="after">
> <arg-value type="string">
> <token-text xml:space="preserve">Invoke-Expression</token-text>
> <token-text xml:space="preserve"> -command </token-text>
> <token-text xml:space="preserve"> "</token-text>
> <token-global-variable name="idv.dit.data.PShomedirScript"/>
> <token-text xml:space="preserve"> -dirPath </token-text>
> <token-global-variable name="idv.dit.data.homedir"/>
> <token-text xml:space="preserve"> -name </token-text>
> <token-local-variable name="varADname"/>
> <token-text xml:space="preserve"> -domain </token-text>
> <token-global-variable name="drv.domain.name"/>
> <token-text xml:space="preserve">"</token-text>
> </arg-value>
> </do-set-dest-attr-value>



--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=55708

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Invoke an external script from IDM


joakim_ganse;266931 Wrote:
> You can but it's not as pretty.
>
> The scripting driver is far better suitedfor this but this is a rule I
> have in the AD driver for creating home directories din the creation
> process.
> The acual script is a home made ps script that is local to the RL box.


Awesome joakim_ganse 🙂
That's what we were looking for and hope it will work. I'll keep posted
and clarify any doubts


--
Rajasekhar88
------------------------------------------------------------------------
Rajasekhar88's Profile: https://forums.netiq.com/member.php?userid=11739
View this thread: https://forums.netiq.com/showthread.php?t=55708

0 Likes
Knowledge Partner
Knowledge Partner

Re: Invoke an external script from IDM

Lothar Haeger <lothar.haeger@is4it.de> wrote:
> Rajasekhar88 wrote:
>
>> http://tinyurl.com/lwxodn5
>>
>> I have written a custom policy eg. if the user telephone number is
>> changed to some xxxxxxx trigger an action like running powershell
>> commandlet in remoteloader AD.

>
> To quote from your reference above: "PowerShell includes a wide variety of
> cmdlets and functions. However, the Active Directory driver only supports
> Active Directory and Exchange PowerShell modules and cmdlets."
>
> Get-Process and Get-Command both do not belong to AD/Exchange modules/cmdlets.
>



Not entirely true. One can explicitly load other modules but it must be
done each and every time you call a powershell command.

Essentially you have to jump through hoops to make this functionality
useful for anything aside from AD/Exchange. This is by design.
--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Invoke an external script from IDM

Hi Rajasekhar88,
Another available option is to use Java exec functionality.

Example taken from great IAM-related Jim Willeke blog:

<do-set-local-variable name="runtime-instance">
<arg-object>
<token-xpath expression="runtime:getRuntime()"/>
</arg-object>
</do-set-local-variable>
<do-set-local-variable name="cmd-line">
<arg-string>
<token-text xml:space="preserve">C:\WINDOWS\system32\cscript.exe</token-text>
<token-text xml:space="preserve"> </token-text>
<token-text xml:space="preserve">C:\scripts\Insert_Event.vbs</token-text>
<token-text xml:space="preserve"> </token-text>
<token-text xml:space="preserve">TIVOLI</token-text>
<token-text xml:space="preserve"> </token-text>
<token-attr name="arzBanknummer"/>
<token-text xml:space="preserve"> </token-text>
<token-attr name="arzHostId"/>
<token-text xml:space="preserve"> </token-text>
<token-attr name="Surname"/>
<token-text xml:space="preserve"> </token-text>
<token-attr name="Given Name"/>
<token-text xml:space="preserve"> </token-text>
<token-text xml:space="preserve">MODIFY</token-text>
<token-text xml:space="preserve"> </token-text>
<token-text xml:space="preserve">RESR</token-text>
<token-text xml:space="preserve"> </token-text>
<token-text xml:space="preserve">"Modifying user properties"</token-text>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-local-variable name="cmd-line"/>
</arg-string>
</do-trace-message>
<do-set-local-variable name="process">
<arg-object>
<token-xpath expression="runtime:exec($runtime-instance, $cmd-line)"/>
</arg-object>
</do-set-local-variable>


Note: You must declare the runtime namespace for the policy:
<policy xmlns:runtime="http://www.novell.com/nxsl/java/java.lang.Runtime">


Alex
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Invoke an external script from IDM

al b wrote:

>
> Hi Rajasekhar88,
> Another available option is to use *Java exec* functionality.
>
> Example taken from great IAM-related Jim Willeke blog:


I've had bad experiences with java exec and hanging engine.
Far better to put do this via a remote loader (even if the remote
loader runs on the engine server).
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.