fartyalvikram Contributor.
Contributor.
1568 views

Read Users using Query

I am using Identity Manager 4.7.
I have configured one Job on Null Driver Subscriber channel, In this how can I read all Users who have "testAttrib" is available using Query?
Labels (1)
0 Likes
15 Replies
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

fartyalvikram wrote:

> how
> can I read all Users who have "testAttrib" is available using Query?


Try this:

<do-for-each>
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-match-attr name="testAttrib">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">Surname</token-text>
</arg-string>
</token-query>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Found: </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> with Surname "</token-text>
<token-xpath
expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
<token-text xml:space="preserve">"</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Read Users using Query

Thanks for reply.
Attribute "testAttrib" syntax is "Time" Single Valued.
Rule is given below
<do-for-each>
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-match-attr name="testAttrib">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">Surname</token-text>
</arg-string>
</token-query>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Found: </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> with Surname "</token-text>
<token-xpath expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
<token-text xml:space="preserve">"</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>

And I am getting the following exception in the log
<status level="error">Code(-9053) One or more errors occurred while processing a query: Code(-8009) Error processing <search-attr>: java.lang.NumberFormatException: For input string: "*".</status>

Can we compare "testAttrib" value (which is in time) with some other time or timestamp?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

fartyalvikram wrote:

> Can we compare "testAttrib" value (which is in time) with some other
> time or timestamp?


Seems like token query does not support the "exists" syntax ("*") for time
syntax attributes. I'd probably use an ldapsearch ecma instead, which should
allow both testAttrib=* as well as testAttrib<=20180528120100Z comparisons.
ECMA versions of ldapsearch are contained in one of the "Common" packages from
MF/NetIQ, iirc, or can be pulled off my public repo at
https://www.brummelhook.com/download/idm/packages/ as part of the "Bits and
Pieces" package. Another version is mentioned at
https://www.netiq.com/communities/cool-solutions/open-call-useful-ecma-functions-use-identity-manager/

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

On 5/28/2018 7:09 AM, Lothar Haeger wrote:
> fartyalvikram wrote:
>
>> Can we compare "testAttrib" value (which is in time) with some other
>> time or timestamp?

>
> Seems like token query does not support the "exists" syntax ("*") for time
> syntax attributes. I'd probably use an ldapsearch ecma instead, which should


I was thinking LDAP ECMA approach as well.

Does Query support * for string syntaxes though?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

geoffc;2481602 wrote:
On 5/28/2018 7:09 AM, Lothar Haeger wrote:
> fartyalvikram wrote:
>
>> Can we compare "testAttrib" value (which is in time) with some other
>> time or timestamp?

>
> Seems like token query does not support the "exists" syntax ("*") for time
> syntax attributes. I'd probably use an ldapsearch ecma instead, which should


I was thinking LDAP ECMA approach as well.

Does Query support * for string syntaxes though?


I don't think, that Query token support any "wildcard" search syntax.
This is a long time pending request for extension for Query token.

Currently this option available only for LDAP query.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

On 5/28/2018 2:36 PM, al b wrote:
>
> geoffc;2481602 Wrote:
>> On 5/28/2018 7:09 AM, Lothar Haeger wrote:
>>> fartyalvikram wrote:
>>>
>>>> Can we compare "testAttrib" value (which is in time) with some other
>>>> time or timestamp?
>>>
>>> Seems like token query does not support the "exists" syntax ("*") for

>> time
>>> syntax attributes. I'd probably use an ldapsearch ecma instead, which

>> should
>>
>> I was thinking LDAP ECMA approach as well.
>>
>> Does Query support * for string syntaxes though?

>
> I don't think, that *Query* token support any "wildcard" search syntax.
> This is a long time pending request for extension for Query token.
>
> Currently this option available only for LDAP query.


Right, and you cannot query for presence = * or absence (Not = *) or
time synatx. Wait... Did I remember something about adding Time syntax
fields and < and > or am I losing my mind?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

al b wrote:

> I don't think, that Query token support any "wildcard" search syntax.


You are probably right when querying the ID Vault. I may have mixed that up
with queries against the application side, which do support * in some cases,
like
https://www.netiq.com/documentation/identity-manager-47-drivers/sap_user/data/byi8iee.html


--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

Lothar Haeger <lothar.haeger@is4it.de> wrote:
> al b wrote:
>
>> I don't think, that Query token support any "wildcard" search syntax.

>
> You are probably right when querying the ID Vault.


Pretty sure it is supported on the ID vault side, but only in specific
cases.

IDM query only can be configured for equality or substring matching rules,
the token and XDS would need enhancement to support other matching rule
types.

If you need substring, look up the relevant attribute syntax: there it
specifies what matching rules are supported.

For example:

Case Ignore String has support for substring.
But not supported with Time syntax.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

On 5/29/2018 9:16 AM, Alex McHugh wrote:
> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>> al b wrote:
>>
>>> I don't think, that Query token support any "wildcard" search syntax.

>>
>> You are probably right when querying the ID Vault.

>
> Pretty sure it is supported on the ID vault side, but only in specific
> cases.
>
> IDM query only can be configured for equality or substring matching rules,
> the token and XDS would need enhancement to support other matching rule
> types.
>
> If you need substring, look up the relevant attribute syntax: there it
> specifies what matching rules are supported.
>
> For example:
>
> Case Ignore String has support for substring.
> But not supported with Time syntax.


Do you have a good URL for the schema reference with that info? I had
found it once, but last time I looked, I missed it somehow.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query

On 5/29/2018 10:20 AM, Geoffrey Carman wrote:
> On 5/29/2018 9:16 AM, Alex McHugh wrote:
>> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>>> al b wrote:
>>>
>>>> I don't think, that Query token support any "wildcard" search syntax.
>>>
>>> You are probably right when querying the ID Vault.

>>
>> Pretty sure it is supported on the ID vault side, but only in specific
>> cases.
>>
>> IDM query only can be configured for equality or substring matching
>> rules,
>> the token and XDS would need enhancement to support other matching rule
>> types.
>>
>> If you need substring, look up the relevant attribute syntax: there it
>> specifies what matching rules are supported.
>>
>> For example:
>>
>> Case Ignore String has support for substring.
>> But not supported with Time syntax.

>
> Do you have a good URL for the schema reference with that info?  I had
> found it once, but last time I looked, I missed it somehow.


And I found the links in your later post, thank you again.


0 Likes
Knowledge Partner
Knowledge Partner

Re: Read Users using Query


> <token-query class-name="User" datastore="src">
> <arg-match-attr name="testAttrib">
> <arg-value type="string">
> <token-text xml:space="preserve">*</token-text>
> </arg-value>
> </arg-match-attr>
> <arg-string>
> <token-text xml:space="preserve">Surname</token-text>
> </arg-string>
> </token-query>


Is asterisk as a wild card legal here? LDAP yes, IDM Query not so much?
I have been bugging Rajiv to get the Query token to have more LDAP
semantic support as well, but I did not think those changes were yet to
be made...

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.