fartyalvikram

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
07:53
1828 views
Read Users using Query
I am using Identity Manager 4.7.
I have configured one Job on Null Driver Subscriber channel, In this how can I read all Users who have "testAttrib" is available using Query?
I have configured one Job on Null Driver Subscriber channel, In this how can I read all Users who have "testAttrib" is available using Query?
15 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
08:28
fartyalvikram wrote:
> how
> can I read all Users who have "testAttrib" is available using Query?
Try this:
<do-for-each>
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-match-attr name="testAttrib">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">Surname</token-text>
</arg-string>
</token-query>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Found: </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> with Surname "</token-text>
<token-xpath
expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
<token-text xml:space="preserve">"</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
> how
> can I read all Users who have "testAttrib" is available using Query?
Try this:
<do-for-each>
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-match-attr name="testAttrib">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">Surname</token-text>
</arg-string>
</token-query>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Found: </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> with Surname "</token-text>
<token-xpath
expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
<token-text xml:space="preserve">"</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
https://www.is4it.de/identity-access-management
fartyalvikram

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
11:52
Thanks for reply.
Attribute "testAttrib" syntax is "Time" Single Valued.
Rule is given below
And I am getting the following exception in the log
Can we compare "testAttrib" value (which is in time) with some other time or timestamp?
Attribute "testAttrib" syntax is "Time" Single Valued.
Rule is given below
<do-for-each>
<arg-node-set>
<token-query class-name="User" datastore="src">
<arg-match-attr name="testAttrib">
<arg-value type="string">
<token-text xml:space="preserve">*</token-text>
</arg-value>
</arg-match-attr>
<arg-string>
<token-text xml:space="preserve">Surname</token-text>
</arg-string>
</token-query>
</arg-node-set>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Found: </token-text>
<token-xpath expression="$current-node/@src-dn"/>
<token-text xml:space="preserve"> with Surname "</token-text>
<token-xpath expression='$current-node/attr[@attr-name="Surname"]/value/text()'/>
<token-text xml:space="preserve">"</token-text>
</arg-string>
</do-trace-message>
</arg-actions>
</do-for-each>
And I am getting the following exception in the log
<status level="error">Code(-9053) One or more errors occurred while processing a query: Code(-8009) Error processing <search-attr>: java.lang.NumberFormatException: For input string: "*".</status>
Can we compare "testAttrib" value (which is in time) with some other time or timestamp?


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
12:09
fartyalvikram wrote:
> Can we compare "testAttrib" value (which is in time) with some other
> time or timestamp?
Seems like token query does not support the "exists" syntax ("*") for time
syntax attributes. I'd probably use an ldapsearch ecma instead, which should
allow both testAttrib=* as well as testAttrib<=20180528120100Z comparisons.
ECMA versions of ldapsearch are contained in one of the "Common" packages from
MF/NetIQ, iirc, or can be pulled off my public repo at
https://www.brummelhook.com/download/idm/packages/ as part of the "Bits and
Pieces" package. Another version is mentioned at
https://www.netiq.com/communities/cool-solutions/open-call-useful-ecma-functions-use-identity-manager/
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
> Can we compare "testAttrib" value (which is in time) with some other
> time or timestamp?
Seems like token query does not support the "exists" syntax ("*") for time
syntax attributes. I'd probably use an ldapsearch ecma instead, which should
allow both testAttrib=* as well as testAttrib<=20180528120100Z comparisons.
ECMA versions of ldapsearch are contained in one of the "Common" packages from
MF/NetIQ, iirc, or can be pulled off my public repo at
https://www.brummelhook.com/download/idm/packages/ as part of the "Bits and
Pieces" package. Another version is mentioned at
https://www.netiq.com/communities/cool-solutions/open-call-useful-ecma-functions-use-identity-manager/
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
https://www.is4it.de/identity-access-management


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
12:32
On 5/28/2018 7:09 AM, Lothar Haeger wrote:
> fartyalvikram wrote:
>
>> Can we compare "testAttrib" value (which is in time) with some other
>> time or timestamp?
>
> Seems like token query does not support the "exists" syntax ("*") for time
> syntax attributes. I'd probably use an ldapsearch ecma instead, which should
I was thinking LDAP ECMA approach as well.
Does Query support * for string syntaxes though?
> fartyalvikram wrote:
>
>> Can we compare "testAttrib" value (which is in time) with some other
>> time or timestamp?
>
> Seems like token query does not support the "exists" syntax ("*") for time
> syntax attributes. I'd probably use an ldapsearch ecma instead, which should
I was thinking LDAP ECMA approach as well.
Does Query support * for string syntaxes though?


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
19:34
geoffc;2481602 wrote:
On 5/28/2018 7:09 AM, Lothar Haeger wrote:
> fartyalvikram wrote:
>
>> Can we compare "testAttrib" value (which is in time) with some other
>> time or timestamp?
>
> Seems like token query does not support the "exists" syntax ("*") for time
> syntax attributes. I'd probably use an ldapsearch ecma instead, which should
I was thinking LDAP ECMA approach as well.
Does Query support * for string syntaxes though?
I don't think, that Query token support any "wildcard" search syntax.
This is a long time pending request for extension for Query token.
Currently this option available only for LDAP query.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
22:12
On 5/28/2018 2:36 PM, al b wrote:
>
> geoffc;2481602 Wrote:
>> On 5/28/2018 7:09 AM, Lothar Haeger wrote:
>>> fartyalvikram wrote:
>>>
>>>> Can we compare "testAttrib" value (which is in time) with some other
>>>> time or timestamp?
>>>
>>> Seems like token query does not support the "exists" syntax ("*") for
>> time
>>> syntax attributes. I'd probably use an ldapsearch ecma instead, which
>> should
>>
>> I was thinking LDAP ECMA approach as well.
>>
>> Does Query support * for string syntaxes though?
>
> I don't think, that *Query* token support any "wildcard" search syntax.
> This is a long time pending request for extension for Query token.
>
> Currently this option available only for LDAP query.
Right, and you cannot query for presence = * or absence (Not = *) or
time synatx. Wait... Did I remember something about adding Time syntax
fields and < and > or am I losing my mind?
>
> geoffc;2481602 Wrote:
>> On 5/28/2018 7:09 AM, Lothar Haeger wrote:
>>> fartyalvikram wrote:
>>>
>>>> Can we compare "testAttrib" value (which is in time) with some other
>>>> time or timestamp?
>>>
>>> Seems like token query does not support the "exists" syntax ("*") for
>> time
>>> syntax attributes. I'd probably use an ldapsearch ecma instead, which
>> should
>>
>> I was thinking LDAP ECMA approach as well.
>>
>> Does Query support * for string syntaxes though?
>
> I don't think, that *Query* token support any "wildcard" search syntax.
> This is a long time pending request for extension for Query token.
>
> Currently this option available only for LDAP query.
Right, and you cannot query for presence = * or absence (Not = *) or
time synatx. Wait... Did I remember something about adding Time syntax
fields and < and > or am I losing my mind?


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-29
08:04
al b wrote:
> I don't think, that Query token support any "wildcard" search syntax.
You are probably right when querying the ID Vault. I may have mixed that up
with queries against the application side, which do support * in some cases,
like
https://www.netiq.com/documentation/identity-manager-47-drivers/sap_user/data/byi8iee.html
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
> I don't think, that Query token support any "wildcard" search syntax.
You are probably right when querying the ID Vault. I may have mixed that up
with queries against the application side, which do support * in some cases,
like
https://www.netiq.com/documentation/identity-manager-47-drivers/sap_user/data/byi8iee.html
--
http://www.is4it.de/en/solution/identity-access-management/
(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
https://www.is4it.de/identity-access-management


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-29
14:16
Lothar Haeger <lothar.haeger@is4it.de> wrote:
> al b wrote:
>
>> I don't think, that Query token support any "wildcard" search syntax.
>
> You are probably right when querying the ID Vault.
Pretty sure it is supported on the ID vault side, but only in specific
cases.
IDM query only can be configured for equality or substring matching rules,
the token and XDS would need enhancement to support other matching rule
types.
If you need substring, look up the relevant attribute syntax: there it
specifies what matching rules are supported.
For example:
Case Ignore String has support for substring.
But not supported with Time syntax.
> al b wrote:
>
>> I don't think, that Query token support any "wildcard" search syntax.
>
> You are probably right when querying the ID Vault.
Pretty sure it is supported on the ID vault side, but only in specific
cases.
IDM query only can be configured for equality or substring matching rules,
the token and XDS would need enhancement to support other matching rule
types.
If you need substring, look up the relevant attribute syntax: there it
specifies what matching rules are supported.
For example:
Case Ignore String has support for substring.
But not supported with Time syntax.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-29
15:20
On 5/29/2018 9:16 AM, Alex McHugh wrote:
> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>> al b wrote:
>>
>>> I don't think, that Query token support any "wildcard" search syntax.
>>
>> You are probably right when querying the ID Vault.
>
> Pretty sure it is supported on the ID vault side, but only in specific
> cases.
>
> IDM query only can be configured for equality or substring matching rules,
> the token and XDS would need enhancement to support other matching rule
> types.
>
> If you need substring, look up the relevant attribute syntax: there it
> specifies what matching rules are supported.
>
> For example:
>
> Case Ignore String has support for substring.
> But not supported with Time syntax.
Do you have a good URL for the schema reference with that info? I had
found it once, but last time I looked, I missed it somehow.
> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>> al b wrote:
>>
>>> I don't think, that Query token support any "wildcard" search syntax.
>>
>> You are probably right when querying the ID Vault.
>
> Pretty sure it is supported on the ID vault side, but only in specific
> cases.
>
> IDM query only can be configured for equality or substring matching rules,
> the token and XDS would need enhancement to support other matching rule
> types.
>
> If you need substring, look up the relevant attribute syntax: there it
> specifies what matching rules are supported.
>
> For example:
>
> Case Ignore String has support for substring.
> But not supported with Time syntax.
Do you have a good URL for the schema reference with that info? I had
found it once, but last time I looked, I missed it somehow.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-29
15:21
On 5/29/2018 10:20 AM, Geoffrey Carman wrote:
> On 5/29/2018 9:16 AM, Alex McHugh wrote:
>> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>>> al b wrote:
>>>
>>>> I don't think, that Query token support any "wildcard" search syntax.
>>>
>>> You are probably right when querying the ID Vault.
>>
>> Pretty sure it is supported on the ID vault side, but only in specific
>> cases.
>>
>> IDM query only can be configured for equality or substring matching
>> rules,
>> the token and XDS would need enhancement to support other matching rule
>> types.
>>
>> If you need substring, look up the relevant attribute syntax: there it
>> specifies what matching rules are supported.
>>
>> For example:
>>
>> Case Ignore String has support for substring.
>> But not supported with Time syntax.
>
> Do you have a good URL for the schema reference with that info? I had
> found it once, but last time I looked, I missed it somehow.
And I found the links in your later post, thank you again.
> On 5/29/2018 9:16 AM, Alex McHugh wrote:
>> Lothar Haeger <lothar.haeger@is4it.de> wrote:
>>> al b wrote:
>>>
>>>> I don't think, that Query token support any "wildcard" search syntax.
>>>
>>> You are probably right when querying the ID Vault.
>>
>> Pretty sure it is supported on the ID vault side, but only in specific
>> cases.
>>
>> IDM query only can be configured for equality or substring matching
>> rules,
>> the token and XDS would need enhancement to support other matching rule
>> types.
>>
>> If you need substring, look up the relevant attribute syntax: there it
>> specifies what matching rules are supported.
>>
>> For example:
>>
>> Case Ignore String has support for substring.
>> But not supported with Time syntax.
>
> Do you have a good URL for the schema reference with that info? I had
> found it once, but last time I looked, I missed it somehow.
And I found the links in your later post, thank you again.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-28
12:31
> <token-query class-name="User" datastore="src">
> <arg-match-attr name="testAttrib">
> <arg-value type="string">
> <token-text xml:space="preserve">*</token-text>
> </arg-value>
> </arg-match-attr>
> <arg-string>
> <token-text xml:space="preserve">Surname</token-text>
> </arg-string>
> </token-query>
Is asterisk as a wild card legal here? LDAP yes, IDM Query not so much?
I have been bugging Rajiv to get the Query token to have more LDAP
semantic support as well, but I did not think those changes were yet to
be made...