aortiz1 Trusted Contributor.
Trusted Contributor.
491 views

Send information to IDM through Scripting Driver

Jump to solution

Hi all

I'm using an Scripting Driver for multiple uses with powershell, in this particular scenario my script calls another script which makes all the magic and returns a response to the first script to be evaluated and an status is sent back to the driver for IDM to make all of its magic there. For this to happen i'm triggering the logic with a JOB but when the status comes, it only gives me the "Trigger" and "EventID" information and i really need to have like Class Name and the DN of the user being affected.

This is how im setting up the powershell script:

idm_statussuccess $statusMsg
idm_writevalue "CLASS_NAME" $className
idm_writevalue "DEST_DN" $src_dn

Of course i have previously set $className and $src_dn with the information that i need

This is the response i see in my driver log:

<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
Here goes the status message
</output>
</nds

According to the Documentation of the driver i should be able to use the idm_writevalue to send information with the status but i don't seem to make it possible.

Any ideas? 

Thanks in advance 

pd: IDM is 4.7.2

Labels (1)
0 Likes
1 Solution

Accepted Solutions
aortiz1 Trusted Contributor.
Trusted Contributor.

Re: Send information to IDM through Scripting Driver

Jump to solution

Thank you so much guys for your answers. I managed to solve the problem by setting operation data through the subscriber channel of the Driver instead from the script per se. 

For those who might wanna know a little bit more of information i just added a "set operation property" action in my subscriber channel and i get this information with the response from the Script.

Thank you so much guys!

4 Replies
Knowledge Partner
Knowledge Partner

Re: Send information to IDM through Scripting Driver

Jump to solution

IDM is a framework. Each driver can do whatever it is configured to do, and there is a lot there.

Scripting is another framework.  You send it an IDM event and it does what it tells you to (basically nothing out of the box).

So a trigger event is not helpful, since the sub channel sends it to the shim, you get it in the Scripting shim, the 'wrong' kind of event.

Now, is the trigger coming on a specific object?  If that is the case, you can get the src-dn from the event and that is the object in play.   A trigger can be a single event on an object (even a container) or 'unrolled' to all objects inside the container. 

If you look at the XML of the Trigger event on the engine trace side, you will see the XML attribute for the src-dn (Which I do think is src-dn in the trigger node)

Now I THINK, that setvalue with a Status event may not work.  I would actually, simply reorder your output to write value then status success.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Send information to IDM through Scripting Driver

Jump to solution

Hello,

idm_writevalue calls should indeed proceed idm_statussuccess. However, if we look at the DTD for the status tag (https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/ndsdtd/status.html), we see that only event-id (EVENT_ID), level and type attributes are used (along with message text). So you'll need to alter your message text:

   idm_statussuccess ("Success for object '" + $src_dn + "' (class '" + $className + ')")

Give that a try with any necessary adjustments. Functions like idm_statussuccess are in ...\WSDriver\scripts\powershell\IDMLib.ps1 if you need to see how they work. I don't recommend changing IDMLib.ps1 though, as it may get overwritten by an upgrade.

-- Sam

 

Knowledge Partner
Knowledge Partner

Re: Send information to IDM through Scripting Driver

Jump to solution

You are somewhat limited in what you can send back in a status element.

If you look at the relevant part of the DTD ndsdtd for status element there is little you can add.

The "level" is implicitly set by the status variant you call like "idm_statussuccess"

You can return a different "type" by specifying:

 

idm_statussuccess $statusMsg
idm_writevalue "STATUS_TYPE" "my type"

 

but the engine might complain if you get too funky there.
 
What I normally do is B64 encode a blob and return it in as part of the $statusMsg then parse it out from there on engine side. You should in theory be able to embed any XML in the message blob, but I think the scripting shim choked on that.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
aortiz1 Trusted Contributor.
Trusted Contributor.

Re: Send information to IDM through Scripting Driver

Jump to solution

Thank you so much guys for your answers. I managed to solve the problem by setting operation data through the subscriber channel of the Driver instead from the script per se. 

For those who might wanna know a little bit more of information i just added a "set operation property" action in my subscriber channel and i get this information with the response from the Script.

Thank you so much guys!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.