Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
247 views

Starting jobs from policy


Hi all,

I’m calling a job from a police via direct cmd.
I was following one of Geoff Carmen’s posts (where he took an idea
someone did with static values and added variables into them).
http://tinyurl.com/qbcwvjn

It works fine with static values, like below:
Xpath: jcmd:commandLine(" -user admin.services -password novell
-startjob 'ResyncUsers.CMIS.Driver Set.services'")

But as soon as I add in variables to that command, absolutely NOTHING
happens. The job doesn’t fire and there are no errors:
Xpath: jcmd:commandLine(" -user $lvUsrDot -password $lvDvrUsrPass
-startjob $lvJob")

The variables are fine and I’ve even just tried setting them manually
instead of letting them be dynamic.
Also tried just using a variable for the username or for the password or
for the job name. Nothing.

Any help would be great!

'Trace with policy configured to use variables '
(http://pastebin.com/bE2cP1QU)

'Trace with policy configured to use static vaulues '
(http://pastebin.com/aVZeFVFT)

Thanks!
Aaron


--
aarondickinson
------------------------------------------------------------------------
aarondickinson's Profile: https://forums.netiq.com/member.php?userid=3447
View this thread: https://forums.netiq.com/showthread.php?t=51784

Labels (1)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: Starting jobs from policy

On 9/18/2014 12:17 PM, aarondickinson wrote:
>
> Hi all,
>
> I�m calling a job from a police via direct cmd.
> I was following one of Geoff Carmen�s posts (where he took an idea


Carman with an A, not an E. I am deeply insulted. 🙂 I think I am
going to take my toys and go home now. (Oddly the Geoff vs Geoffrey does
not bother me in the slightest).

> someone did with static values and added variables into them).
> http://tinyurl.com/qbcwvjn


I was pretty sure that would work. But I also wrote it 'a long time
ago' in a galaxy far far away.

On a side note, if you have any of the Permissions Collection and
Reconcilliation services packages (AKA AD drivers latest Exchange
Entitlements package) look at the startup policies (new policy set in
IDm 4.02 Patch 3 and later), you will see they do the same task.

In fact last Brainshare, I was sitting in a session next to one of the
authors of the Jade packages (You know who are MW!) and he was very nice
to mention he used a couple of ideas from my articles in it. This one
included.

Anyway, here is the rule they use as an example.

<rule>
<description>Set Job Named Password value</description>
<comment xml:space="preserve">Set the named password parameter of the
PermissionOnboarding job object. This is the last rule in this policy.
The engine will commit the changes before proceeding to the next policy
in the chain</comment>
<conditions/>
<actions>
<do-set-local-variable name="JOBDN" scope="policy">
<arg-string>
<token-text xml:space="preserve">PermissionOnboarding.</token-text>
<token-parse-dn dest-dn-format="dot" src-dn-format="slash" start="1">
<token-global-variable name="dirxml.auto.driverdn"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="JOBADMIN" scope="policy">
<arg-string>
<token-src-attr name="Security Equals">
<arg-dn>
<token-global-variable name="dirxml.auto.driverdn"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<!-- Need to do this query with slash-form DN of JOBADMIN -->
<do-set-local-variable name="PASSWORD" notrace="true" scope="policy">
<arg-string>
<token-src-attr name="nspmDistributionPassword">
<arg-dn>
<token-local-variable name="JOBADMIN"/>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<!-- Need to do this query with slash-form DN of UA ADMIN -->
<do-set-local-variable name="UA_PASSWORD" notrace="true" scope="policy">
<arg-string>
<token-src-attr name="nspmDistributionPassword">
<arg-dn>
<token-parse-dn dest-dn-format="slash" src-dn-format="qualified-dot">
<token-global-variable name="UAProvAdmin"/>
</token-parse-dn>
</arg-dn>
</token-src-attr>
</arg-string>
</do-set-local-variable>
<!-- Now convert JOBADMIN to dot format -->
<do-set-local-variable name="JOBADMIN" scope="policy">
<arg-string>
<token-parse-dn dest-dn-format="dot" src-dn-format="slash" start="1">
<token-local-variable name="JOBADMIN"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="SETPWDCMD" notrace="true" scope="policy">
<arg-string>
<token-text xml:space="preserve"> -user </token-text>
<token-local-variable name="JOBADMIN"/>
<token-text xml:space="preserve"> -password </token-text>
<token-local-variable name="PASSWORD"/>
<token-text xml:space="preserve"> -setnamedpassword '</token-text>
<token-local-variable name="JOBDN"/>
<token-text xml:space="preserve">' ua-password </token-text>
<token-local-variable name="UA_PASSWORD"/>
</arg-string>
</do-set-local-variable>
<do-trace-message level="1" notrace="true">
<arg-string>
<token-text xml:space="preserve">PASSWORD_COMMAND: </token-text>
<token-local-variable name="SETPWDCMD"/>
</arg-string>
</do-trace-message>
<do-set-local-variable name="setNamedPwd" scope="policy">
<arg-object>
<token-xpath expression="jcmd:commandLine(string($SETPWDCMD))"/>
</arg-object>
</do-set-local-variable>
</actions>
</rule>

I suspect the key thing to try is what they do in the last action:

<do-set-local-variable name="setNamedPwd" scope="policy">
<arg-object>
<token-xpath expression="jcmd:commandLine(string($SETPWDCMD))"/>
</arg-object>
</do-set-local-variable>

Note they build the string int SETPWDCMD and then call it as
string($SETPWDCMD) which makes me think they ran into this issue and
resolved it this way.

I was going to suggest that your line:
jcmd:commandLine(" -user $lvUsrDot -password $lvDvrUsrPass
-startjob $lvJob")

also try it as:

jcmd:commandLine(" -user '$lvUsrDot' -password '$lvDvrUsrPass'
-startjob '$lvJob'")

That is, surround the variables by single quotes.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting jobs from policy

And per your comment on the doc, probably needs the arg-object vs
arg-string to work. (Updated the Post already.)


On 9/18/2014 12:49 PM, Geoffrey Carman wrote:
> On 9/18/2014 12:17 PM, aarondickinson wrote:
>>
>> Hi all,
>>
>> I�m calling a job from a police via direct cmd.
>> I was following one of Geoff Carmen�s posts (where he took an idea

>
> Carman with an A, not an E. I am deeply insulted. 🙂 I think I am
> going to take my toys and go home now. (Oddly the Geoff vs Geoffrey does
> not bother me in the slightest).
>
>> someone did with static values and added variables into them).
>> http://tinyurl.com/qbcwvjn

>
> I was pretty sure that would work. But I also wrote it 'a long time
> ago' in a galaxy far far away.
>
> On a side note, if you have any of the Permissions Collection and
> Reconcilliation services packages (AKA AD drivers latest Exchange
> Entitlements package) look at the startup policies (new policy set in
> IDm 4.02 Patch 3 and later), you will see they do the same task.
>
> In fact last Brainshare, I was sitting in a session next to one of the
> authors of the Jade packages (You know who are MW!) and he was very nice
> to mention he used a couple of ideas from my articles in it. This one
> included.
>
> Anyway, here is the rule they use as an example.
>
> <rule>
> <description>Set Job Named Password value</description>
> <comment xml:space="preserve">Set the named password parameter of
> the PermissionOnboarding job object. This is the last rule in this
> policy. The engine will commit the changes before proceeding to the next
> policy in the chain</comment>
> <conditions/>
> <actions>
> <do-set-local-variable name="JOBDN" scope="policy">
> <arg-string>
> <token-text
> xml:space="preserve">PermissionOnboarding.</token-text>
> <token-parse-dn dest-dn-format="dot"
> src-dn-format="slash" start="1">
> <token-global-variable name="dirxml.auto.driverdn"/>
> </token-parse-dn>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="JOBADMIN" scope="policy">
> <arg-string>
> <token-src-attr name="Security Equals">
> <arg-dn>
> <token-global-variable
> name="dirxml.auto.driverdn"/>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Need to do this query with slash-form DN of JOBADMIN -->
> <do-set-local-variable name="PASSWORD" notrace="true"
> scope="policy">
> <arg-string>
> <token-src-attr name="nspmDistributionPassword">
> <arg-dn>
> <token-local-variable name="JOBADMIN"/>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Need to do this query with slash-form DN of UA ADMIN -->
> <do-set-local-variable name="UA_PASSWORD" notrace="true"
> scope="policy">
> <arg-string>
> <token-src-attr name="nspmDistributionPassword">
> <arg-dn>
> <token-parse-dn dest-dn-format="slash"
> src-dn-format="qualified-dot">
> <token-global-variable name="UAProvAdmin"/>
> </token-parse-dn>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Now convert JOBADMIN to dot format -->
> <do-set-local-variable name="JOBADMIN" scope="policy">
> <arg-string>
> <token-parse-dn dest-dn-format="dot"
> src-dn-format="slash" start="1">
> <token-local-variable name="JOBADMIN"/>
> </token-parse-dn>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="SETPWDCMD" notrace="true"
> scope="policy">
> <arg-string>
> <token-text xml:space="preserve"> -user </token-text>
> <token-local-variable name="JOBADMIN"/>
> <token-text xml:space="preserve"> -password </token-text>
> <token-local-variable name="PASSWORD"/>
> <token-text xml:space="preserve"> -setnamedpassword
> '</token-text>
> <token-local-variable name="JOBDN"/>
> <token-text xml:space="preserve">' ua-password
> </token-text>
> <token-local-variable name="UA_PASSWORD"/>
> </arg-string>
> </do-set-local-variable>
> <do-trace-message level="1" notrace="true">
> <arg-string>
> <token-text xml:space="preserve">PASSWORD_COMMAND:
> </token-text>
> <token-local-variable name="SETPWDCMD"/>
> </arg-string>
> </do-trace-message>
> <do-set-local-variable name="setNamedPwd" scope="policy">
> <arg-object>
> <token-xpath
> expression="jcmd:commandLine(string($SETPWDCMD))"/>
> </arg-object>
> </do-set-local-variable>
> </actions>
> </rule>
>
> I suspect the key thing to try is what they do in the last action:
>
> <do-set-local-variable name="setNamedPwd" scope="policy">
> <arg-object>
> <token-xpath expression="jcmd:commandLine(string($SETPWDCMD))"/>
> </arg-object>
> </do-set-local-variable>
>
> Note they build the string int SETPWDCMD and then call it as
> string($SETPWDCMD) which makes me think they ran into this issue and
> resolved it this way.
>
> I was going to suggest that your line:
> jcmd:commandLine(" -user $lvUsrDot -password $lvDvrUsrPass
> -startjob $lvJob")
>
> also try it as:
>
> jcmd:commandLine(" -user '$lvUsrDot' -password '$lvDvrUsrPass'
> -startjob '$lvJob'")
>
> That is, surround the variables by single quotes.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Starting jobs from policy


geoffc;248880 Wrote:
> On 9/18/2014 12:17 PM, aarondickinson wrote:
> >
> > Hi all,
> >
> > I�m calling a job from a police via direct cmd.
> > I was following one of Geoff Carmen�s posts (where he took an idea

>
> Carman with an A, not an E. I am deeply insulted. 🙂 I think I am
> going to take my toys and go home now. (Oddly the Geoff vs Geoffrey
> does
> not bother me in the slightest).
>
> > someone did with static values and added variables into them).
> > http://tinyurl.com/qbcwvjn

>
> I was pretty sure that would work. But I also wrote it 'a long time
> ago' in a galaxy far far away.
>
> On a side note, if you have any of the Permissions Collection and
> Reconcilliation services packages (AKA AD drivers latest Exchange
> Entitlements package) look at the startup policies (new policy set in
> IDm 4.02 Patch 3 and later), you will see they do the same task.
>
> In fact last Brainshare, I was sitting in a session next to one of the
> authors of the Jade packages (You know who are MW!) and he was very
> nice
> to mention he used a couple of ideas from my articles in it. This one
> included.
>
> Anyway, here is the rule they use as an example.
>
> <rule>
> <description>Set Job Named Password value</description>
> <comment xml:space="preserve">Set the named password parameter of the
> PermissionOnboarding job object. This is the last rule in this policy.
> The engine will commit the changes before proceeding to the next policy
> in the chain</comment>
> <conditions/>
> <actions>
> <do-set-local-variable name="JOBDN" scope="policy">
> <arg-string>
> <token-text xml:space="preserve">PermissionOnboarding.</token-text>
> <token-parse-dn dest-dn-format="dot" src-dn-format="slash" start="1">
> <token-global-variable name="dirxml.auto.driverdn"/>
> </token-parse-dn>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="JOBADMIN" scope="policy">
> <arg-string>
> <token-src-attr name="Security Equals">
> <arg-dn>
> <token-global-variable name="dirxml.auto.driverdn"/>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Need to do this query with slash-form DN of JOBADMIN -->
> <do-set-local-variable name="PASSWORD" notrace="true" scope="policy">
> <arg-string>
> <token-src-attr name="nspmDistributionPassword">
> <arg-dn>
> <token-local-variable name="JOBADMIN"/>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Need to do this query with slash-form DN of UA ADMIN -->
> <do-set-local-variable name="UA_PASSWORD" notrace="true"
> scope="policy">
> <arg-string>
> <token-src-attr name="nspmDistributionPassword">
> <arg-dn>
> <token-parse-dn dest-dn-format="slash" src-dn-format="qualified-dot">
> <token-global-variable name="UAProvAdmin"/>
> </token-parse-dn>
> </arg-dn>
> </token-src-attr>
> </arg-string>
> </do-set-local-variable>
> <!-- Now convert JOBADMIN to dot format -->
> <do-set-local-variable name="JOBADMIN" scope="policy">
> <arg-string>
> <token-parse-dn dest-dn-format="dot" src-dn-format="slash" start="1">
> <token-local-variable name="JOBADMIN"/>
> </token-parse-dn>
> </arg-string>
> </do-set-local-variable>
> <do-set-local-variable name="SETPWDCMD" notrace="true" scope="policy">
> <arg-string>
> <token-text xml:space="preserve"> -user </token-text>
> <token-local-variable name="JOBADMIN"/>
> <token-text xml:space="preserve"> -password </token-text>
> <token-local-variable name="PASSWORD"/>
> <token-text xml:space="preserve"> -setnamedpassword '</token-text>
> <token-local-variable name="JOBDN"/>
> <token-text xml:space="preserve">' ua-password </token-text>
> <token-local-variable name="UA_PASSWORD"/>
> </arg-string>
> </do-set-local-variable>
> <do-trace-message level="1" notrace="true">
> <arg-string>
> <token-text xml:space="preserve">PASSWORD_COMMAND: </token-text>
> <token-local-variable name="SETPWDCMD"/>
> </arg-string>
> </do-trace-message>
> <do-set-local-variable name="setNamedPwd" scope="policy">
> <arg-object>
> <token-xpath expression="jcmd:commandLine(string($SETPWDCMD))"/>
> </arg-object>
> </do-set-local-variable>
> </actions>
> </rule>
>
> I suspect the key thing to try is what they do in the last action:
>
> <do-set-local-variable name="setNamedPwd" scope="policy">
> <arg-object>
> <token-xpath expression="jcmd:commandLine(string($SETPWDCMD))"/>
> </arg-object>
> </do-set-local-variable>
>
> Note they build the string int SETPWDCMD and then call it as
> string($SETPWDCMD) which makes me think they ran into this issue and
> resolved it this way.
>
> I was going to suggest that your line:
> jcmd:commandLine(" -user $lvUsrDot -password $lvDvrUsrPass
> -startjob $lvJob")
>
> also try it as:
>
> jcmd:commandLine(" -user '$lvUsrDot' -password '$lvDvrUsrPass'
> -startjob '$lvJob'")
>
> That is, surround the variables by single quotes.


Sorry!!

I did spell it right when I was discussing this with a colleague, but
not when I typed it out again. 😞

Hahaha. So you never tested it? 😛

FYI, the above example worked!

And Re: your doc, I only noticed yours was arg-string when I'd tried
everything else and just copied your policy down and had a look at what
you were doing and noticed it wasn't set correctly for a direct command
(currently playing with sql injection so I remembered it from that).

Thanks!


--
aarondickinson
------------------------------------------------------------------------
aarondickinson's Profile: https://forums.netiq.com/member.php?userid=3447
View this thread: https://forums.netiq.com/showthread.php?t=51784

0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting jobs from policy


> Sorry!!
>
> I did spell it right when I was discussing this with a colleague, but
> not when I typed it out again. 😞


No worries, worth hassling you about though.

> Hahaha. So you never tested it? 😛


I did actually at the time, I think I redid the code to make it
simpler/cleaner and forgot to swap the variable type.

> FYI, the above example worked!
>
> And Re: your doc, I only noticed yours was arg-string when I'd tried
> everything else and just copied your policy down and had a look at what
> you were doing and noticed it wasn't set correctly for a direct command
> (currently playing with sql injection so I remembered it from that).


Glad to help, send fish.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Starting jobs from policy

On 9/19/2014 8:10 AM, Geoffrey Carman wrote:
> No worries, worth hassling you about though.
>
>> Hahaha. So you never tested it? 😛

>
> I did actually at the time, I think I redid the code to make it simpler/cleaner and forgot to swap the variable type.


You hassle more than the Knight who say Ni.
I question your testing.

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting jobs from policy

On 9/22/2014 12:48 AM, Will Schneider wrote:
> On 9/19/2014 8:10 AM, Geoffrey Carman wrote:
>> No worries, worth hassling you about though.
>>
>>> Hahaha. So you never tested it? 😛

>>
>> I did actually at the time, I think I redid the code to make it
>> simpler/cleaner and forgot to swap the variable type.

>
> You hassle more than the Knight who say Ni.
> I question your testing.


Bring me a shrubbery and I shall answer. Ni!

It was in 2008, give me a break. 🙂

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Starting jobs from policy

On 9/22/2014 5:19 AM, Geoffrey Carman wrote:
> On 9/22/2014 12:48 AM, Will Schneider wrote:
>> On 9/19/2014 8:10 AM, Geoffrey Carman wrote:
>>> No worries, worth hassling you about though.
>>>
>>>> Hahaha. So you never tested it? 😛
>>>
>>> I did actually at the time, I think I redid the code to make it
>>> simpler/cleaner and forgot to swap the variable type.

>>
>> You hassle more than the Knight who say Ni.
>> I question your testing.

>
> Bring me a shrubbery and I shall answer. Ni!
>
> It was in 2008, give me a break. 🙂
>


Instead of asking for fish, you should ask them to cut down the mightiest tree in the forest with a herring.


--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting jobs from policy

On 9/22/2014 10:48 AM, Will Schneider wrote:
> On 9/22/2014 5:19 AM, Geoffrey Carman wrote:
>> On 9/22/2014 12:48 AM, Will Schneider wrote:
>>> On 9/19/2014 8:10 AM, Geoffrey Carman wrote:
>>>> No worries, worth hassling you about though.
>>>>
>>>>> Hahaha. So you never tested it? 😛
>>>>
>>>> I did actually at the time, I think I redid the code to make it
>>>> simpler/cleaner and forgot to swap the variable type.
>>>
>>> You hassle more than the Knight who say Ni.
>>> I question your testing.

>>
>> Bring me a shrubbery and I shall answer. Ni!
>>
>> It was in 2008, give me a break. 🙂
>>

>
> Instead of asking for fish, you should ask them to cut down the
> mightiest tree in the forest with a herring.


But I like herring, and like trees.

Why waste a perfectly good herring on a tree? There are better
windmills to flail at.

I had not remembered that specific joke! Wild.






0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.