Highlighted
Jevans78 Absent Member.
Absent Member.
576 views

query for GUID in IDV

Hi,

Hopefully this is a quick query, I'm unable to find anything online to help me.

I'm trying to query the IDM vault for users using the IDV GUID value which is held in a workorder object,

do-set-local-variable("lvSearch",scope="policy",arg-node-set(token-query(class-name="user",datastore="src",arg-dn("resources\Active\Students"),arg-match-attr("GUID",token-local-variable("lvGUID")),token-attr("ModuleCode")))).


However when the workorder is processed the query fails with SYNTAX violation. I've used code like this before and had no issue with other attributes, so is this the format of the GUID (octet String) which is the issue? Example output from the level 3 trace is below.



<query class-name="user" dest-dn="resources\Active\Students" scope="subtree">
<search-class class-name="user"/>
<search-attr attr-name="GUID">
<value type="octet">3284EA37775B8B4F3F923284EA37775B</value>
</search-attr>
<read-attr/>
</query>
</input>
</nds>
[10/05/17 16:26:20.791]:Gen Loop ST: Pumping XDS to eDirectory.
[10/05/17 16:26:20.791]:Gen Loop ST: Performing operation query for swansea\resources\Active\Students.
[10/05/17 16:26:20.791]:Gen Loop ST: --JCLNT-- \TEST\services\Driver Set\Generic Loopback : Duplicating : context = 1902837886, tempContext = 1902837838
[10/05/17 16:26:20.792]:Gen Loop ST: --JCLNT-- \TEST\services\Driver Set\Generic Loopback : Calling free on tempContext = 1902837838
[10/05/17 16:26:20.798]:Gen Loop ST: Query from policy result
[10/05/17 16:26:20.798]:Gen Loop ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error">Code(-9010) An exception occurred: novell.jclient.JCException: initVlistIterator -613 ERR_SYNTAX_VIOLATION</status>
</output>
</nds>



Thanks
Labels (1)
Tags (3)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: query for GUID in IDV

Jevans78 wrote:

> <search-attr attr-name="GUID">
> <value type="octet">3284EA37775B8B4F3F923284EA37775B</value>
> </search-attr>


You are searching for a text representation of GUID that is not stored as such
in Edir. I've written an ECMA to convert from the real stuff as it lives in
Edir to such text values, maybe you're lucky to write a reverse converter that
works. Here's the GUID -> Text part:

function decodeGUID(B64GUID, format)
{
var bytearray = Base64Codec.decode(B64GUID);
var HexGUID = "";
var digits =
["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F"];

for(var i=0; i<bytearray.length; i++)
{
HexGUID += digits[bytearray >> 4 & 0xf] + digits[bytearray & 0xf];
}

switch (format){
case 1 :
// Console1 + iManager format: 60445C8ED8DBD801808C0008028B1EF9
return HexGUID.substr( 6,2) +
HexGUID.substr( 4,2) +
HexGUID.substr( 2,2) +
HexGUID.substr( 0,2) +
HexGUID.substr(10,2) +
HexGUID.substr( 8,2) +
HexGUID.substr(14,2) +
HexGUID.substr(12,2) +
HexGUID.substr(16);
case 2 :
// Entitlements driver format:
{8E5C4460-DBD8-01D8-808C-0008028B1EF9}
return '{' +
HexGUID.substr( 0,8) +
'-' +
HexGUID.substr( 8,4) +
'-' +
HexGUID.substr(12,4) +
'-' +
HexGUID.substr(16,4) +
'-' +
HexGUID.substr(20) +
'}';
default :
// Edir2Edir driver format: {60445C8E-D8DB-d801-808C-0008028B1EF9}
return '{' +
HexGUID.substr( 6,2) +
HexGUID.substr( 4,2) +
HexGUID.substr( 2,2) +
HexGUID.substr( 0,2) +
'-' +
HexGUID.substr(10,2) +
HexGUID.substr( 8,2) +
'-' +
HexGUID.substr(14,2).toLowerCase() +
HexGUID.substr(12,2).toLowerCase() +
'-' +
HexGUID.substr(16,4) +
'-' +
HexGUID.substr(20) +
'}';
}
}

I'd try to figure out which exact format you are looking at and reverse it to
be used in the search. Good luck!

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: query for GUID in IDV

Very usable function!
Thank you very much, Lothar!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.