Overview#

We created an Example for DirXML using XDAS Custom IDM Event to demonstrate the functionality.

Shows a DirXML Example and XPATH Example for working with Example Custom IDM Event For XDAS.

The Policy we used:

<rule>
	<description>Get and increment counter</description>
	<comment name="author" xml:space="preserve">jim willeke</comment>
	<comment name="version" xml:space="preserve">120.03</comment>
	<comment name="lastchanged" xml:space="preserve">2010-01-23</comment>
	<conditions>
		<and>
			<if-class-name mode="nocase" op="equal">User</if-class-name>
		</and>
	</conditions>
	<actions>
		<do-if>
			<arg-conditions>
				<and>
					<if-attr name="uidNumber" op="not-available"/>
				</and>
			</arg-conditions>
			<arg-actions>
				<do-set-local-variable name="lastUserIDUsed" scope="policy">
					<arg-string>
						<token-src-attr name="uamPosixUidNumberLastAssigned">
							<arg-dn>
								<token-global-variable name="idv.dit.data.posix.counter"/>
							</arg-dn>
						</token-src-attr>
					</arg-string>
				</do-set-local-variable>
				<do-set-local-variable name="lastUserIDUsed">
					<arg-string>
						<token-xpath expression="$lastUserIDUsed + 1"/>
					</arg-string>
				</do-set-local-variable>
				<do-if>
					<arg-conditions>
						<and>
							<if-src-attr mode="case" name="Object Class" op="not-equal">posixAccount</if-src-attr>
						</and>
					</arg-conditions>
					<arg-actions>
						<do-generate-event id="1201" level="log-warning">
							<arg-string name="text1">
								<token-src-dn/>
							</arg-string>
							<arg-string name="text3">
								<token-text xml:space="preserve">Could have more data here.</token-text>
							</arg-string>
							<arg-string name="text2">
								<token-text xml:space="preserve">No posixAccount objectClass or we would have Set Value for uidNumber=</token-text>
								<token-local-variable name="lastUserIDUsed"/>
							</arg-string>
							<arg-string name="target">
								<token-src-dn/>
							</arg-string>
							<arg-string name="subTarget">
								<token-attr name="uidNumber"/>
							</arg-string>
							<arg-string name="data">
								<token-text xml:space="preserve">Does not have posixAccount ObjectClass (BLOB)</token-text>
							</arg-string>
						</do-generate-event>
					</arg-actions>
					<arg-actions>
						<do-set-src-attr-value name="uidNumber">
							<arg-value type="string">
								<token-local-variable name="lastUserIDUsed"/>
							</arg-value>
						</do-set-src-attr-value>
						<do-set-src-attr-value name="uamPosixUidNumberLastAssigned">
							<arg-dn>
								<token-global-variable name="UIDNumberCounterDN"/>
							</arg-dn>
							<arg-value type="string">
								<token-local-variable name="lastUserIDUsed"/>
							</arg-value>
						</do-set-src-attr-value>
						<do-generate-event id="1201" level="log-warning">
							<arg-string name="text1">
								<token-src-dn/>
							</arg-string>
							<arg-string name="text2">
								<token-text xml:space="preserve">If enabled, we would have Set Value for uidNumber=</token-text>
								<token-local-variable name="lv-test-uidnumber"/>
							</arg-string>
							<arg-string name="target-type">
								<token-text xml:space="preserve">1</token-text>
							</arg-string>
							<arg-string name="target">
								<token-src-dn/>
							</arg-string>
							<arg-string name="subTarget">
								<token-attr name="uidNumber"/>
							</arg-string>
							<arg-string name="data">
								<token-text xml:space="preserve">Big Blob of data!</token-text>
							</arg-string>
						</do-generate-event>
					</arg-actions>
				</do-if>
			</arg-actions>
			<arg-actions>
				<do-generate-event id="1201" level="log-info">
					<arg-string name="text1">
						<token-src-dn/>
					</arg-string>
					<arg-string name="text2">
						<token-text xml:space="preserve">uidNumber</token-text>
					</arg-string>
					<arg-string name="text3">
						<token-attr name="uidNumber"/>
					</arg-string>
					<arg-string name="target">
						<token-src-dn/>
					</arg-string>
					<arg-string name="subTarget">
						<token-attr name="uidNumber"/>
					</arg-string>
					<arg-string name="data">
						<token-text xml:space="preserve">Big Blob of data!</token-text>
					</arg-string>
				</do-generate-event>
			</arg-actions>
		</do-if>
	</actions>
</rule>

Resulting XDAS Event#

For Entry with uidNumber#

2014-04-13-05:23:40.129-0400 IDM : INFO {"Source" : "IDM",
"Observer" : {"Entity" : {"SysAddr" : "192.168.1.8",
"SysName" : "sa.willeke.com"}},
"Initiator" : {"Entity" : {"SvcName" : "CN=Subscriber,CN=Null Test,CN=driverSet,OU=idm,dc=willeke,dc=com","SvcComp" : "\\Driver"}},
"Target" : {"Data" : {"DATA" : "Big Blob of data!",
"MIME_HINT" : "0",
"ORIGINATOR_TYPE" : "1",
"TARGET_TYPE" : "0",
"TEXT1" : "\\WILLEKETREE\\com\\willeke\\people\\butler\\jim",
"TEXT2" : "uidNumber",
"TEXT3" : "1000",
"VALUE1" : "0",
"VALUE2" : "0",
"VALUE3" : "0"},
"Entity" : {"SvcComp" : "1000"}},
"Action" : {"Event" : {"Id" : "0.0.6.0","Name" : "Notification",
"CorrelationID" : "Null Test#Subscriber#e1ee510e-a789-4ed0-daa7-0e51eee189a7",
"SubEvent" : "304B1"},
"Time" : {"Offset" : 1397381020},"Log" : {"Severity" : 7} } }

For Entry with No posixAccount#

2014-04-13-05:27:18.541-0400 IDM : WARN {"Source" : "IDM",
"Observer" : {"Entity" : {"SysAddr" : "192.168.1.8",
"SysName" : "sa.willeke.com"}},
"Initiator" : {"Entity" : {"SvcName" : "CN=Subscriber,CN=Null Test,CN=driverSet,OU=idm,dc=willeke,dc=com",
"SvcComp" : "\\Driver"}},
"Target" : {"Data" : {"DATA" : "Does not have posixAccount ObjectClass (BLOB)",
"MIME_HINT" : "0","ORIGINATOR_TYPE" : "1",
"TARGET_TYPE" : "0",
"TEXT1" : "\\WILLEKETREE\\com\\willeke\\people\\ABratton",
"TEXT2" : "No posixAccount objectClass or we would have Set Value for uidNumber=1012",
"TEXT3" : "Could have more data here.",
"VALUE1" : "0",
"VALUE2" : "0",
"VALUE3" : "0"}},
"Action" : {"Event" : {"Id" : "0.0.6.0","Name" : "Notification",
"CorrelationID" : "Null Test#Subscriber#c1ba94db-6745-4ad7-b799-db94bac14567",
"SubEvent" : "304B1"},
"Time" : {"Offset" : 1397381238},"Log" : {"Severity" : 5} } }

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-11) was last changed on 24-Aug-2014 19:34 by jim