Symantec IGA

  • Private Community
 View Only

  • 1.  Javascript BLTH for Manager ID Lookup from Manager's Employee Number

    Posted Oct 01, 2018 01:14 PM

    Hi,

     

    We have a JavaScript BLTH code on the Create User Task for User ID Generation based on some logic using firstName and lastName of the User. In the Create User Task we are receiving another attribute 'managerEmployeeNumber' and we have a requirement to store Manager User ID on the User Profile. The above managerEmployeeNumber is stored as employeeNumber on the Manager User Object. I am utilizing a Policy Xpress after Create User Task to do a ldap lookup and get Manager's User ID from managerEmployeeNumber received as an Input while new user creation and store it as Manager ID in New user Object. Any pointers/code snippet to add this lookup inside the BLTH code rather than calling a Policy Xpress?

     

    Regards,

    Lav Malhotra



  • 2.  Re: Javascript BLTH for Manager ID Lookup from Manager's Employee Number

    Posted Oct 01, 2018 04:43 PM

    I don't know an easy way to get a lookup of the manager objects attributes from a javaScript BLTH. The problem here is that the BLTH is executing on the browser end and not in the task context. You'd have to build an external datasource lookup and call it from the BLTH.

     

    Is your current PX policy working correctly? Is there a compelling reason to switch to the javaScript BLTH?



  • 3.  Re: Javascript BLTH for Manager ID Lookup from Manager's Employee Number
    Best Answer

    Broadcom Employee
    Posted Oct 02, 2018 01:43 AM

    The following Rhino is used in the deploymentXpress to get the ManagerID based in the ManagerEmployeeNumber

     

    function handleValidation(BlthContext, errorMsg){

        importPackage(Packages.java.util);

        // Packages for: Query opid existance against BlackList table

        importPackage(Packages.com.netegrity.llsdk6.imsapi.policy.rule.constraints);

        importPackage(Packages.com.netegrity.llsdk6.imsapi.type);

        importPackage(Packages.javax.naming);

        importPackage(Packages.javax.sql);

        importPackage(Packages.java.sql);

        importClass(Packages.java.util.Properties);

        importClass(Packages.javax.naming.Context);

        importClass(Packages.javax.naming.directory.DirContext);

        importClass(Packages.javax.naming.directory.InitialDirContext);

        importClass(Packages.javax.naming.directory.SearchControls);

        importClass(Packages.javax.naming.NamingEnumeration);

        // Packages for: Return message to screen

        importClass(Packages.com.netegrity.ims.exception.IMSException);

        importClass(Packages.com.netegrity.ims.tabhandlers.ProcessStep);

        importClass(Packages.com.netegrity.ims.tabhandlers.ErrorLevel);

        importClass(Packages.com.netegrity.ims.IMSEvent);

        //1. Get the User's ManagerDN by the given managerEmployeeNumber

        //2. Set it in the user's "manager" field:

        var managerEmpNumber = "%MANAGER_EMPLOYEE_NUMBER%";

        var user = BlthContext.getUser();

        var managerEmpNumber = user.getAttribute(managerEmpNumber);

        var userProvider = BlthContext.getUserProvider();

        var filterExpression = new AttributeExpression("EmployeeNumber", OperatorType.EQUALS, managerEmpNumber);

        var userFilter = new UserFilter(filterExpression);

        var usersVector = userProvider.findUsers(userFilter, null, null);

        if(managerEmpNumber == "" || managerEmpNumber == null){

            return true

        }else{

            if (usersVector.size() != 1){

                            BlthContext.logWarningMessage("### CA: Found " + usersVector.size() + " managers for the current filter (EmployeeNumber=" + managerEmpNumber + ")... aborting ===", false);

                            //Cancel the operation

                            var error_message = "Manager Employee Number: ("+managerEmpNumber+") does not exist!";

                            var imsx = new IMSException();

                            imsx.addUserMessage(error_message);

                            BlthContext.addMessageObject(error_message,"OPIDBLTH", ProcessStep.DATAVALIDATE, ErrorLevel.ERROR);

            } else {

                            //var managerDn = usersVector.get(0).getUniqueName();

                            var managerUID = usersVector.get(0).getFriendlyName();

                            BlthContext.logWarningMessage("=== CA: managerUID: " + managerUID  + " ===", false);

                            user.setAttribute("imManagerId", managerUID);

            }

            BlthContext.logWarningMessage("### CA ======= End BLTH ", false);    

            return true;

        }

    }

     

     



  • 4.  Re: Javascript BLTH for Manager ID Lookup from Manager's Employee Number

    Posted Oct 02, 2018 02:26 AM

    Hi,

     

    Thanks for the suggestion, and we can try to achieve this.

     

    William, yes the Px works, but its just to make use of BLTH (if possible) and skip another thread to use Px which will modify the user after creation.



  • 5.  Re: Javascript BLTH for Manager ID Lookup from Manager's Employee Number

    Broadcom Employee
    Posted Oct 08, 2018 05:13 AM

    You could keep this as PX, but do it during the "UI" phase of the task(s) on "submission". That way, you avoid additional "modifies" after the original task.

     

    Pearse



  • 6.  Re: Javascript BLTH for Manager ID Lookup from Manager's Employee Number

    Broadcom Employee
    Posted Oct 02, 2018 09:38 AM

    Agreed - the User Provider object in the Identity Manager SDK is the correct way to retrieve another user object (uses the existing directory connections, etc. in Identity Manager and doesn't required making external LDAP calls.

     

    Lav - there are a number of Provider interfaces available to pull information through Java / Javascript:

    Product Doc - Accessing Objects in the Data Store --> Providers - Groups, Roles, Organizations, etc.