Symantec Identity Management

Expand all | Collapse all

Invoke ADS program exit (vAPP)

Jump to Best Answer
  • 1.  Invoke ADS program exit (vAPP)

    Posted 13 days ago
    Hello all,

    I need to invoke a PowerShell script when a user is disabled.
    Now, PowerShell runs on Windows obviously, and my customer is running under vApp (Linux)

    So i cannot use a shell command (through PX  or Kettle) as IDM runs in the vApp.

    I cannot run program exit (DLL or batch) as again, those need to be deployed in the provisioning server\bin  (again, vApp Linux).

    What are my options (if any)?

    Thanks!

    Charly

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------


  • 2.  RE: Invoke ADS program exit (vAPP)

    Posted 13 days ago
    Maybe you could use an SSH server on Windows like Cygwin, and invoke the PowerShell script through an ssh tunnel.



  • 3.  RE: Invoke ADS program exit (vAPP)

    Posted 12 days ago

    Hi Charly,

     

    You can deploy custom java code which can then call Powershell on windows machine.

    Java custom code should be called from PX

     






  • 4.  RE: Invoke ADS program exit (vAPP)

    Posted 12 days ago
    Rajesh-
    As I mentioned, PX will run a java code in the vAPP (Linux), not on a windows box.

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------



  • 5.  RE: Invoke ADS program exit (vAPP)

    Posted 12 days ago

    Hi Charly,

     

    Yes. PX will run/call java code in Linux. We can use java code to run powershell on windows machine if that is acceptable

     






  • 6.  RE: Invoke ADS program exit (vAPP)

    Posted 12 days ago
    Hi Iyes-
    Customer prefers not doing that...

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------



  • 7.  RE: Invoke ADS program exit (vAPP)
    Best Answer

    Posted 12 days ago
    Does the PowerShell script have to be executed immediately?
    If not, IM PX could write to a DB table when the user is disabled. Then have a scheduled task on Windows that runs every, say, 15 minutes. It could call PDI or PowerShell script to read the user id out of the DB table, do whatever the PS script needs to do and then delete the user from the DB (or mark the user status as updated in the DB).


  • 8.  RE: Invoke ADS program exit (vAPP)

    Posted 10 days ago
    Hi Pearse-
    This is an option I will explore.
    Thanks.

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------