Symantec IGA

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Identity Portal - Plugins perform ldap modify attribute

  • 1.  Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 14, 2019 12:09 AM
    Hi Team,
    Identity Suite 14.3 vapp.

    As i understand we can use plug-ins(java) to query LDAP servers. 
    Due to special requirement where we have to build a custom form in Identity Portal and allow user to perform reset password on this LDAP server.
    When perform resetpassword in LDAP, basically we are triggering a java ctx.modifyAttributes command to modify LDAP attributes.

    I have created 2 plugins, 1 plugins is to perform search on LDAP, which is working fine.
    2nd plugins is to perform modifyattribute, which is not working.

    I have included the correct package, "ModificationItem"

    In plugins editor, ModificationItem mods[] = new ModificationItem[1]; is given syntax error. But i check java syntax it is correct.


    Anyone have experience this error ?

    Note: in IP logs, i saw the error "javax.script.ScriptException:45:18:Expected ; but found mods in ModificationItem mods[] = new ModificationItem[1];

    regards,
    William


  • 2.  RE: Identity Portal - Plugins perform ldap modify attribute

    Broadcom Employee
    Posted Aug 15, 2019 11:43 PM
    Try using

    ModificationItem[] mods = new ModificationItem[1];

    Regards
    Kavita
    Original Message


  • 3.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 16, 2019 01:40 AM
    tried, still the same error.
    Original Message


  • 4.  RE: Identity Portal - Plugins perform ldap modify attribute

    Broadcom Employee
    Posted Aug 16, 2019 01:59 AM
    Hi William,

    Please send me the java file to get some clue.

    Regards
    Kavita
    Original Message


  • 5.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 19, 2019 07:24 PM 
    /*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package com;

/**
 *
 * @author administrator
 */
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;


public  class updateldap {

    /**
     * @param args the command line arguments
     */
   // public static void main(String[] args) {
        // TODO code application logic here
    //}
    
  public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";

  public static String MY_HOST = "ldap://192.168.1.119:19289";

  public static String MGR_DN = "cn=dsaadmin,ou=im,ou=ca,o=com";

  public static String MGR_PW = "CAdemo123";

  public static String MY_SEARCHBASE = "ou=people,ou=im,ou=ca,o=com";

  public static void main(String args[]) throws Exception {
    Hashtable<String, String> env = new Hashtable<String, String>();

    env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);

    env.put(Context.PROVIDER_URL, MY_HOST);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
    env.put(Context.SECURITY_CREDENTIALS, MGR_PW);

    DirContext ctx = new InitialDirContext(env);

    ModificationItem[] mods = new ModificationItem[1];

    Attribute mod0 = new BasicAttribute("mail", "bb@bb.com");
    //Attribute mod1 = new BasicAttribute("1", "AAA");
    //
        mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
    //        //mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
    //
       ctx.modifyAttributes("uid=7788,ou=people,ou=im,ou=ca,o=com", mods);
                  }

    
}

    Original Message


  • 6.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 19, 2019 07:25 PM
    Hi Kavita, this is my working standalone java code that will update UserStore mail attribute.
    Original Message


  • 7.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 19, 2019 07:35 PM
    Hi Kavita, this is the plugins javascript.

    function LDAPSearch(query, attributes, baseDN) {
// Params:
// query LDAP filter - ex: '(cn=IAM_*)'
// attributes Comma-separeted list of attributes to retrieve - ex: 'cn,description,owner'
// baseDN base DN used for the search - ex: 'o=acme, c=br'

// Allows the usage of 'importPackage' with JRE8
try{
load("nashorn:mozilla_compat.js");
}
catch(e){}

 

// Import LDAP Packages
importPackage(Packages.java.util.Hashtable);
importPackage(Packages.java.util.HashMap);
importPackage(Packages.javax.naming.Context);
importPackage(Packages.javax.naming.NamingEnumeration);
importPackage(Packages.javax.naming.NamingException);
importPackage(Packages.javax.naming.directory.DirContext);
importPackage(Packages.javax.naming.directory.InitialDirContext);
importPackage(Packages.javax.naming.directory.SearchControls);
importPackage(Packages.javax.naming.directory.ModificationItem);
importPackage(Packages.javax.naming.directory.Attribute);
importPackage(Packages.javax.naming.directory.BasicAttribute);


 

// Connexion and Search Control Variables
var host = "192.168.1.119";  // i.e. "127.0.0.1"
var port = "19289"       //  i.e. "19289"
var bindDN =  "cn=dsaadmin,ou=im,ou=ca,o=com"     //  i.e. "cn=dsaadmin,ou=im,ou=ca,o=com";
var pwd = "CAdemo123";
var cLimit = 100;
var tLimit = 60 * 1000;

 

// Formats the attribute list into a String Array
var attr = attributes.split(",");

 

// Connection info
var env = new java.util.Hashtable(11);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + host + ":" + port);
env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, pwd);

 

// Start the context and launches the query
try {
var ctx = new javax.naming.directory.InitialDirContext(env);
//var ctls = new javax.naming.directory.SearchControls();
//ctls.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
//ctls.setReturningAttributes(attr);
//ctls.setCountLimit(cLimit);
//ctls.setTimeLimit(tLimit);


//var result = ctx.search(baseDN, query, ctls);

ModificationItem[] mods = new ModificationItem[1];

    Attribute mod0 = new BasicAttribute("mail", "aa@aa.com");
    //Attribute mod1 = new BasicAttribute("1", "AAA");

    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
 //   mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);

    ctx.modifyAttributes("uid=7788,ou=people,ou=im,ou=ca,o=com", mods);

 

ctx.close();

 


//return retvalMap;

 

}
catch (e) {
return 'Error: ' + e.toString();
}

 

}

    Original Message


  • 8.  RE: Identity Portal - Plugins perform ldap modify attribute

    Broadcom Employee
    Posted Aug 20, 2019 04:08 AM
    Hi William,

    Try changing these two lines as given below.

    var mods = new ModificationItem[1]();
    var mod0 = new BasicAttribute("mail", "aa@aa.com");

    javascript with above changes:

    function LDAPSearch(query, attributes, baseDN) {
    // Params:
    // query LDAP filter - ex: '(cn=IAM_*)'
    // attributes Comma-separeted list of attributes to retrieve - ex: 'cn,description,owner'
    // baseDN base DN used for the search - ex: 'o=acme, c=br'

    // Allows the usage of 'importPackage' with JRE8
    try{
    load("nashorn:mozilla_compat.js");
    }
    catch(e){}



    // Import LDAP Packages
    importPackage(Packages.java.util.Hashtable);
    importPackage(Packages.java.util.HashMap);
    importPackage(Packages.javax.naming.Context);
    importPackage(Packages.javax.naming.NamingEnumeration);
    importPackage(Packages.javax.naming.NamingException);
    importPackage(Packages.javax.naming.directory.DirContext);
    importPackage(Packages.javax.naming.directory.InitialDirContext);
    importPackage(Packages.javax.naming.directory.SearchControls);
    importPackage(Packages.javax.naming.directory.ModificationItem);
    importPackage(Packages.javax.naming.directory.Attribute);
    importPackage(Packages.javax.naming.directory.BasicAttribute);




    // Connexion and Search Control Variables
    var host = "192.168.1.119"; // i.e. "127.0.0.1"
    var port = "19289" // i.e. "19289"
    var bindDN = "cn=dsaadmin,ou=im,ou=ca,o=com" // i.e. "cn=dsaadmin,ou=im,ou=ca,o=com";
    var pwd = "CAdemo123";
    var cLimit = 100;
    var tLimit = 60 * 1000;



    // Formats the attribute list into a String Array
    var attr = attributes.split(",");



    // Connection info
    var env = new java.util.Hashtable(11);
    env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + host + ":" + port);
    env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
    env.put(javax.naming.Context.SECURITY_CREDENTIALS, pwd);



    // Start the context and launches the query
    try {
    var ctx = new javax.naming.directory.InitialDirContext(env);


    var mods = new ModificationItem[1]();

    var mod0 = new BasicAttribute("mail", "aa@aa.com");
    //Attribute mod1 = new BasicAttribute("1", "AAA");

    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
    // mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);

    ctx.modifyAttributes("uid=7788,ou=people,ou=im,ou=ca,o=com", mods);



    ctx.close();




    //return retvalMap;



    }
    catch (e) {
    return 'Error: ' + e.toString();
    }



    }​
    Original Message


  • 9.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 20, 2019 08:14 PM
    Hi Kavita, i tried ur method. In the browser editor there is no more syntax error.
    But when i execute the plugins, my console.log(result), show the error "Error: ReferenceError: "ModificationItem" is not defined"
    Original Message


  • 10.  RE: Identity Portal - Plugins perform ldap modify attribute
    Best Answer

    Broadcom Employee
    Posted Aug 21, 2019 05:37 AM
    Hi William,

    Refer ModificationItem with full package as shown here.

    var mods = new javax.naming.directory.ModificationItem[1]();
    var mod0 = new javax.naming.directory.BasicAttribute("mail", "aa@aa.com");

    Regards
    Kavita
    Original Message


  • 11.  RE: Identity Portal - Plugins perform ldap modify attribute

    Broadcom Employee
    Posted Aug 19, 2019 04:59 AM
    Hi William,
    I'm not familiar with java coding, but while I was searching the documents for something else, I found the following statement which might help you:
    • The Java class plugin needs to extend the BasePlugin class and must contain a function of the plugin that will serve as the execution start point. That function must,  contain the @ExportedServerFunction annotation before it. This function can return any type of object and receive any type of arguments in correspondence to the handler call arguments passed to it.
    It is here : 
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-portal/14-0/programming/ca-identity-portal-developer-guide/plugins/plugin-execution-types.html 


    ------------------------------
    Principal Consultant
    Broadcom
    ------------------------------

    Original Message


  • 12.  RE: Identity Portal - Plugins perform ldap modify attribute

    Posted Aug 19, 2019 07:34 PM
    Hi Azita, i tried ur method, adding "@" in my function, but it didn't resolve the error.
    Original Message