In release 4.0.1, a new boolean definition can be added to the User Application driver to allow a named password to be retrieved over LDAP from a workflow. To take advantage of this feature, you need to create a a global configuration value allow-fetch-named-passwords
.
Here’s a sample definition:
<definitions>
<definition display-name="Allow Named Password to be retrieved over LDAP"
name="allow-fetch-named-passwords" type="boolean">
<value>false</value>
<description>Allow Named Password to be retrieved over LDAP. If the
value is true, then the named password value can be fetched using the LDAP
extension
com.novell.nds.dirxml.ldap.GetNamedPasswordRequest/com.novell.nds.dirxml.ldap.GetNamedPasswordResponse.</description>
</definition>
</definitions>
If the global configuration is not present, the runtime functions as if the definition is present and the value is set to false. If you then try to use the GCV script method getValueForNamedPassword(String valueKey), an exception is thrown since the permission is set to false. If you want to be able to use the method, then the value for allow-fetch-named-passwords variable must be true.
If the gcv variable allow-fetch-named-passwords does not exist, you have to create the variable and set it to true. If it already exists, you can simply need to set the value to true.
To add the GCV value for the allow-named-password-fetch option:
In iManager, double click on the User Application driver.
Click on the Global Configuration Values tab.
Click on the Add button.
Fill out the definition, as described below:
Specify allow-fetch-named-passwords as the name for the global configuration definition.
Specify Allow Named Password to be retrieved over LDAP as the display name.
Provide a descripion for the definition.
Specify as the Type.
Click OK.
Set the value to true or false and click Apply.