Cool Solutions

Adding IDM Attributes based on Existing Values

lhaeger

By:

November 7, 2007 3:46 am

Reads:393

Comments:0

Score:Unrated

Problem

A Forum reader recently asked:

“How can I add object classes and other attributes to an account using the a value of an attribute already present in the account? What I would like to do is to extend an account with those attributes for Linux authentication (posixAccount, shadowAccount, etc.) based on an attribute that will indicate the user should have those attributes. I may attempt to use provisioning in the mix.

Can I use a loopback driver for that? If so, where do I put the rules, and what are the things I need to pay attention to? I noticed the loopback driver configuration in Designer has to be done from scratch, and I have never done that.”

And here’s the response from Lothar Haeger …

Solution

Add “Description” as a subscriber notify to the filter and add an event transform like this to an empty null (3.5) or loopback (2.x/3.x) driver:


<description>Pseudo Entitlements: remove values</description>
  <conditions>
    <or>
      <if-op-attr mode="nocase" name="Description" op="changing-from">LinuxUser</if-op-attr>
    </or>
  </conditions>
  <actions>
    <do-clear-src-attr-value name="loginShell"/>
    <do-clear-src-attr-value name="uidNumber"/>
    <do-clear-src-attr-value name="gidNumber"/>
    <do-clear-src-attr-value name="homeDirectory"/>
  </actions>
</rule>

<rule>
<description>Pseudo Entitlements: add values</description>
  <conditions>
    <or>
      <if-op-attr mode="nocase" name="Description" op="changing-to">LinuxUser</if-op-attr>
    </or>
  </conditions>
  <actions>
    <do-add-src-attr-value name="Object Class">
      <arg-value>
        <token-text xml:space="preserve">posixAccount</token-text>
      </arg-value>
    </do-add-src-attr-value>
    <do-set-src-attr-value class-name="posixAccount" name="loginShell">
      <arg-value>
        <token-text xml:space="preserve">/bin/bash</token-text>
      </arg-value>
    </do-set-src-attr-value>
    <do-set-src-attr-value class-name="posixAccount" name="uidNumber">
      <arg-value>
        <token-text xml:space="preserve">whatever you want</token-text>
      </arg-value>
    </do-set-src-attr-value>
    <do-set-src-attr-value class-name="posixAccount" name="gidNumber">
      <arg-value>
        <token-text xml:space="preserve">whatever you want</token-text>
      </arg-value>
    </do-set-src-attr-value>
    <do-set-src-attr-value class-name="posixAccount" name="homeDirectory">
      <arg-value type="string">
        <token-text xml:space="preserve">/home/</token-text>
        <token-lower-case>
        <token-attr name="uniqueID"/>
        </token-lower-case>
      </arg-value>
    </do-set-src-attr-value>
  </actions>
</rule>

<rule>
<description>Veto all</description>
  <conditions/>
    <actions>
      <do-veto/>
    </actions>
</rule>

That’s a very basic way to do it and a good point to start. Anyway, maybe someone has a working driver and would like to share it …

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS