The requirements to synchronization are often much more than just simply synchronizing each account. It should be possible to filter out accounts or manipulate the attributes before they are stored into the target system.
A working reconciliation or live sync against the LDAP server is needed to run this part of the tutorial. The end configuration of the first or second part of the tutorial is a good starting point.
Files to Change
- Files to Add
- Java Script Files
- Files to Change
Filtering of user objects during the sync process
In the current example the task would be to create any user object which exits in the ou=People,o=aaa branch of the LDAP server.
But there might be the requirement that only users whose uid starts with an alpha character should be created. Users whose uid starts with a number should be ignored during reconciliation or live sync.
Reference a Java Script File to filter user object.
The mechanism for filtering objects during synchronization is the validSource property. In the current example it is used with a reference to a file containing the filter. The syntax in the sync.json mapping would look like this:
The value of value of the "file" property can be an absolute or relative path. A relative path is relative to the installation folder of OpenIDM (after the usually used openidm part).
The content of the file will be stored in a folder called jscript and the name ldapIsValid.js.
The description of the syntax in the admin guide is:
A script that determines if a source object is valid to be mapped. The script yields a Boolean value; true indicates the source object is valid; false can be used to defer mapping until some condition is met. In the root scope, the source object is provided in the "source" property. If the script is not specified, then all source objects are considered valid.
The content of the file should be something like:
- The if condition would leave our variable matchArray empty if the object does not have a uid and therefore the last stance (matchArray != null) would return boolean false; the object will be ignored.
- Will searche for a match between the regular expression "^.A-Za-z.+$" and the content of source.udi and return the matches. The last stance will therefore be true if the uid matches the regular expression.
Hint: a handy regular expression tester can be found here.
For testing create the following two users in the LDAP server.
Hint: if you use live sync for the update to OpenIDM be aware that creating the users in the LDAP server through an ldif import might not create change log entries and therefore the changes might not be picked up by OpenIDM. This is not a bug since live sync is not ment for mass imports.
Constructing Attribute Values During Sync
The End State Configuration
Get the end state configuration here.