Child pages
  • 5. Advanced Sync Mappings and Java Script
Skip to end of metadata
Go to start of metadata

Introduction

The requirements to synchronization are often much more than just simply synchronizing each account. It should be possible to filter out accounts or manipulate the attributes before they are stored into the target system.

Prerequisites

A working reconciliation or live sync against the LDAP server is needed to run this part of the tutorial. The end configuration of the first or second part of the tutorial is a good starting point.

Files to Change

  • Files to Add
    • Java Script Files
  • Files to Change
    • sync.json

Filtering of user objects during the sync process

In the current example the task would be to create any user object which exits in the ou=People,o=aaa branch of the LDAP server.
But there might be the requirement that only users whose uid starts with an alpha character should be created. Users whose uid starts with a number should be ignored during reconciliation or live sync.

Reference a Java Script File to filter user object.

The mechanism for filtering objects during synchronization is the validSource property. In the current example it is used with a reference to a file containing the filter. The syntax in the sync.json mapping would look like this:

Referenc a Java Script file for filtering objects
            "validSource": {
                "type": "text/javascript",
                "file": "jscript/ldapIsValid.js"
            }

The value of value of the "file" property can be an absolute or relative path. A relative path is relative to the installation folder of OpenIDM (after the usually used openidm part).

The content of the file will be stored in a folder called jscript and the name ldapIsValid.js.

The description of the syntax in the admin guide is:
A script that determines if a source object is valid to be mapped. The script yields a Boolean value; true indicates the source object is valid; false can be used to defer mapping until some condition is met. In the root scope, the source object is provided in the "source" property. If the script is not specified, then all source objects are considered valid.

The content of the file should be something like:

var matchArray;
if (source.uid != null) {
   matchArray = source.uid.match("^.[A-Za-z].*$");
}
(matchArray != null);

Explanation:

  1. The if condition would leave our variable matchArray empty if the object does not have a uid and therefore the last stance (matchArray != null) would return boolean false; the object will be ignored.
  2. Will searche for a match between the regular expression "^.A-Za-z.+$" and the content of source.udi and return the matches. The last stance will therefore be true if the uid matches the regular expression.

Hint: a handy regular expression tester can be found here.

For testing create the following two users in the LDAP server.
Hint: if you use live sync for the update to OpenIDM be aware that creating the users in the LDAP server through an ldif import might not create change log entries and therefore the changes might not be picked up by OpenIDM. This is not a bug since live sync is not ment for mass imports.

two users to be imported for testing the sync filter
dn: uid=abcd5,ou=People,o=aaa
uid: abcd5
userPassword: password
facsimileTelephoneNumber: +1 408 555 1211
employeeNumber: 44444444
initials: H
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
givenName: abab5
pager: 1234
mobile: + 477071234
cn: abab1 cdcd4
telephoneNumber: +1 408 555 1212
sn: cdcd5
homePhone: +1 51521577
mail: abcd1@aaa.com
description: created by LDAP5

dn: uid=1abcd,ou=People,o=aaa
uid: 1abcd
userPassword: password
facsimileTelephoneNumber: +1 408 555 1211
employeeType: perm
employeeNumber: 44444444
initials: H
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
givenName: 1abcd
pager: 1234
mobile: + 477071234
cn: abab1 cdcd4
telephoneNumber: +1 408 555 1212
sn: 1cdcd
homePhone: +1 51521577
mail: 1abcd@aaa.com
description: created by 1LDAP

Constructing Attribute Values During Sync

On Create

On Update

The End State Configuration

Get the end state configuration here.

  • No labels