Skip to main content
Belkast
Belkast

Leverage DXCMD

··
Idm Connectors

It is possible to get one Connector to communicate with another Connector, thereby transferring data from one Connector to another. An example use case might be that you want to query if a User already exists in an Active Directory domain before assigning a unique User ID in the Identity Vault. Or you might want to check one Active Directory domain against another Active Directory domain.

The communication uses the DXCMD command line binary; there is already an IDM function to allow you to do this. It is quite easy to do, and uses the following syntax:

<do-set-local-variable name="varQueryResult" scope="policy">
    <arg-node-set>
        <token-xpath expression="dircmd:sendDriverCommand('~gcvUser-Creation-uidGeneration-Query-Connector~',$varQueryDocument/nds)"/>
    </arg-node-set>
</do-set-local-variable>

The Connector on which the Query much be executed is defined in the Global Configuration Value (GCV) shown below.

<definition display-name="IDAM Connector to use for Querying Active Directory for 'unique Identifier'" name="gcvUser-Creation-uidGeneration-Query-Connector" type="string">
    <description/>
    <value>\IDVAULT\System\Identity Management\IDVAULT\RDC AD</value>
</definition>

Here is the Query document which is to be sent to the Active Directory Connector.

<do-set-local-variable name="varQueryDocument" scope="policy">
    <arg-node-set>
        <token-xml-parse>
            <token-text xml:space="preserve"><nds dtdversion="3.5" ndsversion="8.x"><source><product version="3.5.11.20080307 ">DirXML</product><contact>Novell, Inc.</contact></source><input><query class-name="~gcvUser-Creation-uidGeneration-Query-ClassName~" initiator="~dirxml.auto.driverdn~" dest-dn="~gcvUser-Creation-uidGeneration-Query-SearchBase~" scope="subtree"><search-class class-name="~gcvUser-Creation-uidGeneration-Query-ClassName~"/><search-attr attr-name="~gcvUser-Creation-uidGeneration-Query-AttributeName~"><value>$varGeneratedName$</value></search-attr><read-attr attr-name="~gcvUser-Creation-uidGeneration-Query-AttributeName~"/></query></input></nds></token-text>
        </token-xml-parse>
    </arg-node-set>
</do-set-local-variable>

The dircmd namespace is defined at the top of the policy as:

<policy xmlns:dircmd="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.cmd.DriverCmd">