IBM Tivoli Identity Manager JavaScript How To

From KnowWiki
Jump to: navigation, search
IBM Tivoli Identity Manager
ITIM How To's
General · Database · JavaScript · Pre-5.0 · Workflows · Setup
General ITIM Topics
How To · Troubleshooting · Technical Notes
Related technologies
Tivoli Access Manager · Tivoli Directory Integrator · Tivoli Directory Server
v · d · e

Contents

[edit] How to use random numbers in JavaScript

Here is an example of a padded random number used in an identity policy

function createIdentity(){
  var tf = false;
  var identity = "";
  var counter = 0;
  var givenname = subject.getProperty("givenname");
  if (((givenname != null) && (givenname.length > 0)))
      givenname = givenname[0];
  if(givenname == null || givenname.length == 0)
      givenname = "";
    else
      givenname = givenname.substring(0,1);
  var middlename = subject.getProperty("initials");
  if (((middlename != null) && (middlename.length > 0)))
      middlename = middlename[0];
  if(middlename == null || middlename.length == 0)
      middlename = "";
    else
      middlename = middlename.substring(0,1);
  baseidentity = givenname + middlename + subject.getProperty("sn")[0].substring(0,1)+PadDigits(Math.floor(Math.random()*1000),3);
  tf = IdentityPolicy.userIDExists(baseidentity, false, true);
  if(!tf) {
    return baseidentity;
  }
  while(tf)
  {
    counter+=1;
    identity = baseidentity + counter;
    tf = IdentityPolicy.userIDExists(identity, false, true);
  }
  return identity;
}
function PadDigits(n, totalDigits){ 
         n = n.toString(); 
         var pd = ''; 
         if (totalDigits > n.length) { 
             for (i=0; i < (totalDigits-n.length); i++) 
                 pd += '0'; 
         } 
         return pd + n.toString(); 
} 
return createIdentity();

The PadDigits function came from here.

[edit] How to load an external JavaScript file on the fly

Enable access to java io in the extension properties and then use the following code:

var file = new java.io.BufferedReader(new java.io.FileReader("somefolder_underTIMbase/somejavascriptfile.js" ));
var line = null;
var code = '';
while((line = file.readLine()) != null)
    code += line + '\n';
file.close();
eval(code);

[edit] How to convert password from TIM to clear text

You need to specify in Config tab of DSML v2 Event Handler the erpassword as an Extra Binary Attribute Name so IDI decodes the Base64 password. You then can convert the byte[] array to a string, and insert into the database table of your choice, or further process using MD5 libraries etc for your application.

// Convert the byte array password into cleartex
cpw = system.arrayToString(work.getObject("erpassword"));
work.setAttribute("erpassword", cpw);

[edit] How to enable access to java objects from ibmjs

In the <itim home>/data/scriptframework.properties file is the following section the describes the setup needed to get access ot the Java classes in the script.

# 
# Direct Java Access Configuration 
# 
# To allow direct access to Java classes from scripts, add the Java classes 
# or java packages that you need access to here.  The rules for adding access 
# is the same as in java import statements.  You can add either a full java 
# class name, or a package name ".*".  This means that "java.*" will not 
# include java classes in "java.lang.*". 
# 
# To add access to a class or package, the key must start with 
# "ITIM.java.access".  If you have multiple statements each key must be unique. 
# 
# This is a feature of using the IBMJS engine only. 
# 
# Examples: 
# ITIM.java.access.lang=java.lang.* 
# ITIM.java.access.obj=java.lang.Object 
#

[edit] How to list all properties on a js object in ITIM

var acct=Entity.get();
var n=acct.getPropertyNames();
var z="";
for (var i=0;i<n.length;i++)
        z=z+":"+n[i];

[edit] How to mail pwd in clear text from a workflow

entity.get().getAndDecryptPassword();

and

Entity.get().setAndEncryptPassword(<string>);

works nicely. Used it & the getAnd... call on ITIM 4.6 for WinLocal and Linux services & the accounts/passwords are created correctly.

For fun (cough!) you can use the AccountSearch.searchByUidAndService(....) to find another account for a particular Person & then call the getAndDecryptPassword() which allows you to get the password from any other account (returns a string, not an array btw).

Not all references to accounts have the getAndDecryptPassword method. person.getProperty('account') you get an array of references to the person's accounts. But the references are to DirectoryObjectWrapper Java objects. These don't have the methods for password access. But you can get a reference to an AccountWrapper by using the Account constructor:

var accounts = person.getProperty('account');
for (var i = 0; i < accounts.length; i++) {
var account = new Account(accounts.dn);

[edit] How to return a multi-valued attribute from javascript in ITIM

{
 function getVals() {
   var values = new Array();
   values[0] = parameters.eruid[0];
   values[1] = 'other';
   // or you can use also push on JS Array
   values.push('other2');
   values.push(parameters.eruid[0]);
   return values;
 }
 getVals();
}

[edit] How to return a name of the orgunit for a person from java script

{subject.getProperty('parent')[0].name}

This is a special syntax, make sure to use single, not double quotes around 'parent'. [1]

v · d · eIBM Tivoli Identity Manager
ITIM How To's
General · Database · JavaScript · Pre-5.0 · Workflows · Setup
General ITIM Topics
Related technologies
Retrieved from "http://tech.ivkin.net/wiki/IBM_Tivoli_Identity_Manager_JavaScript_How_To"
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox