Section 10.5, “Basic Data Flow Configuration” shows how to trigger scripts when objects are created and updated. Other situations require you to trigger scripts in response to other synchronization actions. For example, you might not want OpenIDM to delete a managed user directly when an external account is deleted, but instead unlink the objects and deactivate the user in another resource. (Alternatively, you might delete the object in OpenIDM but nevertheless execute a script.) The following example shows a more advanced mapping configuration.
1
{
"mappings": [
{
5 "name": "systemLdapAccount_managedUser",
"source": "system/ldap/account",
"target": "managed/user",
"validSource": {
"type": "text/javascript",
10 "file": "script/isValid.js"
},
"correlationQuery": {
"type": "text/javascript",
"file": "script/ldapCorrelationQuery.js"
15 },
"properties": [
{
"source": "uid",
"transform": {
20 "type": "text/javascript",
"source": "source.toLowerCase()"
},
"target": "userName"
},
25 {
"source": "",
"transform": {
"type": "text/javascript",
"source": "if (source.myGivenName)
30 {source.myGivenName;} else {source.givenName;}"
},
"target": "givenName"
},
{
35 "source": "",
"transform": {
"type": "text/javascript",
"source": "if (source.mySn)
{source.mySn;} else {source.sn;}"
40 },
"target": "familyName"
},
{
"source": "cn",
45 "target": "fullname"
},
{
"comment": "Multi-valued in LDAP, single-valued in AD.
Retrieve first non-empty value.",
50 "source": "title",
"transform": {
"type": "text/javascript",
"file": "script/getFirstNonEmpty.js"
},
55 "target": "title"
},
{
"condition": {
"type": "text/javascript",
60 "source": "var clearObj = openidm.decrypt(object);
((clearObj.password != null) &&
(clearObj.ldapPassword != clearObj.password))"
},
"transform": {
65 "type": "text/javascript",
"source": "source.password"
},
"target": "__PASSWORD__"
}
70 ],
"onCreate": {
"type": "text/javascript",
"source": "target.ldapPassword = null;
target.adPassword = null;
75 target.password = null;
target.ldapStatus = 'New Account'"
},
"onUpdate": {
"type": "text/javascript",
80 "source": "target.ldapStatus = 'OLD'"
},
"onUnlink": {
"type": "text/javascript",
"file": "script/triggerAdDisable.js"
85 },
"policies": [
{
"situation": "CONFIRMED",
"action": "UPDATE"
90 },
{
"situation": "FOUND",
"action": "UPDATE"
},
95 {
"situation": "ABSENT",
"action": "CREATE"
},
{
100 "situation": "AMBIGUOUS",
"action": "EXCEPTION"
},
{
"situation": "MISSING",
105 "action": "EXCEPTION"
},
{
"situation": "UNQUALIFIED",
"action": "UNLINK"
110 },
{
"situation": "UNASSIGNED",
"action": "EXCEPTION"
}
115 ]
}
]
}The following list shows all the properties that you can use as hooks in mapping configurations to call scripts.
- Triggered by Situation
-
onCreate, onUpdate, onDelete, onLink, onUnlink
- Object Filter
-
vaildSource, validTarget
- Correlating Objects
-
correlationQuery
- Triggered on Reconciliation
-
result
- Scripts Inside Properties
-
condition, transform
Your scripts can get data from any connected system at any time by
using the openidm.read(id) function, where
id is the identifier of the object to read.
The following example reads a managed user object from the repository.
repoUser = openidm.read("managed/user/ddoe);The following example reads an account from an external LDAP resource.
externalAccount = openidm.read("system/ldap/account/uid=ddoe,ou=People,dc=example,dc=com");Note that the query targets a DN rather than a UID, as it did in the
previous example. The attribute that is used for the _id
is defined in the connector configuration file and, in this example, is set
to "uidAttribute" : "dn". Although it is possible to use
a DN (or any unique attribute) for the _id, as a best
practice, you should use an attribute that is both unique and immutable.
