Topic
15 replies Latest Post - ‏2013-10-21T13:17:56Z by Erik@Gemini
Mcdz
Mcdz
35 Posts
ACCEPTED ANSWER

Pinned topic tdi Ldap connector

‏2013-10-16T07:15:11Z |

i try to add member on exist group but i don't know how to use

ldapconnector.connector.modentry(entry,search criteria)

var en = system.newEntry();

en.addAttributeValue("member","cn="+work.full+",cn=user,cn=container,o=acme,CN=LOCALHOST");

Add.connector.modEntry(en,"cn=administrator,cn=priority group,o=acme,cn=localhost"); i try to use this code in script but i get this error

ERROR - CTGDIS077I Failed with error: Script interpreter error, line=22, col=23: Java method 'modEntry(com.ibm.di.entry.Entry, string)' on java class 'com.ibm.di.connector.LDAPConnector' not found.
 
  • mark99
    mark99
    26 Posts
    ACCEPTED ANSWER

    Re: tdi Ldap connector

    ‏2013-10-16T09:03:58Z  in response to Mcdz

     

     

    use a SearchCriteria as second parameter

    I have no experiance with this but this is good link to start your seach

    http://www.stephen-swann.co.uk/javadoc/tdi7.0/com/ibm/di/server/SearchCriteria.html

     

    • Mcdz
      Mcdz
      35 Posts
      ACCEPTED ANSWER

      Re: tdi Ldap connector

      ‏2013-10-16T09:27:21Z  in response to mark99

      i have seen this page but i don't understand 

      Have to declare&define an object for searchcriteria? 

      thank you mark99

       

      • mark99
        mark99
        26 Posts
        ACCEPTED ANSWER

        Re: tdi Ldap connector

        ‏2013-10-16T09:40:38Z  in response to Mcdz
        Found this on google
         var ctor = input.getConnector();
         var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM");
         crit.addCriteria("name", com.ibm.di.SearchCriteria.INITIAL_STRING, "J");
         crit.addCriteria("objectclass", com.ibm.di.SearchCriteria.SUBSTRING, "person");
         var res = ctor.findEntry(crit);
        
        Updated on 2013-10-16T09:41:41Z at 2013-10-16T09:41:41Z by mark99
        • Mcdz
          Mcdz
          35 Posts
          ACCEPTED ANSWER

          Re: tdi Ldap connector

          ‏2013-10-16T10:12:38Z  in response to mark99
          var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM");
          

          can't use this command

          Failed with error: 'com' not found.

          • yn2000
            yn2000
            1033 Posts
            ACCEPTED ANSWER

            Re: tdi Ldap connector

            ‏2013-10-16T14:55:48Z  in response to Mcdz

            I wonder how you guarantee whether the new member that you add is not existed.

            In the old school, I did not use those fancy scripts. I would read the existing member data, loop them to check whether the new member is existed, add the new member only if it does not exist, and then put the member data back. Lucky me, I have never been presented with a group that has millions of members; so, I did not know the capacity and performance measurement on this type of solution.

            Rgds. YN.

            • Mcdz
              Mcdz
              35 Posts
              ACCEPTED ANSWER

              Re: tdi Ldap connector

              ‏2013-10-17T04:08:12Z  in response to yn2000

              i'll  loop to check if exist and add the rest . 

              i wonder how to defind and declare criteria i can't find any document

              i find some example from google but it can't use

               

              • yn2000
                yn2000
                1033 Posts
                ACCEPTED ANSWER

                Re: tdi Ldap connector

                ‏2013-10-17T07:06:15Z  in response to Mcdz
                Sorry, I never build my own 
                SearchCriteria, because I never need it. 
                I believe what you need is enabling the 'Build criteria with custom script' 
                and then construct the LDAP filter into ret.filter value. For example:
                
                
                myvar = work.getString("name");
                ret.filter = "(&(objectclass=person)(cn=" + myvar + "))";
                

                Rgds. YN.

                Updated on 2013-10-17T07:22:34Z at 2013-10-17T07:22:34Z by yn2000
                • Mcdz
                  Mcdz
                  35 Posts
                  ACCEPTED ANSWER

                  Re: tdi Ldap connector

                  ‏2013-10-17T08:54:25Z  in response to yn2000

                  i had try ldap query but don't work . don't know what kind of query is require for this parameter(search criteria)

                  aways get error like this 

                  ERROR - CTGDIS077I Failed with error: Script interpreter error, line=21, col=31: Java method 'modEntry(com.ibm.di.entry.Entry, string)' on java class 'com.ibm.di.connector.LDAPConnector' not found.

                  • yn2000
                    yn2000
                    1033 Posts
                    ACCEPTED ANSWER

                    Re: tdi Ldap connector

                    ‏2013-10-17T13:11:48Z  in response to Mcdz

                    I have 2 lines of code, you have 21 lines of code. So, I am not really sure I understand what you are trying to do here.

                    How about this... remove all java programming from your script. In the first couple of years I use TDI, I do not touch the java programming portion of it. So, I bet you do not need it neither, especially you are talking about LDAP connector that everybody uses it. Focus on the programming design with 'work' entity and use javascript.

                    Analogy... you might be a pilot who used to fly a helicopter, but here we are talking about just driving a car.

                    Rgds. YN.

                     

                    • Mcdz
                      Mcdz
                      35 Posts
                      ACCEPTED ANSWER

                      Re: tdi Ldap connector

                      ‏2013-10-18T02:50:39Z  in response to yn2000

                      thank you for you help yn2000 it's input problem . it's easier if i just tell them to create a new feeds.

                      and just use normally connector to add or update ldap.

  • Erik@Gemini
    Erik@Gemini
    7 Posts
    ACCEPTED ANSWER

    Re: tdi Ldap connector

    ‏2013-10-17T19:29:45Z  in response to Mcdz

    This is how I usually do it in script.  It assumes that you have a connector to your LDAP directory in *passive* mode called "myLDAP".  It sets up the group and user distinguished names as variables, then checks to see if the user is already in the group before attempting to add

    // setup some variables
    ldap  = myLDAP.getConnector();
    user_dn  = "cn=" + work.full + ",cn=user,cn=container,o=acme,CN=LOCALHOST";
    group_dn = "cn=administrator,cn=priority group,o=acme,cn=localhost";
    // first see if he's already in the group
    alreadyInGroup = ldap.compare(group_dn, "member", user_dn);
    // only if he's not in the group, attempt to update LDAP
    if (!alreadyInGroup) {
    task.logmsg("**!!  user " + user_dn + " does not yet exist in group " + group_dn + " ... so trying to add" );
      try {        ldap.addAttributeValue(group_dn, "member", user_dn);
      } 
    catch (e) {   
    task.logmsg("**XX  exception in addAttributeValue: " + e.toString() ); 
    }
    }

     

    (formatting sucks...  sorry)

    Updated on 2013-10-17T19:33:43Z at 2013-10-17T19:33:43Z by Erik@Gemini
    • Mcdz
      Mcdz
      35 Posts
      ACCEPTED ANSWER

      Re: tdi Ldap connector

      ‏2013-10-18T02:59:35Z  in response to Erik@Gemini

      thank you for you respond. yes this is what i'm trying to do but before you can add more attribute to an exist entry

      you have to find this entry by using searchcriteria  parameter in modentry method to find it and this is the problem

      i don't know how to use this searchcriteria. need to build new one or  it require to use some kind of query.

      • Erik@Gemini
        Erik@Gemini
        7 Posts
        ACCEPTED ANSWER

        Re: tdi Ldap connector

        ‏2013-10-18T13:41:42Z  in response to Mcdz

        If you know the LDAP distinguished name of the group, and you know the DN of the user, you don't need to search for anything.  Maybe I'm missing what exactly you are searching for...  if you can describe your AL in a lot more detail, that would help.  What connectors are involved, what do they do?

        Or - just *try* the script above, it works.  It assumes you have a data source, where you get some user values into the work  (e.g.  work.full)...  and then a passive LDAP connector to your target where the group is.

        • Mcdz
          Mcdz
          35 Posts
          ACCEPTED ANSWER

          Re: tdi Ldap connector

          ‏2013-10-21T06:09:15Z  in response to Erik@Gemini

          i'ts working sry i did't check it carefully thank you for you advise
          and what if i want to delete a member from a group?

          ldap. removeAttributeValue(group_dn, "member", user_dn) <---?

          Updated on 2013-10-21T10:07:59Z at 2013-10-21T10:07:59Z by Mcdz
          • Erik@Gemini
            Erik@Gemini
            7 Posts
            ACCEPTED ANSWER

            Re: tdi Ldap connector

            ‏2013-10-21T13:17:56Z  in response to Mcdz

            yes - removeAttributeValue would do the opposite.