Topic
  • 15 replies
  • Latest Post - ‏2013-10-21T13:17:56Z by Erik@Gemini
Mcdz
Mcdz
35 Posts

Pinned topic tdi Ldap connector

‏2013-10-16T07:15:11Z |

i try to add member on exist group but i don't know how to use

ldapconnector.connector.modentry(entry,search criteria)

var en = system.newEntry();

en.addAttributeValue("member","cn="+work.full+",cn=user,cn=container,o=acme,CN=LOCALHOST");

Add.connector.modEntry(en,"cn=administrator,cn=priority group,o=acme,cn=localhost"); i try to use this code in script but i get this error

ERROR - CTGDIS077I Failed with error: Script interpreter error, line=22, col=23: Java method 'modEntry(com.ibm.di.entry.Entry, string)' on java class 'com.ibm.di.connector.LDAPConnector' not found.
 
  • Erik@Gemini
    Erik@Gemini
    28 Posts
    ACCEPTED ANSWER

    Re: tdi Ldap connector

    ‏2013-10-17T19:29:45Z  

    This is how I usually do it in script.  It assumes that you have a connector to your LDAP directory in *passive* mode called "myLDAP".  It sets up the group and user distinguished names as variables, then checks to see if the user is already in the group before attempting to add

    // setup some variables
    ldap  = myLDAP.getConnector();
    user_dn  = "cn=" + work.full + ",cn=user,cn=container,o=acme,CN=LOCALHOST";
    group_dn = "cn=administrator,cn=priority group,o=acme,cn=localhost";
    // first see if he's already in the group
    alreadyInGroup = ldap.compare(group_dn, "member", user_dn);
    // only if he's not in the group, attempt to update LDAP
    if (!alreadyInGroup) {
    task.logmsg("**!!  user " + user_dn + " does not yet exist in group " + group_dn + " ... so trying to add" );
      try {        ldap.addAttributeValue(group_dn, "member", user_dn);
      } 
    catch (e) {   
    task.logmsg("**XX  exception in addAttributeValue: " + e.toString() ); 
    }
    }

     

    (formatting sucks...  sorry)

    Updated on 2013-10-17T19:33:43Z at 2013-10-17T19:33:43Z by Erik@Gemini
  • mark99
    mark99
    26 Posts

    Re: tdi Ldap connector

    ‏2013-10-16T09:03:58Z  

     

     

    use a SearchCriteria as second parameter

    I have no experiance with this but this is good link to start your seach

    http://www.stephen-swann.co.uk/javadoc/tdi7.0/com/ibm/di/server/SearchCriteria.html

     

  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-16T09:27:21Z  
    • mark99
    • ‏2013-10-16T09:03:58Z

     

     

    use a SearchCriteria as second parameter

    I have no experiance with this but this is good link to start your seach

    http://www.stephen-swann.co.uk/javadoc/tdi7.0/com/ibm/di/server/SearchCriteria.html

     

    i have seen this page but i don't understand 

    Have to declare&define an object for searchcriteria? 

    thank you mark99

     

  • mark99
    mark99
    26 Posts

    Re: tdi Ldap connector

    ‏2013-10-16T09:40:38Z  
    • Mcdz
    • ‏2013-10-16T09:27:21Z

    i have seen this page but i don't understand 

    Have to declare&define an object for searchcriteria? 

    thank you mark99

     

    Found this on google
     var ctor = input.getConnector();
     var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM");
     crit.addCriteria("name", com.ibm.di.SearchCriteria.INITIAL_STRING, "J");
     crit.addCriteria("objectclass", com.ibm.di.SearchCriteria.SUBSTRING, "person");
     var res = ctor.findEntry(crit);
    
    Updated on 2013-10-16T09:41:41Z at 2013-10-16T09:41:41Z by mark99
  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-16T10:12:38Z  
    • mark99
    • ‏2013-10-16T09:40:38Z
    <pre dir="ltr" style="color: rgb(0, 0, 0);">Found this on google var ctor = input.getConnector(); var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM"); crit.addCriteria("name", com.ibm.di.SearchCriteria.INITIAL_STRING, "J"); crit.addCriteria("objectclass", com.ibm.di.SearchCriteria.SUBSTRING, "person"); var res = ctor.findEntry(crit); </pre>
    var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM");
    

    can't use this command

    Failed with error: 'com' not found.

  • yn2000
    yn2000
    1112 Posts

    Re: tdi Ldap connector

    ‏2013-10-16T14:55:48Z  
    • Mcdz
    • ‏2013-10-16T10:12:38Z
    <pre dir="ltr" style="margin-top: 0px; margin-bottom: 0px; padding: 0px; border: 0px; outline: 0px; vertical-align: baseline; font-family: 'Courier New', Courier, monospace; line-height: 18px; color: rgb(0, 0, 0);">var crit = new com.ibm.di.SearchCriteria("$dn", com.ibm.di.SearchCriteria.SUBSTRING, "c=US,o=IBM"); </pre>

    can't use this command

    Failed with error: 'com' not found.

    I wonder how you guarantee whether the new member that you add is not existed.

    In the old school, I did not use those fancy scripts. I would read the existing member data, loop them to check whether the new member is existed, add the new member only if it does not exist, and then put the member data back. Lucky me, I have never been presented with a group that has millions of members; so, I did not know the capacity and performance measurement on this type of solution.

    Rgds. YN.

  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-17T04:08:12Z  
    • yn2000
    • ‏2013-10-16T14:55:48Z

    I wonder how you guarantee whether the new member that you add is not existed.

    In the old school, I did not use those fancy scripts. I would read the existing member data, loop them to check whether the new member is existed, add the new member only if it does not exist, and then put the member data back. Lucky me, I have never been presented with a group that has millions of members; so, I did not know the capacity and performance measurement on this type of solution.

    Rgds. YN.

    i'll  loop to check if exist and add the rest . 

    i wonder how to defind and declare criteria i can't find any document

    i find some example from google but it can't use

     

  • yn2000
    yn2000
    1112 Posts

    Re: tdi Ldap connector

    ‏2013-10-17T07:06:15Z  
    • Mcdz
    • ‏2013-10-17T04:08:12Z

    i'll  loop to check if exist and add the rest . 

    i wonder how to defind and declare criteria i can't find any document

    i find some example from google but it can't use

     

    Sorry, I never build my own 
    SearchCriteria, because I never need it. 
    I believe what you need is enabling the 'Build criteria with custom script' 
    and then construct the LDAP filter into ret.filter value. For example:
    
    
    myvar = work.getString("name");
    ret.filter = "(&(objectclass=person)(cn=" + myvar + "))";
    

    Rgds. YN.

    Updated on 2013-10-17T07:22:34Z at 2013-10-17T07:22:34Z by yn2000
  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-17T08:54:25Z  
    • yn2000
    • ‏2013-10-17T07:06:15Z
    <pre dir="ltr">Sorry, I never build my own SearchCriteria, because I never need it. I believe what you need is enabling the 'Build criteria with custom script' and then construct the LDAP filter into ret.filter value. For example: </pre> <pre dir="ltr"> myvar = work.getString("name"); ret.filter = "(&(objectclass=person)(cn=" + myvar + "))"; </pre>

    Rgds. YN.

    i had try ldap query but don't work . don't know what kind of query is require for this parameter(search criteria)

    aways get error like this 

    ERROR - CTGDIS077I Failed with error: Script interpreter error, line=21, col=31: Java method 'modEntry(com.ibm.di.entry.Entry, string)' on java class 'com.ibm.di.connector.LDAPConnector' not found.

  • yn2000
    yn2000
    1112 Posts

    Re: tdi Ldap connector

    ‏2013-10-17T13:11:48Z  
    • Mcdz
    • ‏2013-10-17T08:54:25Z

    i had try ldap query but don't work . don't know what kind of query is require for this parameter(search criteria)

    aways get error like this 

    ERROR - CTGDIS077I Failed with error: Script interpreter error, line=21, col=31: Java method 'modEntry(com.ibm.di.entry.Entry, string)' on java class 'com.ibm.di.connector.LDAPConnector' not found.

    I have 2 lines of code, you have 21 lines of code. So, I am not really sure I understand what you are trying to do here.

    How about this... remove all java programming from your script. In the first couple of years I use TDI, I do not touch the java programming portion of it. So, I bet you do not need it neither, especially you are talking about LDAP connector that everybody uses it. Focus on the programming design with 'work' entity and use javascript.

    Analogy... you might be a pilot who used to fly a helicopter, but here we are talking about just driving a car.

    Rgds. YN.

     

  • Erik@Gemini
    Erik@Gemini
    28 Posts

    Re: tdi Ldap connector

    ‏2013-10-17T19:29:45Z  

    This is how I usually do it in script.  It assumes that you have a connector to your LDAP directory in *passive* mode called "myLDAP".  It sets up the group and user distinguished names as variables, then checks to see if the user is already in the group before attempting to add

    // setup some variables
    ldap  = myLDAP.getConnector();
    user_dn  = "cn=" + work.full + ",cn=user,cn=container,o=acme,CN=LOCALHOST";
    group_dn = "cn=administrator,cn=priority group,o=acme,cn=localhost";
    // first see if he's already in the group
    alreadyInGroup = ldap.compare(group_dn, "member", user_dn);
    // only if he's not in the group, attempt to update LDAP
    if (!alreadyInGroup) {
    task.logmsg("**!!  user " + user_dn + " does not yet exist in group " + group_dn + " ... so trying to add" );
      try {        ldap.addAttributeValue(group_dn, "member", user_dn);
      } 
    catch (e) {   
    task.logmsg("**XX  exception in addAttributeValue: " + e.toString() ); 
    }
    }

     

    (formatting sucks...  sorry)

    Updated on 2013-10-17T19:33:43Z at 2013-10-17T19:33:43Z by Erik@Gemini
  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-18T02:50:39Z  
    • yn2000
    • ‏2013-10-17T13:11:48Z

    I have 2 lines of code, you have 21 lines of code. So, I am not really sure I understand what you are trying to do here.

    How about this... remove all java programming from your script. In the first couple of years I use TDI, I do not touch the java programming portion of it. So, I bet you do not need it neither, especially you are talking about LDAP connector that everybody uses it. Focus on the programming design with 'work' entity and use javascript.

    Analogy... you might be a pilot who used to fly a helicopter, but here we are talking about just driving a car.

    Rgds. YN.

     

    thank you for you help yn2000 it's input problem . it's easier if i just tell them to create a new feeds.

    and just use normally connector to add or update ldap.

  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-18T02:59:35Z  

    This is how I usually do it in script.  It assumes that you have a connector to your LDAP directory in *passive* mode called "myLDAP".  It sets up the group and user distinguished names as variables, then checks to see if the user is already in the group before attempting to add

    // setup some variables
    ldap  = myLDAP.getConnector();
    user_dn  = "cn=" + work.full + ",cn=user,cn=container,o=acme,CN=LOCALHOST";
    group_dn = "cn=administrator,cn=priority group,o=acme,cn=localhost";
    // first see if he's already in the group
    alreadyInGroup = ldap.compare(group_dn, "member", user_dn);
    // only if he's not in the group, attempt to update LDAP
    if (!alreadyInGroup) {
    task.logmsg("**!!  user " + user_dn + " does not yet exist in group " + group_dn + " ... so trying to add" );
      try {        ldap.addAttributeValue(group_dn, "member", user_dn);
      } 
    catch (e) {   
    task.logmsg("**XX  exception in addAttributeValue: " + e.toString() ); 
    }
    }

     

    (formatting sucks...  sorry)

    thank you for you respond. yes this is what i'm trying to do but before you can add more attribute to an exist entry

    you have to find this entry by using searchcriteria  parameter in modentry method to find it and this is the problem

    i don't know how to use this searchcriteria. need to build new one or  it require to use some kind of query.

  • Erik@Gemini
    Erik@Gemini
    28 Posts

    Re: tdi Ldap connector

    ‏2013-10-18T13:41:42Z  
    • Mcdz
    • ‏2013-10-18T02:59:35Z

    thank you for you respond. yes this is what i'm trying to do but before you can add more attribute to an exist entry

    you have to find this entry by using searchcriteria  parameter in modentry method to find it and this is the problem

    i don't know how to use this searchcriteria. need to build new one or  it require to use some kind of query.

    If you know the LDAP distinguished name of the group, and you know the DN of the user, you don't need to search for anything.  Maybe I'm missing what exactly you are searching for...  if you can describe your AL in a lot more detail, that would help.  What connectors are involved, what do they do?

    Or - just *try* the script above, it works.  It assumes you have a data source, where you get some user values into the work  (e.g.  work.full)...  and then a passive LDAP connector to your target where the group is.

  • Mcdz
    Mcdz
    35 Posts

    Re: tdi Ldap connector

    ‏2013-10-21T06:09:15Z  

    If you know the LDAP distinguished name of the group, and you know the DN of the user, you don't need to search for anything.  Maybe I'm missing what exactly you are searching for...  if you can describe your AL in a lot more detail, that would help.  What connectors are involved, what do they do?

    Or - just *try* the script above, it works.  It assumes you have a data source, where you get some user values into the work  (e.g.  work.full)...  and then a passive LDAP connector to your target where the group is.

    i'ts working sry i did't check it carefully thank you for you advise
    and what if i want to delete a member from a group?

    ldap. removeAttributeValue(group_dn, "member", user_dn) <---?

    Updated on 2013-10-21T10:07:59Z at 2013-10-21T10:07:59Z by Mcdz
  • Erik@Gemini
    Erik@Gemini
    28 Posts

    Re: tdi Ldap connector

    ‏2013-10-21T13:17:56Z  
    • Mcdz
    • ‏2013-10-21T06:09:15Z

    i'ts working sry i did't check it carefully thank you for you advise
    and what if i want to delete a member from a group?

    ldap. removeAttributeValue(group_dn, "member", user_dn) <---?

    yes - removeAttributeValue would do the opposite.