IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this community and its apps will no longer be available. More details available on our FAQ.
Topic
  • 6 replies
  • Latest Post - ‏2018-05-14T10:50:47Z by franzw
SystemAdmin
SystemAdmin
9855 Posts

Pinned topic ServiceSearch in Provisioning Policy

‏2011-04-07T09:22:07Z |
Hi all,
I'm trying to get service in the Provisioning Policy, to create an account, but the error?
From the service I need is my attribute.
How do I get service in politics?

In field:
-----Start javascript-------------------

function initService()
{
var erServ = null;
erServ = ServiceSearch.searchByFilter("(objectclass=erMyServiceRMIService)", 2);
var ergidnum = erServ.ersungidnumber;
if (ergidnum != null && ergidnum.length > 0 )
{
Enrole.log("myscript", "Service "+ erServ);
Enrole.log("myscript", "NextgidNum "+ ergidnum);
return ergidnum;
}
}
return initService
-----Stop javascript-------------------
Error:
<Component>com.ibm.itim.policy.dynanalysis</Component>
<ProductInstance>server1</ProductInstance>
<LogText><!CDATA[]></LogText>
<Source FileName="com.ibm.itim.policy.dynanalysis.AccountAuthority" Method="analyzeEnforcementForNewAccount"/>
<Thread>WebContainer : 25</Thread>
<Exception><![CDATA[com.ibm.itim.policy.ParameterEvaluationException: CTGIME013E A problem occurred evaluating a script based provisioning parameter for the Default Provisioning Policy for service MyService policy.
Policy DN: erglobalid=3005153181097423159,ou=policies,erglobalid=00000000000000000000,ou=ot,dc=com
Attribute name: gidnumber
Attribute value: function initService()
{
var erServ = null;
erServ = ServiceSearch.searchByFilter("(objectclass=erMyServiceRMIService)", 2);
var ergidnum = erServ.ersungidnumber;
if (ergidnum != null && ergidnum.length > 0 )
{
Enrole.log("myscript", "Service "+ erServ);
Enrole.log("myscript", "NextgidNum "+ ergidnum);
return ergidnum;
}
}
return initService
Error: Script interpreter error, line=4, col=33
Reference Error : 'ServiceSearch' not found
. Enter valid javascript for Attribute name: gidnumber.
at com.ibm.itim.policy.script.ProvisioningParameterEvaluator.evaluate(ProvisioningParameterEvaluator.java:123)
at com.ibm.itim.policy.join.JoinDirector.evaluateAllParameters(JoinDirector.java:593)
at com.ibm.itim.policy.join.JoinDirector.combineEntitlements(JoinDirector.java:442)
.............
Caused by: com.ibm.itim.script.ScriptEvaluationException: Script interpreter error, line=4, col=33
Reference Error : 'ServiceSearch' not found
at com.ibm.itim.script.bsf.ITIMBSFScriptEvaluator.evaluate(ITIMBSFScriptEvaluator.java:236)
.............
Caused by: org.apache.bsf.BSFException: Script interpreter error, line=4, col=33
Reference Error : 'ServiceSearch' not found
at com.ibm.itim.script.bsf.ibmjs.JSBSFEngine.eval(JSBSFEngine.java:275)
at org.apache.bsf.BSFManager$5.run(BSFManager.java:437)
............
Caused by:
com.ibm.itim.script.ScriptEvaluationException: Script interpreter error, line=4, col=33
Reference Error : 'ServiceSearch' not found
at com.ibm.itim.script.bsf.ITIMBSFScriptEvaluator.evaluate(ITIMBSFScriptEvaluator.java:236)
at com.ibm.itim.script.bsf.ITIMBSFScriptEvaluator.evaluate(ITIMBSFScriptEvaluator.java:209)
...........
]]></Exception>
</Trace>
Updated on 2011-04-08T08:05:31Z at 2011-04-08T08:05:31Z by SystemAdmin
  • HomerJSimpson
    HomerJSimpson
    157 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2011-04-07T17:02:25Z  
    For the error you're hitting below you probably need to register ServiceModelExtension in the ProvisioningPolicy context in scriptframework.properties:
    example: ITIM.extension.ProvisioningPolicy.testme=com.ibm.itim.script.extensions.model.ServiceModelExtension

    that will probably clear up your error below, but you might then hit an error on your line # 5
    var ergidnum = erServ.ersungidnumber;

    if so, change this to:

    var ergidnum = erServ.getProperty('ersungidnumber');

    and change these lines:

    Enrole.log("myscript", "NextgidNum "+ ergidnum);
    return ergidnum;

    to

    Enrole.log("myscript", "NextgidNum "+ ergidnum[0]);
    return ergidnum[0];
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2011-04-08T07:06:11Z  
    For the error you're hitting below you probably need to register ServiceModelExtension in the ProvisioningPolicy context in scriptframework.properties:
    example: ITIM.extension.ProvisioningPolicy.testme=com.ibm.itim.script.extensions.model.ServiceModelExtension

    that will probably clear up your error below, but you might then hit an error on your line # 5
    var ergidnum = erServ.ersungidnumber;

    if so, change this to:

    var ergidnum = erServ.getProperty('ersungidnumber');

    and change these lines:

    Enrole.log("myscript", "NextgidNum "+ ergidnum);
    return ergidnum;

    to

    Enrole.log("myscript", "NextgidNum "+ ergidnum[0]);
    return ergidnum[0];
    Thanks for the reply.
    I have already added value to scriptframework.properties:
    ITIM.extension.ProvisioningPolicy=com.ibm.itim.policy.script.ProvisioningPolicyExtension
    ITIM.extension.ProvisioningPolicy.service=com.ibm.itim.script.extensions.ServiceExtension
    ITIM.extension.ProvisioningPolicy.subject=com.ibm.itim.script.extensions.SubjectExtension
    ITIM.extension.ProvisioningPolicy.attrs=com.ibm.itim.script.extensions.AttributesExtension
    ITIM.extension.ProvisioningPolicy.compat=com.ibm.itim.script.extensions.compat.ProvisioningPolicyCompatibilityExtension
    #my extension
    ITIM.extension.ProvisioningPolicy.1=com.ibm.itim.script.extensions.model.ServiceModelExtension

    Fixed to the proposed script:
    <Exception><![CDATA[com.ibm.itim.policy.ParameterEvaluationException: CTGIME013E A problem occurred evaluating a script based provisioning parameter for the Default Provisioning Policy for service SunLdap policy.
    Policy DN: erglobalid=3005153181097423159,ou=policies,erglobalid=00000000000000000000,ou=ot,dc=com
    Attribute name: gidnumber
    Attribute value: function initService()
    {
    var erServ = null;
    erServ = ServiceSearch.searchByFilter("(objectclass=erMyServiceRMIService)", 1);
    var ergidnum = erServ.getProperty('ersungidnumber');
    if (ergidnum != null && ergidnum.length > 0 )
    {
    Enrole.log("myscript", "NextgidNum "+ ergidnum[0]);
    return ergidnum[0];
    }
    }
    return initService();
    Error: Script interpreter error, line=5, col=23
    Error calling method 'getProperty(string)' on an object of type '[Ljava.lang.Object;'
    . Enter valid javascript for Attribute name: gidnumber.
    at com.ibm.itim.policy.script.ProvisioningParameterEvaluator.evaluate(ProvisioningParameterEvaluator.java:123)

    Also tried other variations:
    erServ = ServiceSearch.searchByFilter("(objectclass=erMyServiceRMIService)", 2)[0]

    ....
    var ergidnum = erServ.getProperty('ersungidnumber')[0];

    ....
    Tried to look for service on his behalf.
    1) erServ = ServiceSearch.searchByFilter("(erservicename=SunLdap)", 2);
    2) erServ = ServiceSearch.searchByFilter("(erservicename=SunLdap)", 1);
    3) erServ = ServiceSearch.searchByName("SunLdap");
    4) erServ = ServiceSearch.searchByName("SunLdap", 2);

    When trying to determine (var ergidnum = erServ.ersungidnumber[0];) the attribute appears this error:

    Error: Script interpreter error, line=4, col=23
    Unknown member 'ersungidnumber' in Java Class 'com.ibm.itim.script.wrappers.generic.DirectoryObjectWrapper'
    . Enter valid javascript for Attribute name: gidnumber.]]></LogText>
    It seems not determined by the service itself, how else can I try?
    In general I need to enter in the registration account's
    Attribute "uidNumber" required by object class "posixAccount" and
    attribute "gidNumber" required by object class "posixAccount".
    I would like to calculate their in script.
    When you create a service, specify the initial values ​​on it, and beyond them to compute.
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2011-04-08T08:05:27Z  
    The solution is found, everything was just.

    function initService()
    {
    var ergidnum = service.getProperty("ersungidnumber")[0];
    if (ergidnum != null && ergidnum.length > 0 )
    {
    Enrole.log("myscript", "NextgidNum "+ ergidnum);
    return ergidnum;
    }
    }
    return initService();
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2011-04-08T08:05:31Z  
    The solution is found, everything was just.

    function initService()
    {
    var ergidnum = service.getProperty("ersungidnumber")[0];
    if (ergidnum != null && ergidnum.length > 0 )
    {
    Enrole.log("myscript", "NextgidNum "+ ergidnum);
    return ergidnum;
    }
    }
    return initService();
  • Mr Kekana
    Mr Kekana
    2 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2018-05-14T09:51:22Z  
    The solution is found, everything was just.

    function initService()
    {
    var ergidnum = service.getProperty("ersungidnumber")[0];
    if (ergidnum != null && ergidnum.length > 0 )
    {
    Enrole.log("myscript", "NextgidNum "+ ergidnum);
    return ergidnum;
    }
    }
    return initService();

    Guys am trying to call the service name and full name using javascript in provisioning policy for Security Identity Manager IBM. Please provide me with the answer.

     

    And the other thing in the user interface(UI) console am trying to allow the user to only see the application is suppose to see and access, but in the manage access type the role has a bunch of services that the user , the user I created also see.

  • franzw
    franzw
    519 Posts

    Re: ServiceSearch in Provisioning Policy

    ‏2018-05-14T10:50:47Z  
    • Mr Kekana
    • ‏2018-05-14T09:51:22Z

    Guys am trying to call the service name and full name using javascript in provisioning policy for Security Identity Manager IBM. Please provide me with the answer.

     

    And the other thing in the user interface(UI) console am trying to allow the user to only see the application is suppose to see and access, but in the manage access type the role has a bunch of services that the user , the user I created also see.

    If you want an answer you better qualify your question somewhat better - what is your goal and what have you tried (show us your code) etc.

    Remember that we as a community here are doing this on our free time and we can choose whether to help or just leave you question unanswered...

    To improve your understanding I can recommend you to read up how this works here : http://www.catb.org/esr/faqs/smart-questions.html

    Regards

    Franz Wolfhagen