| Back | Main view
Generic connector field evaluation using embedded translation rules
| Product: | IMiS/ARChive |
| Release: | Since 9.9.1810 |
| Date: | 04/20/2021 |
Case:
Generic connector fields can be configured using embedded translation rules. Here we present a few examples of field configuration, which uses embedded translation rules for its evaluation.
Description:
Embedded translation rules, which are supported by all generic connectors are:
- MASK: value is used to "mask" integer values (logical AND operation)
- RDX: radix value which is used for integer value translation
- OFF: bit offset, which is used for bitfield operations (offset is zero based)
- VAL: list of values, which represents logical "true" (value delimiter is '#')
- NEG: true represent value negation, false does not negate value
- DEL: value represents delimiter in expression field - such expression is first split by delimiter and then each split value is used as value expression
- REMEMPTY: true if empty values will be skipped from resultset, false means that empty values are preserved
- TRIM: true means that value will be trimmed, false means that value is preserved as is
Field types, which supports embedded translation rules (with its execution order) are:
- STRING: TRIM, REMEMPTY
- BINARY: TRIM, REMEMPTY
- BITFIELD: RDX, OFF (required), NEG, TRIM, REMEMPTY
- BOOLEAN: VAL (required), NEG, TRIM, REMEMPTY
- INT: RDX, NEG, MASK, TRIM, REMEMPTY
- EXPRESSION: DEL, TRIM, REMEMPTY
All following examples are based on configuration using Active Directory.
Example 1: 'sAMAccountName' and 'objectGUID' are used for synchronized user/group account name and universally unique identifier. Both values are trimmed, if trimmed values represent empty string they are removed from resultset.
<Arguments>
...
<Field key="sys:dir:Account" type="string" typeExt="TRIM=true,REMEMPTY=true">sAMAccountName</Field>
<Field key="sys:dir:UUID" type="binary" typeExt="TRIM=true,REMEMPTY=true">objectGUID</Field>
...
</Arguments>
Example 2: 'ACCOUNTDISABLE' flag in 'userAccountControl' is used to enable or disable synchronized user on server.
<Arguments>
...
<Field key="sys:dir:Flags:Enabled" type="bitfield" typeExt="OFF=1,NEG=true" scope="user">userAccountControl</Field>
...
</Arguments>
Example 3: 'lockoutTime' value is used to determ if synchronized user is locked.
<Arguments>
...
<Field key="sys:dir:Flags:Locked" type="boolean" typeExt="VAL=0,NEG=true" scope="user">lockoutTime</Field>
...
</Arguments>
Example 4: 'userPrincipalName' and 'distinguishedName' are used for aliases on synchronized user. Alias values are trimmed and removed if they are empty.
<Arguments>
...
<Field key="user_principal_name" type="string" scope="user">userPrincipalName</Field>
<Field key="distinguished_name" type="string" scope="user">distinguishedName</Field>
<Field key="sys:dir:Aliases" scope="user" type="expression" typeExt="DEL=#,TRIM=true,REMEMPTY=true">%distinguished_name%#%user_principal_name%</Field>
...
</Arguments>
Example 5: Next example is combination of INT and EXPRESSION fields with javascript to enable or disable synchronized user on server. For details about using javascript in filed evaluation, check article 'Generic connector field evaluation using javascript'.
<Arguments>
...
<Field key="account_disable" type="int" scope="user" typeExt="RDX=10,MASK=2">userAccountControl</Field>
<Field key="sys:dir:Flags:Enabled" scope="user" type="expression" preScript="(sys_dir_Flags_Enabled[0] == '0' ? 'true' : 'false')">%account_disable%</Field>
...
</Arguments>
Related Documents:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4
- Generic connector field evaluation using javascript
| Back | Main view