Dynamic Pick Lists To Represent Current States on IDVault Objects.

I’ve implemented a number of PRD’s that allow an admin to modify attributes on a User, or other object, to facilitate provisioning. This model needs to

  1. Be able to identify if the user/object is a new object or a pre-existing one.
  2. If pre-existing, call up current state values for each relevant attribute.
  3. Provide a list of legitimate choices for certain attributes ( a dynamic pick list, generated on each “Load” of this PRD, displaying available Location objects and JobCode objects)
  4. Reset values, if the admin changes his mind on the object to be edited. (I.e. there is a field for entering the CN of the object to edit, and the admin can go back and change that before submitting.)

This solution will address each of these sections, to some degree, though the motivation to write this arose mostly out of the difficulties in setting/displaying a Boolean, and in “deselecting” a pick list. Enjoy.

1. Identifying Existing Object; 2. Populating fields from IDV data:

In this scenario, we were managing “phone” objects. So the admin enters the 5-Digit phone extension he/she wants to manage. That value is the “CN” of the phone object, and the following script is invoked as an “onChange” event in the CN field.

Note: There are two classes of phones in this use case: “general/pool” and “protected” A protected phone is identified by having a jobCode and Location attached to it. Also, an attribute is stored to determine if the phone/extension is currently “available” in the pool for random assignment.

onChange event in “CN” field:

var z = field.getValue(); // read in 5 digit phone number as a variable.

if (z != “”) // If anything has been entered, query the IDVault and establish an array variable, v, identifying the DN of the object that matches, if it matches.


var v = IDVault.globalQuery(null, "phone", {"cN":z});

if (v[0]!="") {       //If a DN is returned, process these actions

form.showMsg("You are Modifying an existing Extension.");

var own = IDVault.get(null, String(v[0]), 'ClientPhone', 'Owner');

if (!undef(own[0])) {  //custom inline script assesses if the “Owner” Attribute null.



else {

form.setValues("Owner", '');

//The following lines retrieve and set current values found on the existing object.

form.setValues("Surname", (IDVault.get(null, String(v[0]), 'ClientPhone', 'Surname')));

form.setValues("Given_Name", (IDVault.get(null, String(v[0]), 'ClientPhone', 'GivenName')));

form.setValues("Description", (IDVault.get(null, String(v[0]), 'ClientPhone', 'Description')));

//Next is moot to the discussion…Custom code generates an event based on the field name and the event

//from which it originates.  In this case, “onChange-CN” is fired.


//Retrieving the “protected” phone attributes, if they exist.

var j = (IDVault.get(null, String(v[0]), 'ClientPhone', 'jobCode'));

if (!undef(j[0])) {

field.fireEvent("jobexists");//causes code on the jobCode Field to select the current

//value from the pick list.

} else {

field.fireEvent("jobnix"); //Critical reset function, in support of item D in the summary


var loc = (IDVault.get(null, String(v[0]), 'ClientPhone', 'ClientLocationCode'));

if (!undef(loc[0])) {

field.fireEvent("locexists");//causes code on the Locations Field to select the current

//value from the pick list.

} else {

field.fireEvent("locnix");//Critical reset function, in support of item D in the summary




{   //BLANK All of the fields, since this is a NEW phone.

var dnval = "cn="+z+",ou=pho,ou=res,o=data";

//                            form.showMsg("DN value is: "+dnval);

form.setValues("dn", dnval);

form.setValues("Owner", '');

form.setValues("Surname", '');

form.setValues("Given_Name", '');

form.setValues("Description", '');

form.setValues("ClientPhoneAvailable", '');

form.showMsg("You are creating a NEW Extension");



2. 1 Retrieving Current State on the Boolean “Phone Available: “

While you can easily see the queries in the onLoad script above, for retrieving current owners, given name and surname, retrieving the current state of the Boolean “phoneAvailable” was trickier. It would always set the form as TRUE, regardless of value returned from the IDVault. This is where the code “field.event” comes in

Phone Available Field: onChange-CN event:

var z = event.getCustomData();//the value of the CN field is passed from the “field.event”

if (!undef(z)) //undef is a custom routine that detects null or undefined values; hat tip Rob Rawson, author.


var v = IDVault.globalQuery(null, "phone", {"cN":z});//DN of the phone object is retrieved

var x = IDVault.get(null, String(v[0]), 'ClientPhone', 'ClientPhoneAvailable');//value of available is retrieved

var value = (x.toString().toLowerCase() == "true");

check(field,value);//custom code converts this to a Boolean result



The “check” function is implemented as a script on the form’s “scripts” tab.
function check(field,value) // hat tip Rob Rawson, author.




if ( value )









catch (e) {}



2.2 Retrieving/Displaying Existing, selected Job and Locations

The onChange event above tests to see if a value exists for either/both of the jobCode or locationCode attributes. If yes, it fires a “jobExists” or “locationExists” event for the job and location fields to deal with.

Here’s the code for the Jobfield… the same works for the location field, with appropriate adjustments.

JobExists Event on JobCode Field:

var z = form.getValue(“CN”)

var v = IDVault.globalQuery(null, “phone”, {“cN”:z})

field.select(“jobCode=” + String(IDVault.get(null, String(v[0]), ‘ClientPhone’, ‘jobCode’)) + “,ou=job,ou=res,o=data”); (note: “jobCode” was used as the naming attribute, and an attribute on these objects… so, I’m essentially referencing the object by its “cn” when I call for “jobcode” in this query.)

3. Populating a Dynamic Pick List

OK… with Items 1 and 2 taken care of, we move on to Item 3: Providing a dynamic, accurate list of all available JobCodes and All Available Location codes.

In the jobCode and locCode fields, we have similar definitions and queries. String Pick List. Display values of the jobCode and the jobCode Description.

onLoad Events:

IDVault.globalQuery(“jobCode”, “listJobs”); //retrieve list of all existing job objects

window.jobs = field.getAllValues(); //store that retrieved list as a variable for later resets.


Obviously, this relies on having established queries in the DAL to retrieve a list of available jobs. That is out of scope for this doc.

#Note: For the location field, the query is modified to look up all location objects, and the variable is changed to “window.locs” to store those values. Same will be true in the “jobnix” and “locnix” events… change the variable referenced.

So here is what the form looks like after an admin has selected an existing, protected phone: (values redacted for anonymity)


The Admin can pick a new owner, change the “available” status, or select a job or Location Code to make the phone “Protected”.


4. Changing Extension and Resetting Values:

BUT… WHAT IF??? What if an admin decides that they want to work with a different extension? All the form values must be set to reflect “proper” status of these values. The “onChange” script for CN once again kicks in, when they change the 5 digit extension. Values get reset… except… what if the admin picks an existing phone that is NOT protected (and hence does NOT have a jobCode or LocationCode?)

If it is determined that a change has happened, and the admin wants to look at a phone with no job, we need to reset the PickList fields for Job and Location to “fully populated but UNSELECTED” … or else a submission would put a jobCode on the phone object, and make it appear to be protected when it is not. (i.e. – we don’t want “leftover” data to be pushed onto an object in the idvault.) The values are selected, and DE-selecting them is not obvious. (using “setValues, as for Given Name, does not work.)

First, in the “onChange” event of the CN field, I test to see if the newly selected existing phone has a job code or location code value or not. If they do NOT, then event “jobnix” and “locnix” fire, and those events are on each of the job and location fields, respectively to “deselect” the value.

JobNix is representative; some modifications for “locnix” would be made, to reference the proper variable.

jobCode Field: jobnix event

field.setValues( window.jobs[0], window.jobs[1], false ); //hat tip to Wolfgang Schreiber for providing the fix.

Jobnix takes the set of values “variablized” during the onLoad of the field (above) and resets the field to the original, unselected state.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Robert Schneider
May 5, 2014
2:55 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow