A Forum reader recently asked:

“I want to execute an script on a local or remote server, once a userID has been provisioned or deprovisioned or some other event occurs.”

And here’s a solution from Johan Akerstrom …


There are two options you can try:

1) Execute some java code that will launch an external process from a stylesheet or a policy. This option is not really recommended, because you don’t have any control over threading and the external application environment.

2a) Execute some java code that will create an external file, either empty or with some text in it to be processed by a cron job.
2b) Set up a cron job to monitor files in a folder awaiting the file drop from 2a. Act when files are found and the delete the dropped file.

Option 2 is more work but gives you better control. Below I’ve added two different Java classes to perform either option 1 or 2.


public class CosmosKeyCreateFile{

    public static boolean CreateFile(String filename) throws Exception {
    	return CreateFile(filename, null);
    public static boolean CreateFile(String filename, String text) throws 
Exception {
         boolean success = false;
	 try {
	        File file = new File(filename);
	        success = file.createNewFile();
	        if (text != null){
		   BufferedWriter out = new BufferedWriter(new FileWriter(file));
         } catch ( e) {
         return success;
    public static void main(String[] args) throws Exception {
        if (args.length > 0){
	    String text = null;
	    if (args.length > 1){
	    	text = args[1];
            if (CreateFile(args[0],text)){
               System.out.println("File " + args[0] + " was created.");
            } else {
               System.out.println("File " + args[0] + " was NOT created.");
        } else {
            System.out.println("Usage: CosmosKeyCreateFile  <filename> [<text>]");
            System.out.println("Example: CosmosKeyCreateFile");
            System.out.println("Example: CosmosKeyCreateFile 
            System.out.println("Example: CosmosKeyCreateFile  myfile.job 
\"cp file1 file2\"");

public class CosmosKeyExecuteExternalApp{

    public static String execute(String command) throws Exception {
		String ret = "";
			Process process = Runtime.getRuntime().exec(command);
			BufferedReader input = new BufferedReader(new InputStreamReader(process.getInputStream()));
			InputStreamReader iar = new InputStreamReader(process.getInputStream());
			StringBuffer sb = new StringBuffer();
			String line = "";
			while ((line = input.readLine()) != null)
			ret = sb.toString();
		catch (Exception err)
			ret = err.toString();
		return ret;

    public static void main(String[] args) throws Exception {
        if (args.length > 0){
			System.out.println("External App Returned:");
			System.out.println("Usage: CosmosKeyExecuteExternalApp  <command>");
			System.out.println("Example: CosmosKeyExecuteExternalApp \"C:\\WINDOWS\\NOTEPAD.EXE\"");
			System.out.println("Example: CosmosKeyExecuteExternalApp \"/usr/bin/cp 
file1 file2\"");
			System.out.println("Example: CosmosKeyExecuteExternalApp \"\\\"C:\\Program 
Files\\utils\\whoami.exe\\\" --version\"");


1. Save the code with the filenames as stated above.

2. Compile the code as follows:

    javac -cp . 
    javac -cp .

This produces two .class files.

3. Zip the .class files.

4. Name the zip file “CosmosKeyUtils.jar”.

5. Drop the jar file in the same folder as all the other dirxml jar file such as the dirxml.jar file.

6. This policy should create a file called /home/shared/idmdrop/test with the contents of “Hello”.

  <?xml version="1.0" encoding="UTF-8"?> <policy xmlns:jCosmosKeyCreateFile 
=""> <rule> <actions>
  <do-set-local-variable name="hash"> <arg-string> <token-xpath expression="jCosmosKeyCreateFile:CreateFile('/home/shared/idmdrop/test','Hello')"/> 

  </arg-string></do-set-local-variable> </actions> </rule> </policy>

7. This policy should execute an external application called /usr/bin/whoami. The method call will not return until the external app terminates.

  <?xml version="1.0" encoding="UTF-8"?> <policy xmlns:jCosmosKeyExecuteExternalApp=""><rule>
  <actions><do-set-local-variable name="hash"> <arg-string>
  <token-xpath expression="jCosmosKeyExecuteExternalApp:execute('/usr/bin/whoami')"/> 

  </arg-string></do-set-local-variable> </actions> </rule> </policy>
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Nov 29, 2006
12:00 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow