How to Start an IDM Job from a Policy



By: furulo

August 6, 2008 11:47 am

Reads: 307

Comments:2

Rating:0

The IDM Job scheduler was introduced with IDM 3.5. The Job scheduler is an IDM utility that allows events to be scheduled. IDM Jobs can be configured and scheduled to disable accounts, to start a workflow, etc. IDM Jobs can be configured using iManager or Designer.

To implement an IDM Job, it is necessary to create the Job, configure its parameters (scope, notifications, etc) and to schedule when it will run. Jobs can be configured to run manually or to run based on a schedule.

scheduler-Designer_2_0.jpg

In certain circumstances, it might be necessary to start a Job from a Policy. This article explains how to accomplish this via an extension function call using the DXCommand class.

Since there are no specific Actions to start an IDM Job from a Policy, an alternative is to use the DXCommand class to trigger an IDM Job. The DxCommand Class is a command line Java program that supports various DirXML-related instructions.

Documentation

The documentation for the DxCommand Class can be found by clicking the following link:

http://developer.novell.com/documentation/dirxml/dirxmlbk/ref/javadocs/com/novell/nds/dirxml/util/DxCommand.html

The documentation for the DirXML Command Line Utility (DXCMD) can be found by clicking the following link:

http://www.novell.com/documentation/secure_identity_management.html

Sample Code

The following sample code starts an IDM Job from a Policy. The code logic is as follows:

- A variable is defined to invoke the DXCommand class.
- The variable Type must be Object.
- An XPath expression calls the commandLine Method.
- The following line arguments are used: user, password, “startJob” and Job name.

Note: When configuring the Policy’s Namespace definition, make sure Java Extension is selected.


<?xml version="1.0" encoding="UTF-8"?><policy xmlns:jcmd="http://www.novell.com/nxsl/java/com.novell.nds.dirxml.util.DxCommand">
	<rule>
		<description>Start a Job</description>
		<conditions/>
		<actions>
			<do-set-local-variable name="VarStartJob" scope="policy">
				<arg-object>
					<token-xpath expression="jcmd:commandLine(" -user admin.corp -password novell -startjob 'IDMJob.Generic Null.DriverSet.services.corp'")"/>
				</arg-object>
			</do-set-local-variable>
		</actions>
	</rule>
</policy>

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Identity Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

2 Comments

  1. By:geoffc

    You can easily use a Named password to store the Admin.corp password in the example as well.

    In fact, Lothar in his Password Notifier driver showed a way to look at who the security equals for the driver is, get that DN, then get the nspmDistributionPassword from that user, store them in a pair of variables, then you could replace the XPATH commmand of:
    jcmd:commandLine(” -user admin.corp -password novell -startjob ‘IDMJob.Generic Null.DriverSet.services.corp’

    With:
    jcmd:commandLine(” -user $USERNAME -password $PASSWORD -startjob ‘IDMJob.Generic Null.DriverSet.services.corp’

    For more fun and games, you could set up a standard named job in each driver, and then use a variable $JOBNAME, that you build by setting it to the string of IDMJob (or whatever your default name is, probably best to have a GCV on the driverset, then use a GCV on the driver if you need to override it with a different value) then the GCV dirxml.auto.driverdn (Though you would probably have to parseDN that GCV into dot notation from backslash, which it defaults too).

    Thus you could have a very generic rule, that you could include in your toolkit for any driver, with just setting one GCV value for the IDM Job name.

  2. By:anonymous

    Thank you for sharing.

Comment