26.5 Allowing a Named Password to be Retrieved over LDAP

You can add a boolean definition to the User Application driver to allow a named password to be retrieved over LDAP from a workflow. To take advantage of this feature, you need to create a global configuration value allow-fetch-named-passwords.

Here’s a sample definition:

<definitions>
    <definition display-name="Allow Named Password to be retrieved over LDAP"
name="allow-fetch-named-passwords" type="boolean">
        <value>false</value>
        <description>Allow Named Password to be retrieved over LDAP. If the
value is true, then the named password value can be fetched using the LDAP
extension
com.novell.nds.dirxml.ldap.GetNamedPasswordRequest/com.novell.nds.dirxml.ldap.GetNamedPasswordResponse.</description>
    </definition>
</definitions>

If the global configuration is not present, the runtime functions as if the definition is present and the value is set to false. If you then try to use the GCV script method getValueForNamedPassword(String valueKey), an exception is thrown since the permission is set to false. If you want to be able to use the method, then the value for allow-fetch-named-passwords variable must be true.

If the gcv variable allow-fetch-named-passwords does not exist, you have to create the variable and set it to true. If it already exists, you can simply need to set the value to true.

NOTE:To retrieve a named password, you must use the GCV script method getValueForNamedPassword on a GCV of the password-ref type, which points to the named password. You cannot use the get script method.

To add the GCV value for the allow-fetch-named-passwords option:

  1. In iManager, double click on the User Application driver.

  2. Click on the Global Configuration Values tab.

  3. Click on the Add button.

  4. Fill out the definition, as described below:

    1. Specify allow-fetch-named-passwords as the name for the global configuration definition.

    2. Specify Allow Named Password to be retrieved over LDAP as the display name.

    3. Provide a description for the definition.

    4. Specify boolean as the Type.

  5. Click OK.

  6. Set the value to true or false and click Apply.

  7. Create a named password in your User Application driver.

  8. Create a GCV of the type password-ref that points to the named password you want to be able to read.

  9. In your workflow, use the function getValueForNamedPassword to retrieve the value of the named password, using the following syntax:

    GCV.getValueForNamedPassword('PasswordRefGCV')