Example: Disabling Accounts through Active Sync-Enabled Adapters
In this example, the resource (an HR database) can be updated with an employee’s current status at the company. Based on the input from this HR database, the Active Sync-enabled adapter can disable, delete, create, or perform other actions on the user’s accounts across the enterprise by updating the Identity Manager repository.
The following code example disables all accounts for an employee if there is an incoming attribute called Status and it is not active (“A”). The following table identifies the four states of this attribute.
Table 3–5 Attribute States|
State |
Description |
|---|---|
|
A |
active |
|
T |
terminated |
|
L |
laid off |
|
S |
pending change |
Based on the value of the Status attribute, the account can be disabled or enabled.
Example 3–4 Disabling Accounts for Incoming, Inactive Status Attribute
<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE Configuration PUBLIC ’waveset.dtd’ ’waveset.dtd’>
<Configuration wstype=’UserForm’ name=’PeopleSoft ActiveSync Form’>
<Extension>
<Form>
<!-- this is a sample of how to map the accountID to a different field than the
one from the schema map
Commented out because we want to use the default account ID mapped from the resource
Schema Map.
<Field name=’waveset.accountId’>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
<Expansion>
<concat>
<s>ps</s>
<ref>waveset.accountId</ref>
</concat>
</Expansion>
</Field> -->
<!-- this is the real one, limited to create -->
<Field name=’waveset.accountId’>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
<Expansion>
<ref>activeSync.EMPLID</ref>
</Expansion>
</Field>
<!-- we need to make up a password for accounts that are being created. This picks
the last six digits of the SSN. -->
<Field name=’waveset.password’>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
<expression>
<s>change123456</s>
</expression>
</Field>
<Field name=’waveset.resources’>
<!-- <Disable><neq><ref>feedOp</ref><s>create</s></neq></Disable> -->
<!-- Don’t change the resources list if it already contains peoplesoft -->
<Disable>
<member>
<ref>activeSync.resourceName</ref>
<ref>waveset.resources</ref>
</member>
</Disable>
<expression>
<appendAll>
<ref>waveset.resources</ref>
<ref>activeSync.resourceName</ref>
</appendAll>
</expression>
</Field>
<!-- Status is mapped by the schema map to PS_JOB.EMPL_STATUS which has at least
four states -
A for active,
T terminated,
L laid off, and
S which is a pending change.
The audit data tells us what the state was, and the global data tells us what
it is. Based on the change we can disable or enable the account Note that this
can happen on a create also! -->
<Field>
<Disable>
<eq>
<ref>activeSync.Status</ref>
<s>A</s>
</eq>
</Disable>
<Field name=’waveset.disabled’>
<Expansion>
<s>true</s>
</Expansion>
</Field>
<FieldLoop for=’name’ in=’waveset.accounts[*].name’>
<Field name=’accounts[$(name)].disable’>
<expression>
<s>true</s>
</expression>
</Field>
</FieldLoop>
</Field>
<!-- Status is mapped by the schema map to PS_JOB.EMPL_STATUS which has at least
four states -
A for active,
T terminated,
L laid off, and
S which is a pending change.
This is the enable logic. It is disabled if the account status is <> A or is
already enabled -->
<Field>
<Disable>
<neq>
<ref>activeSync.Status</ref>
<s>A</s>
</neq>
</Disable>
<Field name=’waveset.disabled’>
<Disable>
<eq>
<ref>waveset.disabled</ref>
<s>false</s>
</eq>
</Disable>
<Expansion>
<s>false</s>
</Expansion>
</Field>
<FieldLoop for=’name’ in=’waveset.accounts[*].name’>
<Field name=’accounts[$(name)].disable’>
<Expansion>
<s>false</s>
</Expansion>
</Field>
</FieldLoop>
</Field>
</Form>
</Extension>
<MemberObjectGroups>
<ObjectRef type=’ObjectGroup’ id=’#ID#Top’ name=’Top’/>
</MemberObjectGroups>
</Configuration>
|
- © 2010, Oracle Corporation and/or its affiliates