Calling Methods to Populate Lists (Sun Identity Manager Deployment Reference)

Sun Identity Manager Deployment Reference

Calling Methods to Populate Lists

Lists in single-selection and multiselection text boxes are often populated with choices that are derived from information from external resources. You can populate lists dynamically with this information by calling one of the FormUtil methods supplied by Sun. These common methods can perform the following tasks:

Obtain a list of resource object names
Obtain a List of Resource Objects without Map Options
Build DN strings
Retrieve a list of accessible object types
Retrieve a list of object types accessible by the session owner
Get a list of organizations with prefixes
Get a list of organizations without prefixes
Get a list of organizations display names with prefixes
Retrieve a list of applications unassigned to the user

For information on the <Select> and <MultiSelect> components and the allowedValues property, see the section titled Populating Lists.

Understanding Resource Object Names

To search for or request information on a resource and import it into Identity Manager, you must use object definitions supported by Identity Manager.

The following table lists the object types supported by Identity Manager.

Table 2–16 Supported Resource Object Types


Supported Object Types	Description
account	List of user accounts IDs
Administrator_Groups	Names of the administrative groups to which a user can belong
Applications	List of applications
Distribution Lists	List of email distribution aliases
Entitlements	List of PKI entitlements
group	List of security and distribution list group objects
Group	Security groups
Nodes	List of SP2 nodes
PostOffices	List of GroupWise post offices
profile	List of top secret profiles
PROFILE	List of Oracle profiles from the DBA_PROFILES table
ROLE	List of Oracle roles from the DBA_ROLES table
shell	List of available UNIX shells
Template	List of NDS Templates
USERS	List of Oracle profiles from the DBA_USERS table
UnassignedTokens	List of available unassigned tokens
User_Properties	List of user property definitions

Obtaining a List of Resource Object Names

To obtain a list of object names defined for your particular resource, use the listResourceObjects method. You can obtain a list with or without map options. Map options are used only on resources that have a directory structure that permit the filtering of returned values to a single container instead of returning the complete list.

To ensure that you get the resource object list from the resource and not from the server’s cache, first invoke the clearResourceObjectListCache() method or set the cacheList argument to false. However, using the cache improves performance on large lists. The resource is contacted only once, and the results are stored on the cache. Consequently, Sun recommends using the cache.

In addition, you can specify a set of one or more key/string value pairs that are specific to the resource from which the object list is being requested.

The following table lists the object types that are supported by each resource.

Table 2–17 Supported Object Types


Resource	Supported Object Types
AIX	account, Group
ACF2	account
ClearTrust	account, Group, group, Administrator_Groups, Applications, Entitlements, User_Properties
Entrust	Group, Role
GroupWise	account, Distribution Lists, PostOffices
HP-UX	account, Group, shell
LDAP	account, Group
Oracle	USERS, ROLE, PROFILE
NDS	account, Group
PeopleSoft	account
RACF	account, Group
SAP	account, table, profiles, activitygroups
SecurID	UnassignedTokens
SP2	Nodes
Solaris	account, Group, shell
TopSecret	account
VMS	account
Windows Active Directory	account, Group You can specify any Active Directory valid object class name as an object type. (A list of object class names can be found in the Active Directory schema documentation.) The list returned contains the distinguished names of the objects. By default, the method searches in the container that is specified by the Container resource attribute. However, you can specify a container as an option to the `listResourceObjects` call. Its value should be the distinguished name of a container. Only objects within that container are listed.

Obtaining a List of Resource Objects without Map Options

To obtain a list of resource objects without map options, specify the resource object type and resource name. Note: Some resources support acting on a subset of a list. You can do this by specifying a starting directory.

In the following example:

The <UnassignedTokens> string identifies the resource object type that you want to get. Other common resource object types are groups, distribution lists, and accounts.
The <SecurID> string identifies the resource from which the object type is retrieved.
null value indicates no map options.

value of true tells the server to cache the results.

      <invoke name=’listResourceObjects’
         class=’com.waveset.ui.FormUtil’>
            <ref>:display.session</ref>
            <s>UnassignedTokens</s>
            <s>SecurID</s>
            <null/>
            <s>false</s>
      </invoke>

Obtaining a List of Resource Objects with Map Options

To obtain a list of resource objects with map options, specify the resource object type, resource name, and a map option that defines the directory to start the search in. The resource must be directory-based.

For example, you can get a list of all Active Directory groups in the Software Access directory by building a map option that performs the search in the directory path (ou=Software Access, dc=mydomain, dc=com).

Example:

In the following example

The Group string identifies the resource object type that you want to get. Strings that identify resource object types are identified in the table titled Available Resource Object Types.
The AD string identifies the resource name from which to retrieve the object type. Map options specify the directory from which to retrieve the list.
A value of true tells the server to cache the results.
A value of false tells the server not to cache the results.

<invoke name=’listResourceObjects’ class=’com.waveset.ui.FormUtil’>
   <ref>:display.session</ref>
   <s>Group</s>
   <s>AD</s>
   <Map>
     // This allows you to return a list of groups only in
        and below the specified container/organizational unit
      <MapEntry key=’container’ 
                value=’LDAP://hostX.domainX.com/cn=Users,dc=domainX,dc=com’/>
   </Map>
   <s>false</s>
</invoke>

Building DN Strings

With a given user ID and base context, you can dynamically build a list of distinguished names or a single distinguished name. This method does not return a list and is typically used within an Expansion rule.

Building a Dynamic List of DN strings

You can dynamically build a list of DN strings if you specify a user ID and base context.

The following example shows how to use user IDs and base context to build a dynamic list of DN strings.

The following code first defines the base context to append to users.

<Field name=’baseMemberContextContractor’>
   <Default>
      <s>ou=Contractors,dc=example,dc=com</s>
   </Default>
</Field>
<Field name=’baseMemberContextEmployee’>
   <Default>
      <s>ou=Employees,dc=example,dc=com</s>
   </Default>
</Field>

The user of this form enters data in the following field. This is a likely place for providing a dynamically generated list of user IDs.

 <Field name=’userIds’>
   <Display class=’TextArea’>
      <Property name=’title’ value=’UserIds’/>
   </Display>
</Field>

The following hidden field includes logic that calculates values.

<Field name=’Members’>
   <Expansion>
      <switch>
      // Look at the role assigned to the users
      <ref>waveset.role</ref>
      <case>
      // If user has "Contractor Role" then build DN like this:
      // ex: CN=jsmith,ou=Contractors,dc=example,dc=com
         <s>Contractor Role</s>
         <invoke name=’buildDns’ class=’com.waveset.ui.FormUtil’>
            <ref>userId</ref>
            <ref>baseMemberContextContractor</ref>
         </invoke>
      </case>
      <case>
// Otherwise, if user has "Employee Role", then build DN like this:
         // ex: CN=jdoe,ou=Employees,dc=example,dc=com
         s>Employee Role</s>
         <invoke name=’buildDns’ class=’com.waveset.ui.FormUtil’>
            <ref>userId</ref>
            <ref>baseMemberContextEmployee</ref>
         </invoke>
         </case>
      </switch>
   </Expansion>
</Field>

Building a Single DN String

You can call the buildDn method to populate a list or text area with a single DN. Example:

<invoke name=’buildDn’ class=’com.waveset.ui.FormUtil’>
   <s>jdoe</s>
   <s>dc=example,dc=com</s>
</invoke>

This example returns CN=jdoe,dc=example,dc=com.