Lists in single-selection and multiselection text boxes are often populated with choices that are derived from information from external resources. You can populate lists dynamically with this information by calling one of the FormUtil methods supplied by Sun. These common methods can perform the following tasks:
Obtain a list of resource object names
Obtain a List of Resource Objects without Map Options
Build DN strings
Retrieve a list of accessible object types
Retrieve a list of object types accessible by the session owner
Get a list of organizations with prefixes
Get a list of organizations without prefixes
Get a list of organizations display names with prefixes
Retrieve a list of applications unassigned to the user
For information on the <Select> and <MultiSelect> components and the allowedValues property, see the section titled Populating Lists.
To search for or request information on a resource and import it into Identity Manager, you must use object definitions supported by Identity Manager.
The following table lists the object types supported by Identity Manager.
Table 2–16 Supported Resource Object Types
Supported Object Types |
Description |
---|---|
account |
List of user accounts IDs |
Administrator_Groups |
Names of the administrative groups to which a user can belong |
Applications |
List of applications |
Distribution Lists |
List of email distribution aliases |
Entitlements |
List of PKI entitlements |
group |
List of security and distribution list group objects |
Group |
Security groups |
Nodes |
List of SP2 nodes |
PostOffices |
List of GroupWise post offices |
profile |
List of top secret profiles |
PROFILE |
List of Oracle profiles from the DBA_PROFILES table |
ROLE |
List of Oracle roles from the DBA_ROLES table |
shell |
List of available UNIX shells |
Template |
List of NDS Templates |
USERS |
List of Oracle profiles from the DBA_USERS table |
UnassignedTokens |
List of available unassigned tokens |
User_Properties |
List of user property definitions |
To obtain a list of object names defined for your particular resource, use the listResourceObjects method. You can obtain a list with or without map options. Map options are used only on resources that have a directory structure that permit the filtering of returned values to a single container instead of returning the complete list.
To ensure that you get the resource object list from the resource and not from the server’s cache, first invoke the clearResourceObjectListCache() method or set the cacheList argument to false. However, using the cache improves performance on large lists. The resource is contacted only once, and the results are stored on the cache. Consequently, Sun recommends using the cache.
In addition, you can specify a set of one or more key/string value pairs that are specific to the resource from which the object list is being requested.
The following table lists the object types that are supported by each resource.
Table 2–17 Supported Object Types
Resource |
Supported Object Types |
---|---|
AIX |
account, Group |
ACF2 |
account |
ClearTrust |
account, Group, group, Administrator_Groups, Applications, Entitlements, User_Properties |
Entrust |
Group, Role |
GroupWise |
account, Distribution Lists, PostOffices |
HP-UX |
account, Group, shell |
LDAP |
account, Group |
Oracle |
USERS, ROLE, PROFILE |
NDS |
account, Group |
PeopleSoft |
account |
RACF |
account, Group |
SAP |
account, table, profiles, activitygroups |
SecurID |
UnassignedTokens |
SP2 |
Nodes |
Solaris |
account, Group, shell |
TopSecret |
account |
VMS |
account |
Windows Active Directory |
account, Group You can specify any Active Directory valid object class name as an object type. (A list of object class names can be found in the Active Directory schema documentation.) The list returned contains the distinguished names of the objects. By default, the method searches in the container that is specified by the Container resource attribute. However, you can specify a container as an option to the listResourceObjects call. Its value should be the distinguished name of a container. Only objects within that container are listed. |
To obtain a list of resource objects without map options, specify the resource object type and resource name. Note: Some resources support acting on a subset of a list. You can do this by specifying a starting directory.
In the following example:
The <UnassignedTokens> string identifies the resource object type that you want to get. Other common resource object types are groups, distribution lists, and accounts.
The <SecurID> string identifies the resource from which the object type is retrieved.
null value indicates no map options.
value of true tells the server to cache the results.
<invoke name=’listResourceObjects’ class=’com.waveset.ui.FormUtil’> <ref>:display.session</ref> <s>UnassignedTokens</s> <s>SecurID</s> <null/> <s>false</s> </invoke>
To obtain a list of resource objects with map options, specify the resource object type, resource name, and a map option that defines the directory to start the search in. The resource must be directory-based.
For example, you can get a list of all Active Directory groups in the Software Access directory by building a map option that performs the search in the directory path (ou=Software Access, dc=mydomain, dc=com).
Example:
In the following example
The Group string identifies the resource object type that you want to get. Strings that identify resource object types are identified in the table titled Available Resource Object Types.
The AD string identifies the resource name from which to retrieve the object type. Map options specify the directory from which to retrieve the list.
A value of true tells the server to cache the results.
A value of false tells the server not to cache the results.
<invoke name=’listResourceObjects’ class=’com.waveset.ui.FormUtil’> <ref>:display.session</ref> <s>Group</s> <s>AD</s> <Map> // This allows you to return a list of groups only in and below the specified container/organizational unit <MapEntry key=’container’ value=’LDAP://hostX.domainX.com/cn=Users,dc=domainX,dc=com’/> </Map> <s>false</s> </invoke>
With a given user ID and base context, you can dynamically build a list of distinguished names or a single distinguished name. This method does not return a list and is typically used within an Expansion rule.
You can dynamically build a list of DN strings if you specify a user ID and base context.
The following example shows how to use user IDs and base context to build a dynamic list of DN strings.
The following code first defines the base context to append to users.
<Field name=’baseMemberContextContractor’> <Default> <s>ou=Contractors,dc=example,dc=com</s> </Default> </Field> <Field name=’baseMemberContextEmployee’> <Default> <s>ou=Employees,dc=example,dc=com</s> </Default> </Field>
The user of this form enters data in the following field. This is a likely place for providing a dynamically generated list of user IDs.
<Field name=’userIds’> <Display class=’TextArea’> <Property name=’title’ value=’UserIds’/> </Display> </Field>
The following hidden field includes logic that calculates values.
<Field name=’Members’> <Expansion> <switch> // Look at the role assigned to the users <ref>waveset.role</ref> <case> // If user has "Contractor Role" then build DN like this: // ex: CN=jsmith,ou=Contractors,dc=example,dc=com <s>Contractor Role</s> <invoke name=’buildDns’ class=’com.waveset.ui.FormUtil’> <ref>userId</ref> <ref>baseMemberContextContractor</ref> </invoke> </case> <case> // Otherwise, if user has "Employee Role", then build DN like this: // ex: CN=jdoe,ou=Employees,dc=example,dc=com s>Employee Role</s> <invoke name=’buildDns’ class=’com.waveset.ui.FormUtil’> <ref>userId</ref> <ref>baseMemberContextEmployee</ref> </invoke> </case> </switch> </Expansion> </Field>
You can call the buildDn method to populate a list or text area with a single DN. Example:
<invoke name=’buildDn’ class=’com.waveset.ui.FormUtil’> <s>jdoe</s> <s>dc=example,dc=com</s> </invoke>
This example returns CN=jdoe,dc=example,dc=com.