Usage Notes

The customer-supplied scripts called by the Scripted JDBC adapter must be written in Javascript or BeanShell. Identity Manager stores these scripts in the Identity Manager repository as named ResourceAction objects.

Each Scripted JDBC resource instance is configured through a set of resource attributes that reference the appropriate ResourceAction objects by name. At run-time, the adapter

Run-Time Adapter Actions

1. Loads the script from the ResourceAction corresponding to the current provisioning action (such as create, delete, or update).

2. Prepares the necessary Java input objects to make them available to the script.

3. Invokes the script.

4. Processes the result returned (or exceptions/errors) from the script.

   The remainder of these Usage Notes describes the Scripted JDBC adapter provisioning actions and the expected behavior for a script assigned to each provisioning action.

   Scripts should never close the JDBC Connection that is passed to them. The adapter automatically closes the connection at the appropriate time.

   See the file hierarchy under sample/ScriptedJdbc folder.

   Each example subfolder (SimpleTable, MultiValue, and StoredProc) contains a README.txt file that explains the set of files used in that example.

   The Scripted JDBC adapter supports end-user scripting for the following provisioning actions:

   Action	Description	Required?
   create	Create a new user	No, but if not provided, you cannot create users
   delete	Delete an existing user	No, but if not provided, you cannot delete users
   disable	Natively disable an existing user	No, but if not provided, you cannot natively disable users
   enable	Natively enable an existing user	No, but if not provided, you cannot natively enable users
   getAccountIterator	Return an object used to perform iteration of existing users.	No, but if you do not provide either getAccountIterator or listAll, you cannot perform account iteration
   getActiveSyncIterator	Return an object used to perform Active Sync iteration	No, but if not provided, Active Sync is not supported
   test	Perform a custom test during Test Configuration	No.
   getUser	Fetch attributes for an existing user	No, but if not provided, user actions are not supported
   listAll	Return a list of existing user (or other object type) IDs	No, but if you do not provide getAccountIterator or listAll, you cannot perform account iteration
   update	Update attributes, rename, or change password of an existing user	No, but if not provided, you cannot modify, rename, or change user passwords
   authenticate	Verify user ID and password	No, but required to perform pass-through authentication

   Every action script receives an actionContext map, as defined by the java.util.Map class. The possible map content varies for each action.

   For additional information about the actions listed in the previous table, see the following sections in this chapter:

   • create Action

   • getUser Action

   • delete Action

   • update Action

   • enable Action

   • disable Action

   • listAll Action

   • getAccountIterator Action

   • getActiveSyncIterator Action

   • authenticate Action

   • test Action

   • getActiveSyncIterator Action

   In addition to a description of these action, each section provides the following information:

   • Context. This section describes the set of entries that are available in the actionContext map the adapter adds into the JavaScript execution context before the script executes.

   • Error Handling. This section describes how the script is expected to handle abnormal or error conditions.