Hi all, completely new to ARS / ARSWeb, I would need some details about the task I've been assigned to :
- ARS : version 7.5
In One Identity Active Roles Web 7.50, how can I create a form to allow an admin user to copy groups with a selection (not all at one, but choosing the groups to copy) from a domain user he belongs to to another user in the same domain ?
I tried to create a custom module in ARS but it copies all at one, I just need to select the groups I need to copy.
Thanks for all !
Nicolas
Bellow the custom script:
# Through the Web interface it is possible to copy group memberships from one user onto another one.
# This operation is executed throught a specific new command, "Copy Groups", which is linked to a
# new form that has an extended control called CMDNAME with the value "CopyGroups" (to execute the
# script hereunder only if the user modification comes from that form / command) and where it is
# possible to select the target user onto which the groups are copied. The target user is selected
# in the attribute "secretary".
#===========================================================================
# Main Function triggered when a user account is modified
#===========================================================================
function onPreModify($Request)
{
# Get the value of the form control named CMDNAME (defined when customizing a form and selecting
# Properties (of the form) and Extended Controls)
$FormControlActionName = GetInControl -Object $Request -ControlName 'CMDNAME'
# Specific controls when copying groups from a user to another one
if ($FormControlActionName -ne 'CopyGroups') { return } # Only process requests to copy groups
# If the attribute secretary is changed, get its value from the form and start the process to copy groups.
if (IsAttributeModified -AttributeName 'secretary' -Object $Request)
{
# Get the secretary attribute value and save it into the TargetUser variable
$TargetUser = GetAttribute -AttributeName 'secretary' -Object $request
# Copy groups only if the TargetUser is not empty
if ($TargetUser)
{
# Get the list of groups the original user is member of
$Groups = (Get-QADUser $Request.DN -Proxy -Properties memberof).memberOf
# For each group found, add the taget user to the same group.
foreach ($Group in $Groups) { Add-QADGroupMember -Proxy $Group -member $TargetUser }
# Clear the secretary attribute because the intention was not to populate the attribute, just use its value temporarily
$request.put('secretary',$null)
}
}
}
#===========================================================================
# IsAttributeModified
#===========================================================================
# This function determines if modification for the specified attribute
# is requested. It can be useful to force the script policy event handler
# to be triggered for the specified attribute modification only.
#
# Parameters
# strAttributeName - string with attribute name. It can be in any cases,
# for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
# object - the Request object. Please see ARS SDK for details about this
# object
# Return value
# $true - When specified by strAttributeName attribute is modified during
# request
# $false - When specified by strAttributeName attribute is not modified
# during request
# Remarks
# This function is applicable to onPreCreate, onPostCreate, onPreModify,
# onPostModify, and onCheckPropertyValues event handlers.
# Example
# $IsAttributeModified = IsAttributeModified -AttributeName 'EmployeeID' -Object $Request
#
function IsAttributeModified {
param(
[Parameter(Mandatory = $true,Position=0)][string]$AttributeName,
[Parameter(Mandatory = $true,Position=1)]$Object
)
$objEntry = $Object.GetPropertyItem($AttributeName, 3) #$ADSTYPE_CASE_IGNORE_STRING
if ($null -eq $objEntry) { return $false }
$nControlCode = $objEntry.ControlCode
if ($nControlCode -eq 0) { return $false }
return $true
}
#===========================================================================
# GetAttribute
#===========================================================================
# This function returns a value of the specified attribute of
# the specified object. It can be useful to prevent an error
# rising when the attribute has no value.
#
# Parameters
# strAttributeName - string with attribute name. It can be in
# any cases, for example "edsvaMyAttribute", "EDSVAMYATTRIBUTE"
# Request - the Request object. Please see ARS SDK for details
# about this object
# return value
# Integer, string, boolean value, or array of values - When specified by
# strAttributeName attribute has any values
# Empty value - specified by strAttributeName attribute has no value
# Remarks
# This function is applicable to onPreGet, onPostGet, onPreCreate,
# onPostCreate, onPreModify, onPostModify, and onCheckPropertyValues
# event handlers.
# Example
# $samAccountName = GetAttribute -strAttribute 'samAccountName' -Object $DirObj
#
function GetAttribute {
param(
[Parameter(Mandatory = $true,Position=0)][string]$AttributeName,
[Parameter(Mandatory = $true,Position=1)]$Object
)
trap { continue }
#Load Attribute into $Object
$Object.GetInfo(@($AttributeName),0)
#Return the Attribute value
return $Object.Get($AttributeName)
return $null
}
#===========================================================================
# GetInControl
#===========================================================================
# This function returns the control value of a control object from the $Request object
#
# Parameters
# Object - the $Request object
# ControlName - the name of the control of which to return the value
# return value
# the value of the control who's name has been passed to the function
# Remarks
# This function is applicable to any event handler and function.
# Example
# GetInControl -Object $Request -ControlName 'CMDNAME'
function GetInControl {
param(
[Parameter(Mandatory = $true, Position=0)]$Object,
[Parameter(Mandatory = $true, Position=1)][string]$ControlName
)
trap {continue}
return $Request.GetInControl($ControlName)
return $null
}