DESCRIPTION
This script provides the capability to convert a new or existing Group object to a Dynamic Group object with certain information being requested to add query information to the dynamic group object. In Preparation to use this scripted functionality make sure the following Attributes are added as virtual attributes:
edsvaDGConvertTo - mapped to object class group, Syntax is Boolean, Store values - Possible Value: True or False
edsvaDGFilterValue - mapped to object class group, Syntax is Directory String, Store values - Possible value: Anything, it is the searchstring value, which must fit to validate the group membership
edsvaDGScope - mapped to object class group, Syntax is Directory String, Store values - Possible value: the DN of the searchscope, in which the target objects are stored
edsvaDGReferencedAttribute - mapped to object class group, Syntax is Directory String, Store values - Possible value: The objectclass of the target object, which should be included for membership validation
Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
'===========================================================================
' Log
'===========================================================================
Sub Log (ByVal strMessage)
Dim objFSO, objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("c:\debug.txt", 8, True)
objFile.WriteLine (CStr(Now()) & " " & strMessage)
objFile.Close
End Sub ' Log
'Your script should be triggered after any modification of edsvaDGConvertTo attribute. Thus we have To add additional condition To Execute subroutine
Sub Execute(Request)
'--- consider that Request.Class can be "group", "Group", or "GROUP"
If (LCase(Request.Class) <> "group") Then Exit Sub
'--- trigger only If edsvaDGConvertTo Is modified
If (Not IsAttributeModified(Request, "edsvaDGConvertTo")) Then Exit Sub
'--- Request for used VAs
On Error Resume Next
strConvertTo = CStr(Request.Get("edsvaDGConvertTo"))
On Error GoTo 0
Call Log("edsvaDGConvertTo = " & strConvertTo)
If (strConvertTo = "False") Then
DirObj.GetInfo
DirObj.ConvertToRegularGroup
DirObj.SetInfo
Else
On Error Resume Next
strDGTargetObjectClass = CStr(Request.Get("edsvaDGTargetObjectClass"))
On Error GoTo 0
Call Log("edsvaDGFilterValue = " & strDGFilterValue)
On Error Resume Next
strDGFilterValue = CStr(Request.Get("edsvaDGFilterValue"))
On Error GoTo 0
Call Log("edsvaDGFilterValue = " & strDGFilterValue)
On Error Resume Next
strDGScope = CStr(Request.Get("edsvaDGScope"))
On Error GoTo 0
Call Log("edsvaDGScope = " & strDGScope)
On Error Resume Next
strDGReferencedAttribute = CStr(Request.Get("edsvaDGReferencedAttribute"))
On Error GoTo 0
Call Log("edsvaDGReferencedAttribute = " & strDGReferencedAttribute)
'--- DirObj is predefined object that refers to newly created group. See ARS SDk for details
DirObj.GetInfo
' Create a new Include by Query rule
Set objRule = CreateObject("EDSIManagedUnitCondition")
objRule.Base = "EDMS://" & strDGScope
objRule.Filter = "(&(objectClass="& strDGTargetObjectClass &")("& strDGReferencedAttribute & "=" & strDGFilterValue & "))"
objRule.Type = 1
DirObj.MembershipRuleCollection.Add objRule
DirObj.SetInfo
End If
End Sub
Sub onPostCreate(Request)
Call Execute(Request)
End Sub
Sub onPostModify(Request)
Call Execute(Request)
End Sub
Function EndsWith(strText, strEnd)
EndsWith = (Right(strText, Len(strEnd)) = strEnd)
End Function ' EndsWith
'***** END OF CODE ***************************************************************