Sample transformation script for AD users and group memberships

The text for transformation script (with comments) to get users and their group memberships for Active Directory instances with a connector is given below.

import org.openiam.base.AttributeOperationEnum
import org.openiam.idm.searchbeans.GroupSearchBean
import org.openiam.idm.srvc.auth.dto.Login
import org.openiam.idm.srvc.continfo.dto.EmailAddress
import org.openiam.idm.srvc.synch.dto.LineObject
import org.openiam.idm.srvc.user.dto.UserStatusEnum
import org.openiam.provision.dto.ProvisionUser
import org.openiam.provision.type.Attribute
import org.openiam.idm.srvc.grp.dto.Group
import org.apache.commons.collections.CollectionUtils
import org.openiam.sync.service.impl.service.AbstractUserTransformScript

public class ADPowerShellTransformation extends AbstractUserTransformScript {

    @Override
    int execute(LineObject rowObj, ProvisionUser pUser) {
        populateObject(rowObj, pUser)
        pUser.status = UserStatusEnum.ACTIVE
        pUser.mdTypeId = "DEFAULT_USER"
        // Add default role
        addUserRoleByName(pUser, "End User", null, null, null, null, null)
        pUser.setSkipPreprocessor(false)
        pUser.setSkipPostProcessor(false)
        return NO_DELETE
    }

    @Override
    void init() {}

    private void populateObject(LineObject rowObj, ProvisionUser pUser) {

        def attrVal
        Map<String, Attribute> columnMap = rowObj.columnMap
        /*  for (Map.Entry<String, Attribute> entry : columnMap.entrySet()) {
              addAttribute(pUser, entry.value)
          }*/

        attrVal = columnMap.get("Name")
        if (attrVal) {
            addUserAttribute(pUser, attrVal.getName(), attrVal.getValue())
        }

        attrVal = columnMap.get("GivenName")
        if (attrVal) {
            pUser.firstName = attrVal.value
        }

        attrVal = columnMap.get("Surname")
        if (attrVal) {
            pUser.middleInit = attrVal.value
        }

        attrVal = columnMap.get("DisplayName")
        if (attrVal) {
            pUser.setNickname(attrVal?.value);
        }

        attrVal = columnMap.get("Surname")
        if (attrVal) {
            pUser.lastName = attrVal.value
        }

        //uncomment this line to send email notification to the user
        /* if(isNewUser){
            pUser.emailCredentialsToNewUsers = true;
        }*/

        def memberOf = columnMap.get("memberOf");
        if (memberOf) {
            final Set<String> groupSet = new HashSet<>();

            if (memberOf.isMultiValued()) {
                groupSet.addAll(memberOf.getValueList());
            } else {
                groupSet.add(memberOf.getValue());
            }

            for (String dn : groupSet) {
                addUserGroupByAttribute(pUser, "DistinguishedName", dn, CERTIFIED_RIGHT_SET, null, null, null);
            }
        }

        List<Group> currentGroups = new ArrayList<>();

        if (pUser.getId()) {
            final Set<String> usrIds = new HashSet<>();
            usrIds.add(pUser.getId());
            final GroupSearchBean gsb = new GroupSearchBean();
            gsb.setUserIdSet(usrIds);
            gsb.setMetadataTypes(Set.of("AD_GROUP"));
            currentGroups = groupRabbitMQService.findBeans(gsb, null, 0, Integer.MAX_VALUE);
        }

        if (CollectionUtils.isNotEmpty(currentGroups)) {  
            currentGroups.forEach{ Group current ->
                if (pUser.getGroup(current.getId()) && (pUser.getGroup(current.getId()).getOperation() == AttributeOperationEnum.NO_CHANGE ||
                        //if rights are not empty - it means user either admin or owner selected for the access certification
                        CollectionUtils.isEmpty(pUser.getGroup(current.getId()).getRights())) && pUser.getGroup(current.getId()).getEndDate() == null) {
                    println("Removing group: " + current.getName());
                    pUser.removeGroup(current);
                }
            }
        }
    

        attrVal = columnMap.get("EmailAddress")
        if (!attrVal) {
            attrVal = columnMap.get("UserPrincipalName")
        }

        if (attrVal) {
            // Processing email address
            addUserAttribute(pUser, attrVal.getName(), attrVal.getValue())
            def emailAddress = new EmailAddress()
            emailAddress.name = "PRIMARY_EMAIL"
            emailAddress.default = true
            emailAddress.active = true
            emailAddress.emailAddress = attrVal.value
            emailAddress.mdTypeId = "PRIMARY_EMAIL"
            addUserEmailAddress(pUser, emailAddress)
        }

        attrVal = columnMap.get(config.getMatchSrcFieldName())

        if (isNewUser) {

            //attrVal = columnMap.get("sAMAccountName")
            if (attrVal) {


                // PRE-POPULATE THE USER LOGIN. IN SOME CASES THE COMPANY WANTS
                // TO KEEP THE LOGIN THAT THEY HAVE
                // THIS SHOWS HOW WE CAN DO THAT

                def lg = new Login()
                lg.operation = AttributeOperationEnum.ADD
                lg.login = attrVal.value
                lg.managedSysId = "0"
                lg.setActive(true)
                pUser.principalList.add(lg)

                /*Login lg2 = new Login()
                lg2.operation = AttributeOperationEnum.ADD
                lg2.login = attrVal.value
                lg2.managedSysId = config.getManagedSysId()
                lg2.setActive(true)
                pUser.principalList.add(lg2)*/

            }
        }
    }


}