Powered by Algolia

    LDAP User Synchronization Script

    The following script is an sample synchronization script to import user information from OpenLDAP to OpenIAM.

    import org.apache.commons.lang3.StringUtils
    import org.openiam.base.AttributeOperationEnum
    import org.openiam.idm.srvc.auth.dto.Login
    import org.openiam.idm.srvc.continfo.dto.Address
    import org.openiam.idm.srvc.continfo.dto.EmailAddress
    import org.openiam.idm.srvc.continfo.dto.Phone
    import org.openiam.idm.srvc.role.dto.Role
    import org.openiam.idm.srvc.synch.dto.LineObject
    import org.openiam.idm.srvc.user.dto.UserAttribute
    import org.openiam.idm.srvc.user.dto.UserStatusEnum
    import org.openiam.idm.srvc.user.dto.UserToRoleMembershipXref
    import org.openiam.provision.dto.ProvisionUser
    import org.openiam.provision.type.Attribute
    import org.openiam.sync.service.impl.service.AbstractUserTransformScript
    

    public class LdapUserTransformation extends AbstractUserTransformScript {
    

        @Override
        int execute(LineObject rowObj, ProvisionUser pUser) {
            println("Is New User: " + isNewUser)
            if (isNewUser) {
                pUser.id = null
            }
            populateObject(rowObj, pUser)
            pUser.status = UserStatusEnum.ACTIVE
            pUser.mdTypeId = "DEFAULT_USER"
            // Add default role
            addRole(pUser, "End User")
    

            pUser.setSkipPreprocessor(false)
            pUser.setSkipPostProcessor(false)
            return NO_DELETE
        }
    

        @Override
        void init() {}
    

        String IDENTITY_ATTRIBUTE = "uid"
    

        private void populateObject(LineObject rowObj, ProvisionUser pUser) {
    

            def attrVal
            Map<String, Attribute> columnMap = rowObj.columnMap
            attrVal = columnMap.get(IDENTITY_ATTRIBUTE)
            if (attrVal) {
                addAttribute(pUser, attrVal)
            }
    

    

            attrVal = columnMap.get("cn")
            if (attrVal) {
                addAttribute(pUser, attrVal)
            }
    

            attrVal = columnMap.get("dn")
            if (attrVal) {
                def dn = columnMap.get("dn")?.value
                addAttribute(pUser, attrVal)
            }
    

            attrVal = columnMap.get("givenName")
            if (attrVal) {
                pUser.firstName = attrVal.value
            }
    

            attrVal = columnMap.get("displayName")
            if (attrVal) {
                pUser.setNickname(attrVal?.value);
            }
    

            attrVal = columnMap.get("sn")
            if (attrVal) {
                pUser.lastName = attrVal.value
            }
    

            attrVal = columnMap.get("ou")
            if (attrVal) {
                addAttribute(pUser, attrVal)
            }
    

            attrVal = columnMap.get("title")
            if (attrVal) {
                pUser.title = attrVal.value
            }
    

            attrVal = columnMap.get("mail")
            //println("mail from ad: " + attrVal.value)
            if (attrVal) {
                println("mail from ad: " + attrVal.value)
                // Processing email address
                def emailAddress = new EmailAddress()
                emailAddress.name = "PRIMARY_EMAIL"
                emailAddress.default = true
                emailAddress.active = true
                emailAddress.emailAddress = attrVal.value
                emailAddress.mdTypeId = "PRIMARY_EMAIL"
                addEmailAddress(pUser, emailAddress)
    

            } else {
                println("mail attribute was not found")
            }
    

    

            println(" - Processing Phone objects: ")
    

            attrVal = columnMap.get("mobile")
            if (attrVal) {
                println("add mobile")
                String[] split = StringUtils.split(attrVal.value, " ");
                if (split.size() == 2) {
                    def phone = new Phone()
                    phone.name = "CELL_PHONE"
                    phone.areaCd = split[0]
                    phone.countryCd = "+1"
                    phone.phoneNbr = split[1]
                    phone.mdTypeId = "CELL_PHONE"
                    addPhone(pUser, phone)
                }
            }
    

            attrVal = columnMap.get("telephoneNumber")
            if (attrVal) {
                println("add telephoneNumber")
                String[] split = StringUtils.split(attrVal.value, " ");
                if (split.size() == 2) {
                    println("tel: " + split[0] + split[1]);
                    def phone = new Phone()
                    phone.name = "OFFICE_PHONE"
                    phone.areaCd = split[0]
                    phone.phoneNbr = split[1]
                    phone.countryCd = "+1"
                    phone.mdTypeId = "OFFICE_PHONE"
                    addPhone(pUser, phone)
                }
    

            }
    

    

            if (isNewUser) {
                println(" - Processing PrincipalName and DN")
                attrVal = columnMap.get(IDENTITY_ATTRIBUTE)
                if (attrVal) {
    

                    // PRE-POPULATE THE USER LOGIN. IN SOME CASES THE COMPANY WANTS TO KEEP THE LOGIN THAT THEY HAVE
                    // THIS SHOWS HOW WE CAN DO THAT
    

                    def lg = new Login()
                    lg.operation = AttributeOperationEnum.ADD
                    lg.login = attrVal.value
                    lg.managedSysId = "0"
                    lg.setActive(true)
                    pUser.principalList.add(lg)
    

                    Login lg2 = new Login()
                    lg2.operation = AttributeOperationEnum.ADD
                    lg2.login = attrVal.value
                    lg2.managedSysId = config.getManagedSysId()
                    lg2.setActive(true)
                    pUser.principalList.add(lg2)
    

                }
            }
        }
    

        def addEmailAddress(ProvisionUser pUser, EmailAddress emailAddress) {
            if (!isNewUser) {
                for (EmailAddress e : pUser.emailAddresses) {
                    if (emailAddress.mdTypeId.equalsIgnoreCase(e.mdTypeId)) {
                        e.setEmailAddress(emailAddress.getEmailAddress())
                        e.setOperation(AttributeOperationEnum.REPLACE)
                        return
                    }
                }
            }
            emailAddress.setOperation(AttributeOperationEnum.ADD)
            pUser.emailAddresses.add(emailAddress)
        }
    

       
        def addPhone(ProvisionUser pUser, Phone phone) {
            if (!isNewUser) {
                for (Phone p : pUser.phones) {
                    if (phone.mdTypeId.equalsIgnoreCase(p.mdTypeId)) {
                        p.setAreaCd(phone.getAreaCd())
                        p.setPhoneNbr(phone.getPhoneNbr())
                        p.setCountryCd(phone.getCountryCd())
                        p.setOperation(AttributeOperationEnum.REPLACE)
                        return
                    }
                }
            }
            phone.setOperation(AttributeOperationEnum.ADD)
            pUser.phones.add(phone)
        }
    

        def addAddress(ProvisionUser pUser, Address address) {
            if (!isNewUser) {
                for (Address a : pUser.addresses) {
                    if (address.mdTypeId.equalsIgnoreCase(a.mdTypeId)) {
                        a.setBldgNumber(address.getBldgNumber());
                        a.setDescription(address.getDescription());
                        a.setAddress1(address.getAddress1());
                        a.setAddress2(address.getAddress2());
                        a.setAddress3(address.getAddress3());
                        a.setAddress4(address.getAddress4());
                        a.setActive(address.isActive());
                        a.setOperation(AttributeOperationEnum.REPLACE)
                        return
                    }
                }
            }
            address.setOperation(AttributeOperationEnum.ADD)
            pUser.addresses.add(address)
        }
    

    

        def addAttribute(ProvisionUser pUser, Attribute attr) {
            if (attr?.name) {
                def userAttr = new UserAttribute(attr.name, attr.value)
                userAttr.operation = AttributeOperationEnum.ADD
                if (!isNewUser) {
                    for (String name : pUser.userAttributes.keySet()) {
                        if (name.equalsIgnoreCase(attr.name)) {
                            pUser.userAttributes.remove(name)
                            userAttr.operation = AttributeOperationEnum.REPLACE
                            break
                        }
                    }
                }
                pUser.userAttributes.put(attr.name, userAttr)
                println("Attribute '" + attr.name + "' added to the user object.")
            }
        }
    

        def addRole(ProvisionUser pUser, String roleName) {
            if (!isNewUser) {
                def foundRole = pUser.roles.find { r -> r.name == roleName }
                if (foundRole) {
                    return
                }
            }
            Role role = this.getRoleByName(roleName);
            println("Role from system ${role.id}")
            if (role) {
                UserToRoleMembershipXref roleMembershipXref = new UserToRoleMembershipXref()
                roleMembershipXref.setEntityId(role.getId());
                roleMembershipXref.setMemberEntityId(pUser.getId());
                roleMembershipXref.operation = AttributeOperationEnum.ADD;
                pUser.roles.add(roleMembershipXref);
            } else {
                println "Role with name " + roleName + " was not found"
            }
        }
    }
    Previous
    Synchronization Validation Script
    Next
    LDAP Attribute list for User Synchronization