Video Screencast Help

LDAP Generator with eDirectory

Created: 15 Jun 2013 | 2 comments

I would like to create a web page for users to search for a user object in eDirectory and add an attribute to the user object if it doesn't exist or update the value of an attribute if does exist.

I have come across a few obstacles:

1.  Data types are limited to one object class.  What if I want to display attribute values from more than one object class?

2.  I don't see an update component with the LDAP Generator?  I only see add attributes, add entry, delete attributes, delet entry, and search.

Any help would be greatly appreciated!

Cindy

Operating Systems:

Comments 2 CommentsJump to latest comment

reecardo's picture

Regarding 2... correct, there doesn't seem to be an Update Entry component provided by the generator. You could try and build your own component using the Code (Script) component or the Script generator.

SyncUp's picture

Thank you for the feedback recardo.  I would like to try and build my own component, but that may take some time as I am failry new to Workflow.  In the meantime, this is my solution:

I am using the Execute Process and Wait (Run) Component as discussed in the video:

https://www-secure.symantec.com/connect/videos/wor...

This solution uses plink to log into a server where I can run my ldap commands against eDirectory.  My first attempt at downloading the latest version of plink did not work because the -no_in option is no longer valid.  I then downloaded the version described in the video and it worked perfectly.

This is my entry for File Name in the Execute Process and Wait (Run) component:  C:\Program Files\Quest Software\Putty\plink

I created a putty session for my host and included my login name and private key so that the login name and password are not required for plink.  Here is my entry for the arguments:

<putty_session> -no_in ./ldapmodDPRG.sh DPRGMember.ldif

I created a script on my Linux server called ldapmodDPRG.sh with the following contents:  (The username must be a user with access to modify the entry and is not necessarily the user to be modified.)

#!/bin/ksh
HOST=<hostname>.com
BIND_ID=cn=<username>,ou=users,o=idvault
PASS=<password>
ldapmodify -x -c -v -h $HOST -D $BIND_ID -w $PASS -f $1

I then created an ldif file, DPRGMember.ldif as follows: (Username is the name of the user's object to be modified.)

dn: cn=<username>,ou=users,o=idvault
changetype: modify
replace: DPRGMember
DPRGMember: TRUE

I can now take this and pass variables as needed for the user name and attribute values.