<Source>
import java.util.*;
import java.io.IOException;
import javax.faces.context.FacesContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.log4j.Logger;
import sailpoint.api.SailPointContext;
import sailpoint.api.IdentityService;
import sailpoint.api.ObjectUtil;
import sailpoint.api.PersistenceManager;
import sailpoint.api.Provisioner;
import sailpoint.connector.ADLDAPConnector;
import sailpoint.connector.Connector;
import sailpoint.object.*;
import sailpoint.object.Application;
import sailpoint.object.Attributes;
import sailpoint.object.Custom;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.object.ManagedAttribute;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.QueryOptions;
import sailpoint.tools.CloseableIterator;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Message;
import sailpoint.tools.Util;
import sailpoint.workflow.WorkflowContext;
// Disable AD Account and Move AD account from one OU to another OU
public ProvisioningPlan buildMoveADAccountsPlan(WorkflowContext wfc)
throws GeneralException{
String methodName = "buildMoveADAccountsPlan";
Logger ruleLog = Logger.getLogger("RuleLog");
String nativeIdentity = null;
String newOU = null;
System.out.println("Entering into buildMoveADAccountsPlan rule");
ruleLog.error("Entering into buildMoveADAccountsPlan rule");
if (ruleLog.isDebugEnabled()) {ruleLog.error("Entering into buildMoveADAccountsPlan rule");}
Attributes args = wfc.getArguments();
System.out.println("Attributes = "+args);
ruleLog.error("Attributes = "+args);
String op = Util.getString(args, "op");
System.out.println("Operation = "+op);
ruleLog.error("Operation = "+op);
if ( op == null ){
throw new GeneralException("Operation (op) must be specified.");
}
ProvisioningPlan plan = new ProvisioningPlan();
SailPointContext context = wfc.getSailPointContext();
System.out.println("SailPointContext = "+context);
ruleLog.error("SailPointContext = "+context);
// Custom settings = context.getObjectByName(Custom.class, "Custom Settings");
String identityName = Util.getString(args, "identityName");
System.out.println("identityName = "+identityName);
ruleLog.error("identityName = "+identityName);
if (ruleLog.isDebugEnabled()) {
System.out.println("Processing identity " + identityName);
ruleLog.error("Processing identity " + identityName);
}
Identity identity = context.getObjectByName(Identity.class, identityName);
if (null != identity) {
plan.setIdentity(identity);
// Get a list of AD applications
List appList = getADApps();
System.out.println("appList = "+appList);
ruleLog.error("appList = "+appList);
IdentityService identityService = new IdentityService(context);
for (Application app : appList) {
List links = identityService.getLinks(identity, app);
System.out.println("List of links are = "+links);
ruleLog.error("List of links are = "+links);
// Application application = context.getObjectByName(Application.class, app);
String appType = app.getType();
System.out.println("appType is = "+appType);
ruleLog.error("appType is = "+appType);
if ("Active Directory - Direct".equals(app.getType())){
Attributes attributes = app.getAttributes();
System.out.println("Attributes are : "+attributes);
ruleLog.error("Attributes are : "+attributes);
List searchdns = attributes.getList("searchDNs");
System.out.println("searchdns are : "+searchdns);
ruleLog.error("searchdns are : "+searchdns);
/* List dn = list.get("searchDN");
System.out.println("dn are : "+dn);
ruleLog.error("dn are : "+dn);*/
Iterator itr = searchdns.iterator();
while(itr.hasNext()){
String searchDN = itr.next().get("searchDN").toString();
System.out.println("Users OU is : "+searchDN);
ruleLog.error("Users OU is : "+searchDN);
boolean flag = searchDN.toLowerCase().contains("disabled users");
//boolean flag = searchDN.toLowerCase().contains("Disabled Users");
System.out.println("flag... : "+flag);
ruleLog.error("flag..... : "+flag);
if(flag){
System.out.println("Disabled Users OU is... : "+searchDN);
ruleLog.error("Disabled Users OU is..... : "+searchDN);
}
}
}
if ((null != links) && !links.isEmpty()) {
for (Link link : links) {
nativeIdentity = link.getNativeIdentity();
System.out.println("nativeIdentity is : "+nativeIdentity);
ruleLog.error("nativeIdentity is : "+nativeIdentity);
// Disable the AD account
if (ruleLog.isDebugEnabled()){
ruleLog.error("Disabling account " + link.getNativeIdentity() + " in application " + link.getApplicationName());
}
AccountRequest acctReq = new AccountRequest();
acctReq.setApplication(link.getApplicationName());
acctReq.setInstance(link.getInstance());
acctReq.setNativeIdentity(nativeIdentity);
acctReq.setOperation(AccountRequest.Operation.Disable);
// acctReq.add(new AttributeRequest("IIQDisabled","true"))
// String dn = link.getAttribute("distinguishedName");
if(op.equals("Disable")) {
if (nativeIdentity.toLowerCase().contains("dc=mightypedia,dc=com")) {
//newOU = "ou=Disabled Users,dc=maxcrc,dc=com";
newOU="ou=Disabled Users,dc=mightypedia,dc=com";
//newOU = settings.get("Disabled Users");
//System.out.println("newOU is : "+newOU);
System.out.println("cn=" +nativeIdentity+","+"Dynamically getting Disable OU is : "+newOU);
log.error("cn=" +nativeIdentity+","+"Dynamically getting Disable OU is : "+newOU);
}
}
if(ruleLog.isDebugEnabled()){System.out.println("Moving to : "+newOU);ruleLog.error("Moving to : "+newOU);}
if(null!=newOU&&!newOU.equalsIgnoreCase(getParentContainerDN(nativeIdentity))){
AccountRequest acctReq = new AccountRequest();
acctReq.setApplication(link.getApplicationName());
// acctReq.setInstance(link.getInstance());
acctReq.setNativeIdentity(link.getNativeIdentity());
acctReq.setOperation(AccountRequest.Operation.Modify);
// AttributeRequest attReq = new AttributeRequest();
// attReq.setName("AC_NewParent");
// attReq.setValue(newOU);
// attReq.setOp(ProvisioningPlan.Operation.Set);
// acctReq.add(attReq);
acctReq.add(new AttributeRequest ("AC_NewParent", ProvisioningPlan.Operation.Set, newOU));
plan.setIdentity(identity);
plan.add(acctReq);
System.out.println("*************Compiling starts for ProvisioningPlan*******************");
Provisioner provisioner = new Provisioner(context);
ProvisioningProject project = provisioner.compile(plan);
provisioner.execute(project);
System.out.println("*****************Compilation has completed for ProvisioningPlan *********");
}
}
}
}
}
if(ruleLog.isDebugEnabled()){
System.out.println("Returning plan: "+plan.toXml());ruleLog.error("Returning plan: "+plan.toXml());
}
return plan;
}
// Get the parent container DN of an LDAP full DN
public String getParentContainerDN(String dn) {
String methodName = "getParentContainerDN";
System.out.println("Entering into the method : "+methodName);
LdapName ln = new LdapName(dn);
String parentDN = ln.getPrefix(ln.size() - 1).toString();
System.out.println("Parent ContainerDN : "+parentDN);
System.out.println("Exiting from the method : "+methodName);
return parentDN;
}
// Get a list of all the AD applications
public List getADApps() {
String methodName = "getADApps";
Logger ruleLog = Logger.getLogger("rule.RuleLog");
System.out.println("Entering into the method : " + methodName);
ruleLog.error("Entering into the method : " + methodName);
List appList = new ArrayList();
QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.eq("connector", "sailpoint.connector.ADLDAPConnector"));
Iterator it = context.search(Application.class, qo);
while (it.hasNext()) {
Application thisApplication = it.next();
if (ruleLog.isDebugEnabled()) {
System.out.println("Found AD application " + thisApplication.getName());
ruleLog.error("Found AD application " + thisApplication.getName());
}
appList.add(thisApplication);
}
if (appList.isEmpty()) {
System.out.println("No AD Directory applications found");
ruleLog.error("No AD Directory applications found");
}
System.out.println("Exiting from the method : " + methodName);
ruleLog.error("Exiting from the method : " + methodName);
return appList;
}
</Source>
No comments:
Post a Comment