LDAP scripting
-
- UpdatedAug 3, 2023
- 3 minutes to read
- Vancouver
- Platform Security
Create custom transform maps, scripts, and business rules to specify requirements when importing data.
Custom transform maps should include onStart
and onAfter
transform scripts.
onStart
script should call the LDAPUtils
script
include and start logging. For example, the LDAP User Import
transform map has an onStart
script that uses this
code:onAfter
script should call the addMembers
function.
For example:Set disabled Active Directory users to inactive
Use the following script to automatically deactivate users when the associated AD user is disabled.
Before you begin
About this task
You can identify disabled Active Directory users by checking the value of the
userAccountControl
attribute. This rule executes whenever the
userAccountControl
value changes and deactivates user accounts
if the User Account Control signifies a disabled AD
account.
Use the following script to automatically deactivate users when the associated AD user is disabled.
Procedure
Assign LDAP field values
You can use a script to assign a value to any field for which there is a field mapping.
For example, to assign a value to the sys_user.company field, create a field map for the company field and add a transform script of:
Exclude particular LDAP users
If you cannot completely filter the LDAP user list using LDAP filter properties, you can exclude users with a map script.
After you have run the logic to identify a user that should not be imported, set the user_name field to an empty string and this user will not be imported.
One way to identify users to filter out is to look for a string in the
distinguishedName
attribute. For example, this script excludes accounts
that are not in a Users OU. You might use this script if you have too many Users OU to
include in the target OU LDAP Option.
A more complex method of filtering is to use regular expressions.