Executing Command Line Functions with Novell Identity Manager

While Novell’s Identity Manager product has an extensive list of actions, there is nothing like the power of the command line. The default actions included in the product cover the most common items that one would want to perform, but occasionally, a truly unique action needs to be performed.***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

While Novell’s Identity Manager product has an extensive list of actions, there is nothing like the power of the command line. The default actions included in the product cover the most common items that one would want to perform, but occasionally, a truly unique action needs to be performed. In the past, to extend the action infrastructure, one was required to write a java class and add it to the java class path. Recent versions of IDM, however, have included the ability to use ECMA scripting to extend capabilities without custom java classes. What follows, is a script and the corresponding actions within IDM to execute command line functions.

ECMA Script:

importPackage(Packages.java.lang);

function execCL(command)

{

var runtime, process;

runtime = new java.lang.Runtime.getRuntime();

process = runtime.exec(command);

process.waitFor();

return process.exitValue();

}

IDM Policy Action

<do-set-local-variable name=”command” scope=”policy”>
<arg-string>
<token-text xml_space=”preserve”>YourCommandHere(Hint: use $localvariablename to pass parameters)</token-text>
</arg-string>
</do-set-local-variable>

In the past, this method has been used to integrate password encryption with Mac OSX LDAP directories. The standard LDAP set password operation only sets the simple password, which appears as clear text to anyone viewing the user accounts. To properly set the password as an encrypted value, one must execute the “dscl” command on the OSX directory server.

The following is an example of the command to perform this:

ssh -vvv $osxHost$ /usr/bin/dscl -u $adminuser$ -P $adminpassword$ /LDAPv3/127.0.0.1 -passwd /Users/$name$ $passwd$ 2>&1

Questions, comments or concerns?  Feel free to reach out to us at IDMWorks.