I am currently working on a an IDM project where only a certain type of user was added to the IDM directory on the initial load. This presented a problem when a user came across the ActiveSync resource (FlatFile in this case) that was already present in the resource, but not in IDM.
The standard <Disable> when feedOp != create, was not sufficient, because feedOp equals create for users in this case, and default calculations would take place in IDM wiping out the updated data that already existed in the resource (LDAP).
To work around this issue, I wrapped all the fields that should only be calculated/modifyed on a "CREATE" process in a <Field> and the set the <Disable> on that field to a Rule that queries the LDAP resource looking for the uid and if it is found - disables those fields.
The Rule code:
<block>
<invoke name='getResourceObjects' class='com.waveset.ui.FormUtil'>
<ref>:display.session</ref>
<s>User</s>
<s>ldap</s>
<map>
<s>searchScope</s>
<s>subtree</s>
<s>searchFilter</s>
<block>
<concat>
<s>(uid=</s>
<ref>waveset.accountId</ref>
<s>)</s>
</concat>
</block>
<s>searchAttrsToGet</s>
<list>
<s>uid</s>
</list>
</map>
</invoke>
</block>
And the sample <Form> <Field>:
<Field name='LdapCreateFields'>
<Disable>
<neq>
<rule name='IsAccountInLDAPRule'/>
<null/>
</neq>
</Disable>
<Field name='global.SecretQuestion1'>
<Default>
<s> </s>
</Default>
</Field>
<Field name='global.SecretQuestion2'>
<Default>
<s> </s>
</Default>
</Field>
<Field name='global.UIDNumber'>
<Expansion>
<rule name='calcUid'/>
</Expansion>
</Field>
...
...
</Field>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment