Chat now with support
Chat with Support

Quick Connect for Cloud Services 3.7 - Administrator Guide

Installing One Identity Quick Connect for Cloud Services Working with Google Apps Working with Google Postini Services Working with Microsoft Office 365 Working with Salesforce Working with ServiceNow Working with Windows Azure Active Directory Appendix A: Synching Multiple Owners attributes to Google Owners attributes

Appendix A: Synching Multiple Owners attributes to Google Owners attributes

Appendices

The following scenario demonstrates how to synchronize multiple owners attributes such as, ManagedBy and SecondaryOwners to Google Owners attributes. This scenario involves two tasks, Configuration on Active Roles Server and Configuration on Quick Connect Sync Engine.

Configuration on Active Roles Server

This task includes the following steps:

Step 1: Create the virtual attribute 'edsvaOwners'

To create the virtual attribute 'edsvaOwners'

  1. From the Active Roles MMC Console, select Server Configuration-> Virtual Attributes-> New-> Virtual Attribute.
  2. On the Add Virtual Attribute Wizard, enter the required specifications to identify the virtual attribute:
    • In the Common-Name field, type edsvaOwners.
    • In the LDAP Display Name field type edsvaOwners, and then click Next.
  3. On the Attribute Syntax wizard, in the Syntax field, select DN from the drop-down menu.
  4. Select the Multi-valued check-box, and then click Next.
  5. On the Object Classes wizard, under Select object classes select Group, and then click Next.
  6. On the Attribute Storage wizard, select the Store values of this virtual attribute in the Active Roles Administration database check-box, and then click Next.
  7. Click Finish.
  8. Reconnect to the Active Roles MMC console, to view the new virtual attribute under Groups.

Step 2: Create the script module

To create the script module

  1. From the Active Roles MMC Console, select Script Modules-> New-> Script module.
  2. On the New Object-Script Module window, in the Name field, type a name, for example edsavaManagers Policy Script, and then click Next.
  3. From the Script Module Type list, select Policy script, and click Next.
  4. From the Event handler functions: list, do not choose any event handler functions.
  5. Click Next and then click Finish.
  6. Reconnect to the Active Roles MMC console, to view the new policy script under Script Modules.
  7. Edit the policy script to include the following:

    function onPostCreate($Request)

    {

    if ($Request.Class -ine "GROUP") {

    exit

    }

    if (!( (IsAttributeModified "managedBy" $Request) -or

    (IsAttributeModified "edsvaSecondaryOwners" $Request)) )

    {

    exit

    }

     

    #1. Declare the result array

    $resultObjects = @()

     

    #2. Query ManagedBY

    if ((IsAttributeModified "managedBy" $Request))

    {

    $managedBy = $Request.Get("managedBy")

    $resultObjects +=$managedBy

     

    # Read Secondary Owners from DirObj

    $Dirobj.GetInfoEx(@("edsvaSecondaryOwners"), 0)

    $edsvaSecondaryOwners = $Dirobj.Get("edsvaSecondaryOwners")

     

    foreach ($qcobject in $edsvaSecondaryOwners)

    {

    $resultObjects +=$qcobject

    }

     

    }

     

    #4. Query Secondary Owners

    if ((IsAttributeModified "edsvaSecondaryOwners" $Request))

    {

    $edsvaSecondaryOwners = $Request.Get("edsvaSecondaryOwners")

    #5. Loop edsvaSecondaryOwners

    foreach ($qcobject in $edsvaSecondaryOwners)

    {

    $resultObjects +=$qcobject

    }

    # Read managedBy Owners from DirObj

    $Dirobj.GetInfoEx(@("managedBy"), 0)

    $managedBy= $DirObj.Get("managedBy")

    $resultObjects +=$managedBy

    }

    $DirObj.Put("edsvaOwners", $resultObjects)

    $DirObj.SetInfo()

     

    }

    function onPostModify($Request)

    {

    if ($Request.Class -ine "GROUP") {

    exit

    }

    if (!( (IsAttributeModified "managedBy" $Request) -or

    (IsAttributeModified "edsvaSecondaryOwners" $Request)) )

    {

    exit

    }

     

    #1. Declare the result array

    $resultObjects = @()

     

    #2. Query ManagedBY

    if ((IsAttributeModified "managedBy" $Request))

    {

    $managedBy = $Request.Get("managedBy")

    $resultObjects +=$managedBy

    # Read Secondary Owners from DirObj

    $Dirobj.GetInfoEx(@("edsvaSecondaryOwners"), 0)

    $edsvaSecondaryOwners = $Dirobj.Get("edsvaSecondaryOwners")

    foreach ($qcobject in $edsvaSecondaryOwners)

    {

    $resultObjects +=$qcobject

    }

     

    }

    #4. Query Secondary Owners

    if ((IsAttributeModified "edsvaSecondaryOwners" $Request))

    {

    $edsvaSecondaryOwners = $Request.Get("edsvaSecondaryOwners")

    #5. Loop edsvaSecondaryOwners

    foreach ($qcobject in $edsvaSecondaryOwners)

    {

    $resultObjects +=$qcobject

    }

    # Read managedBy Owners from DirObj

    # set Binding to managedBy attribute

    $Dirobj.GetInfoEx(@("managedBy"), 0)

    # read managedBy

    $managedBy= $DirObj.Get("managedBy")

    $resultObjects +=$managedBy

    }

     

    $DirObj.Put("edsvaOwners", $resultObjects)

    $DirObj.SetInfo()

     

    }

    function IsAttributeModified ([string]$strAttributeName, $Request)

    {

    $objEntry = $Request.GetPropertyItem($strAttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)

    if ($objEntry -eq $null) { return $false}

    $nControlCode = $objEntry.ControlCode

    if ($nControlCode -eq 0) { return $false }

    return $true

    }

  1. Click Save and then Next.
Related Documents