立即与支持人员聊天
与支持团队交流

Quick Connect Sync Engine 6.1 - Administrator Guide

One Identity Quick Connect Overview Deploying One Identity Quick Connect Sync Engine Getting started Connections to external data systems Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendices

Accessing source and target objects using built-in hash tables

One Identity Quick Connect Sync Engine synchronizes data between the source and target objects using the pre-configured synchronization rules.

In the PowerShell scripts used to set up the script-based synchronization rules, you can employ the $srcObj and $dstObj built-in associative arrays (hash tables) that allow the scripts to access the current values of attributes of the source and target objects, respectively. The array keys names are names of the object attributes.

For more information about the use of the associative arrays, refer to Windows PowerShell documentation.

In addition to $srcObj and $dstObj, Quick Connect defines the $Request built-in hash table. The $Request key names are also names of the object attributes. The $Request hash table contains new values of the target object attributes to which the target object attributes must be set after completing the synchronization process.

To clarify the use of built-in hash tables, let us consider the following scenario: you synchronize between the "mail" attributes of user objects in an LDAP directory (source connected system) and ActiveRoles Server (target connected system) using the following synchronization rule: the value of the "mail" attribute in the target connected system must be equal to that in the source connected system concatenated with current date.

For example, before the synchronization process started, the source object had the "mail" attribute: JDoe@mail1.mycompany.com, the target object had the "mail" attribute: JDoe@mail2009.mycompany.com. After the synchronization process completes, the target user will have the following mail: JDoe@mail1.mycompany.com (5 December, 2012) (if you performed the synchronization process on 5 December, 2012.

The following code snippet illustrates the use of built-in hash tables:

#Returns "JDoe@mail1.mycompany.com

$strSourceMail=$srcObj["mail"]

#Returns JDoe@mail2009.mycompany.com

$strTargetMail=$DstObj["mail"]

#Returns JDoe@mail1.mycompany.com (5 January, 2010)

$strNewMail=$Request["mail"]

Example script

The following script illustrates the use of $srcObj.

A provisioning task (provisioning step of a synchronization workflow as applied to Quick Connect) causes One Identity Quick Connect Sync Engine to provision user identity information from a delimited text file to Active Directory using the following provisioning rule: the "co" attribute in all provisioned users must be set to the name of country where the user lives. The script-based provisioning rule calculates the "co" attribute value basing on the user's city (the "City" attribute in the connected data source).

The following script implements the described scenario:

# --- Retrieve the City attribute of the user object in connected data source.

$userCity = $srcObj["City"]

# --- Determine the user's country

switch ($UserCity)

{

"New York" {$country = "United States"; break}

"Paris" {$country = "France"; break}

"Tokyo" {$country = "Japan"; break}

default {$country = "Unknown"}

}

# --- Return the user country. The script-based provisioning rule

# --- assigns this value to the "co" attribute in the provisioned user object.

$country

# End of the script

Appendix B: Using a PowerShell script to transform passwords

Appendix B: Using a PowerShell script to
transform passwords

You can use a Windows PowerShell script in a password sync rule to transform passwords. This section provides some reference materials on how to write a Windows PowerShell script for password transformation.

Accessing source object password

To synchronize passwords between the source Active Directory domain and the target connected data system, One Identity Quick Connect Sync Engine uses the password sync rules you configure. In a password rule settings, you can type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. For example, you can use such a script if you want the object passwords in the source and target connected systems to be different.

When developing a PowerShell script to transform passwords, you can employ the $srcPwd built-in associative array (hash table) that allows the scripts to access the source object password. The $srcPwd returns a string that contains the object password.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级