Active Directory BeforeProvisioing Rule - Create Operation

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

I have created ADBeforeProvisioning Rule which has now been deployed by SailPoint to my tenant.

I am trying to modify the distinguisheName whenever there is a create operation.

The logic is to create DN based on the displayname and validate against two OU’s for uniqueness. But somehow the rule is not creating a unique dn
Below is my code logic.


    import sailpoint.object.ProvisioningPlan.AccountRequest;
	import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
	import sailpoint.object.ProvisioningPlan.AttributeRequest;
	import sailpoint.object.ProvisioningPlan;
	import sailpoint.object.ProvisioningPlan.Operation;
	import sailpoint.object.Identity;

  if (plan != null) {
     Identity identity = plan.getIdentity();
	 String applicationName = application.getName();
	 

	for (AccountRequest accountRequest : plan.getAccountRequests()) {
	 
	 if (accountRequest.getOp().equals(ProvisioningPlan.ObjectOperation.Create)) {
	  
	  String nativeIdentity = accountRequest.getNativeIdentity();
	  String UserOU = "OU=AAAA,OU=AA,OU=AAA,OU=AA,DC=AA,DC=AA,DC=com";
      String RetiredOU = "OU=BBB,OU=BB,OU=BBB,DC=BB,DC=BB,DC=com";
	   
	  
	  public String generateCN(String applicationName, String displayName, String UserOU, String RetiredOU, String nativeIdentity) {
               String newDN = "CN=" + displayName + "," + UserOU;
			   String newRetDN = "CN=" + displayName + "," + RetiredOU;
			   
			    boolean accountExistsInDN;
                boolean accountExistsInRetDN;
				
				
                accountExistsInDN = idn.accountExistsByNativeIdentity(applicationName, newDN);
				accountExistsInRetDN = idn.accountExistsByNativeIdentity(applicationName, newRetDN);
                if (!accountExistsInDN && !accountExistsInRetDN) {
                    return displayName;
                }

                for (int i=1; i<100; i++) {
                    String displayName = displayName + i;
                    newDN = "CN=" + displayName + "," + UserOU;
					newRetDN = "CN=" + displayName + "," + RetiredOU;
                    accountExistsInDN = idn.accountExistsByNativeIdentity(applicationName, newDN);
					accountExistsInRetDN = idn.accountExistsByNativeIdentity(applicationName, newRetDN);
                    if(!accountExistsInDN && !accountExistsInRetDN) {
                        return displayName;
                    }
                }
                return null;
            } 
	  
	  String displayName = (String) identity.getAttribute("displayName");
	  
	 if (displayName != null && displayName.contains("[C]")) {
    displayName = displayName.replace("[C]", "");
}
displayName = displayName.trim();

String newCN = generateCN(applicationName, displayName, UserOU, RetiredOU, nativeIdentity);
if (null != newCN){
accountRequest.add(new AttributeRequest("AC_NewName", ProvisioningPlan.Operation.Set, "CN=" + newCN));
accountRequest.add(new AttributeRequest("AC_NewParent", ProvisioningPlan.Operation.Set, UserOU));
	  }
        }
	 }  
	}
2

Hi Rajesh,
What is the error you are getting while generating the DN ?

3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.