GutteStolt
(Shubham Gutte)
August 31, 2024, 1:54pm
1
Hi All,
Looking for assistance here, We have AD admin correlation rule to corelate the admin accounts to the normal account, which based on AD attribute called sAMaccount name.
We have implemented the logic looks like not working as expected. When we tried to run from debug getting below error.
Exception running rule: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.tools.Util; import java.util.HashMap; import sailpoint.ob . . . '' : Attempt to resolve method: getAttribute() on undefined variable or class name: account : at Line: 6 : in file: inline evaluation of:
import sailpoint.tools.Util; import java.util.HashMap; import sailpoint.ob . . . ‘’ : account .getAttribute ( “sAMAccountName” )
BSF info: Correlation - AD admin at line: 0 column: columnNo
Thanks,
Shubham
Hi @GutteStolt ,
can you share the rule?
Surely, you are using getAttribute()
on a variable that didint have this funcion or a library missing.
About this account.getAttribute ( “sAMAccountName” )
:
Do you have import Link class?
Account is a Link variable?
Hi @GutteStolt ,
Could you please share the correlation rule(Correlation - AD admin)?
Print the account and check.
log.error("account: "+account.toXml());
Regards,
Arun
GutteStolt
(Shubham Gutte)
August 31, 2024, 2:52pm
4
Hello @enistri_devo
Thank you for the response. below is the correlation rule
AD_Correlation_Rule.txt (790 Bytes)
Thanks
try with this:
import sailpoint.tools.Util;
import java.util.HashMap;
import sailpoint.object.*;
Map map = new HashMap();
String sAMAccountName = account.getAttribute("sAMAccountName");
if (Util.isNullOrEmpty(sAMAccountName)) return map;
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith("xxx")) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length()-3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq("xxxx",sAMAccountName);
qo.addFilter(filtIdentity);
Iterator iter = context.search(Identity.class,qo);
Identity ident =(Identity) iter.next();
map.put("identity",ident);
Util.flushIterator(iter)
return map;
GutteStolt
(Shubham Gutte)
August 31, 2024, 3:35pm
6
Hi @enistri_devo i have tried withe this rule but still getting same error. Looks like issue with on undefined variable or class name: account statement only.
Thanks,
Zekkin
(Zekkin Thanraj)
August 31, 2024, 3:37pm
7
import sailpoint.tools.Util;
import java.util.HashMap;
import sailpoint.object.*;
Map<String, Object> map = new HashMap<>();
String sAMAccountName = (String) account.getAttribute(“sAMAccountName”);
if (Util.isNullOrEmpty(sAMAccountName)) return map;
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith(“xyz”)) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length() - 3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq(“sAMAccountName”, sAMAccountName); // Ensure ‘sAMAccountName’ is the correct attribute name
qo.addFilter(filtIdentity);
Iterator iter = context.search(Identity.class, qo);
while (iter.hasNext()) {
Identity ident = iter.next();
map.put(“identity”, ident);
if (!ident.isInactive()) {
Util.flushIterator(iter);
return map;
}
}
return map;
Zekkin
(Zekkin Thanraj)
August 31, 2024, 3:38pm
8
@GutteStolt Try this
import sailpoint.tools.Util;
import java.util.HashMap;
import sailpoint.object.*;
Map<String, Object> map = new HashMap<>();
String sAMAccountName = (String) account.getAttribute("sAMAccountName");
if (Util.isNullOrEmpty(sAMAccountName)) return map;
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith("xxx")) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length() - 3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq("sAMAccountName", sAMAccountName); // Ensure 'sAMAccountName' is the correct attribute name
qo.addFilter(filtIdentity);
Iterator<Identity> iter = context.search(Identity.class, qo);
while (iter.hasNext()) {
Identity ident = iter.next();
map.put("identity", ident);
if (!ident.isInactive()) {
Util.flushIterator(iter);
return map;
}
}
return map;
ok, look if you have this variable into xml and add it if not exist:
<Argument name="account">
<Description>
A sailpoint.object.ResourceObject returned from the
collector.
</Description>
</Argument>
PS for confirmation, you are setting it on this:
and are you trying this rule during the aggregation?
Arun-Kumar
(Arun Kumar)
August 31, 2024, 3:44pm
10
Hi @GutteStolt ,
Looks like you are testing the correlation from debug. Correlation rule is invoke during the account aggregation and you will get the account(resourceObject).
If you run the correlation rule directly from debug page, you will not get the account(resourceObject).
Attach the correlation rule to AD application and run the single account aggregation for testing.
Regards,
Arun
GutteStolt
(Shubham Gutte)
August 31, 2024, 3:47pm
11
Hello @Zekkin
Tried with this error below error
Exception running rule: BeanShell script error: bsh.ParseException: Parse error at line 5, column 11. Encountered: , BSF info: Correlation - AD admin at line: 0 column: columnNo
GutteStolt
(Shubham Gutte)
August 31, 2024, 3:49pm
12
Hello Arun,
Yes, Correct i’m testing it from the debug page
From debug doesnt work, try it during aggrergation
Arun-Kumar
(Arun Kumar)
August 31, 2024, 3:51pm
14
Hi @GutteStolt ,
Don’t test it from debug directly. You will not get the account variable.
Add the correction rule to application and run the single account aggregation. Try with this rule.
import sailpoint.tools.Util;
import java.util.HashMap;
import sailpoint.object.*;
Map map = new HashMap();
String sAMAccountName = account.getAttribute("sAMAccountName");
if (Util.isNullOrEmpty(sAMAccountName)) return map;
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith("xxx")) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length() - 3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq("sAMAccountName", sAMAccountName);
qo.addFilter(filtIdentity);
Iterator iter = context.search(Identity.class, qo);
while (iter.hasNext()) {
Identity ident = iter.next();
map.put("identity", ident);
if (!ident.isInactive()) {
Util.flushIterator(iter);
return map;
}
}
return map;
can you try the mine:
import sailpoint.tools.Util;
import java.util.HashMap;
import sailpoint.object.*;
Map map = new HashMap();
String sAMAccountName = account.getAttribute("sAMAccountName");
if (Util.isNullOrEmpty(sAMAccountName)) return map;
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith("xxx")) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length()-3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq("xxxx",sAMAccountName);
qo.addFilter(filtIdentity);
Iterator iter = context.search(Identity.class,qo);
Identity ident =(Identity) iter.next();
map.put("identity",ident);
Util.flushIterator(iter);
return map;
in the filter change xxxx with the identity attribute you want correlate, like “name”
Filter filtIdentity = Filter.eq("xxxx",sAMAccountName);
Arun-Kumar
(Arun Kumar)
August 31, 2024, 4:25pm
17
Replace the && with && in line no 11
Zekkin
(Zekkin Thanraj)
August 31, 2024, 5:27pm
19
@GutteStolt try this
import sailpoint.tools.Util;
import sailpoint.object.Identity;
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
Map map = new HashMap();
String sAMAccountName = account.getStringAttribute("sAMAccountName");
if (Util.isNullOrEmpty(sAMAccountName)) {
return map;
}
if (sAMAccountName.length() > 3 && sAMAccountName.toLowerCase().endsWith("xxx")) {
sAMAccountName = sAMAccountName.substring(0, sAMAccountName.length() - 3).trim();
}
QueryOptions qo = new QueryOptions();
Filter filtIdentity = Filter.eq("sAMAccountName", sAMAccountName);
qo.addFilter(filtIdentity);
Iterator<Identity> iter = context.search(Identity.class, qo);
while (iter != null && iter.hasNext()) {
Identity ident = iter.next();
map.put("identity", ident);
if (!ident.isInactive()) {
// No need for flushIterator in BeanShell
return map;
}
}
return map;
yes, also you have undertiminated on attribute because your rule come back the identity.
remember to implement the part for no-admin account. The correlation rule will be execute for all account, so you must add the part to correlate the others type.
The error depends about it, for the case where you dont managed and the map is empty.
system
(system)
Closed
October 30, 2024, 5:36pm
21
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.