Wednesday, December 15, 2010

Display Child Organizations

If you want to display all the child organizations of a parent organization then use the following code :-

<block name='test org' trace="true">
<set name='finalChildOrgList'>

<set name='orgsList'>
<new class='java.util.ArrayList'/>
<set name='orgObject'>
<s>Top</s> <!-- direct pass parent Orgnization (ObjectGroup Name) name -->

<invoke name='getChildObjectGroups'>

<dolist name='tempOrgName'>
<appendAll name='finalChildOrgList'>
<invoke name='getDisplayName'>

<s>End User</s>
<removeAll name='finalChildOrgList'>
<s>End User</s>



Wednesday, March 3, 2010

Scripted JDBC Resource

Sun Identity Manager contains Scripted JDBC resource adapter to provide more flexibility to perform Database functions i.e execute vendor specific database stored procedures which are difficult to execute by using native Database Resource Adapters.

Here are steps to configure and create a user account on Database by using Scripted JDBC resource adapter.

Step 1#

Make Scripted JDBC Resource available to IdM resource list after selecting the 'Configure Manager Resources' from 'Resource Type Actions' tab under Resource section.

Step 2 #

Create a Database Table 'users'.

Step 3 #

Before adding Scripted JDBC resource in IdM let's first create Resource Actions which will actually Create , Update and Delete a user record on Scripted JDBC resource.

To create Resource Actions just follow the conventions of either BeanShell or JavaScript (Rhino) which is located at following directory


I have modified following Resource Actions just to create a new account on Scripted JDBC resource


Note: GetUser Resource Action is required to implement for Scripted JDBC Resource Adapter to work properly.

Here is my version of Create and GetUSer Resource Action


import java.sql.PreparedStatement;

* First define helper methods
void flushResults(PreparedStatement st) {
try {
int result = 1;
boolean more = true;
while (more) {
// what did we get?
int rowCount = st.getUpdateCount();
if (rowCount >= 0) {
// this result is an update count
// println("Result " + Util.itoa(result) +
// " update count " + Util.itoa(rowCount));
} else {
// not an update count
ResultSet rs = st.getResultSet();
if (rs != null) {
} else {
// no more
more = false;
// with Oracle driver...
if (more)
more = st.getMoreResults();
catch (Throwable t) {
throw t;
id = actionContext.get("id");
conn = actionContext.get("conn");
action = actionContext.get("action");
errors = actionContext.get("errors");
trace = actionContext.get("trace");
password = actionContext.get("password");
attrs = actionContext.get("attributes");

StringBuffer sqlCmdBuf = new StringBuffer();
sqlCmdBuf.append("INSERT INTO users ");
String sql = sqlCmdBuf.toString();
PreparedStatement s = null;
try {
s = conn.prepareStatement(sql);
s.setString(1, id);
s.setString(2, password);
s.setString(3, attrs.get("firstname"));
s.setString(4, attrs.get("lastname"));
s.setString(5, attrs.get("email"));
} finally {
if (s != null)


import java.sql.ResultSet;
import java.sql.PreparedStatement;
id = actionContext.get("id");
conn = actionContext.get("conn");
action = actionContext.get("action");
errors = actionContext.get("errors");
trace = actionContext.get("trace");
result = actionContext.get("result");

StringBuffer sqlCmdBuf = new StringBuffer();
sqlCmdBuf.append("SELECT firstname,lastname,email FROM users");
sqlCmdBuf.append(" where accountId = ?");
String sql = sqlCmdBuf.toString();
PreparedStatement st = null;
ResultSet res = null;
try {
st = conn.prepareStatement(sql);
st.setString(1, id);
res = st.executeQuery();
if ( ) {
// Populate attrMap with the queried user attributes
java.util.Map attrMap = new java.util.Hashtable();
String firstname = res.getString("firstname");
if (firstname != null) { attrMap.put("firstname", firstname); }
String lastname = res.getString("lastname");
if (lastname != null) { attrMap.put("lastname", lastname); }
String email = res.getString("email");
if (email != null) { attrMap.put("email", email); }
// Put the attrMap into the result
result.put("attrMap", attrMap);
} finally {
if (res != null)
if (st != null)

Step 4#

Now add Scripted JDBC Resource in IdM and configure the schema mapping for user account attributes

Step 4.1# Select Resource Type - Scripted JDBC

Step 4.2# Configure MySQL database table.

Step 4.3# Map customized Resource Action for Get User and Create User action

Step 4.4# Resource Schema Mapping

Step 4.5#

Finally, Scripted JDBC Resource appears in the Resource List to manage user accounts.

Step 5#. Create New User Account on Scripted JDBC Resource

We can add our own customized Resource Actions to perform Database related operations.

Use the following URL to get more information about Scripted JDBC Resource Adapter

Saturday, February 20, 2010

Active Sync V/S Reconciliation

As we always hear about ActiveSync and Reconciliation processes and these two terms always confuse us a little bit.

Here is a link that must help you to understand the difference between these two processes.


Monday, January 11, 2010

Sun IdM Console in Action

Sun Identity Manager comes with a very useful utility which is called "console".
This utility is a command based interface that let a user to execute commands to perform actions on IdM components.

How to launch it?

Here, I am explaining this utility with NetBeans IDE 6.5 for Sun Identity Manager 8.1.

Netbeans IDE must have Sun IdM plugin installed before to launch this utility.

  1. Go to project tab.
  2. Right click on IdM project as shown in pic.
  3. Click on Run LH Command and you would get a text field to enter your command
  4. Type 'console' and hit the trigger 'OK'.

You will get a console screen under the output window of NetBeans IDE.

Just type command 'help' and you will have a list of all available commands.

Let's try 'encrypt' command which is used to encrypt a password
Configurator> encrypt password

'encrypt' command returns an encrypted value of input string as have seen in above example.

Following are some important commands