/// <summary>
/// Controls whether the CSEntry should project to the MV
/// and if it is projecting, what MVObjectType it will project as
///
///
/// </summary>
/// <param name="csentry"></param>
/// <param name="MVObjectType"></param>
/// <returns></returns>
bool IMASynchronization.ShouldProjectToMV(CSEntry csentry, out string MVObjectType)
{
switch (csentry.ObjectType.ToUpper())
{
//-- example call out for the PERSON object class
// case CLASSNAME_PERSON: return FilterPerson(csentry);
default:
//-- if we haven't got a handler in place, then throw an exception and log the object type so we've
//-- got a record of which object failed and why both out to the log *and* in the MIM Console
string message = string.Format("Unexpected object type - {0}", csentry.ObjectType);
logger.Error(message);
throw new EntryPointNotImplementedException(message);
}
}
/// <summary>
/// Specifies the Deprovisioning Action for the target CSEntry
///
/// do *not* use ExplicitDisconnector in any automated system
/// </summary>
/// <param name="csentry"></param>
/// <returns></returns>
DeprovisionAction IMASynchronization.Deprovision(CSEntry csentry)
{
switch (csentry.ObjectType.ToUpper())
{
case CLASSNAME_PERSON: return(DeprovisionPerson(csentry));
default:
//-- if we haven't got a handler in place, then throw an exception and log the object type so we've
//-- got a record of which object failed and why both out to the log *and* in the MIM Console
string message = string.Format("Unexpected object type in Deprovisioning - {0}", csentry.ObjectType);
logger.Error(message);
throw new EntryPointNotImplementedException(message);
}
}
internal static bool Compare(MVEntry mventry, CSEntry csentry, string csattributeName, string mvattributeName)
{
ReferenceValue csval = null;
ReferenceValue mvval = null;
Attrib mvAttrib = mventry[mvattributeName];
if (csattributeName == "[DN]")
{
csval = csentry.DN;
}
else
{
Attrib csAttrib = csentry[csattributeName];
if (!csAttrib.IsPresent && !mvAttrib.IsPresent)
{
return(true);
}
if (csAttrib.IsPresent ^ mvAttrib.IsPresent)
{
return(false);
}
switch (csAttrib.DataType)
{
case AttributeType.Reference:
csval = csAttrib.ReferenceValue;
break;
case AttributeType.String:
csval = csentry.MA.CreateDN(csAttrib.StringValue);
break;
default:
Tracer.TraceError("Can only compare string values as DNs");
return(false);
}
}
if (mvAttrib.DataType != AttributeType.String)
{
Tracer.TraceError("Can only compare string values as DNs");
}
mvval = csentry.MA.CreateDN(mvAttrib.StringValue);
return(mvval.Equals(csval));
}
private void ChangePasswordWithProvider(CSEntry csentry, SecureString oldPassword, SecureString newPassword)
{
IObjectPasswordProviderAsync asyncProvider = this.GetAsyncProviderForType(csentry);
if (asyncProvider != null)
{
AsyncHelper.RunSync(asyncProvider.ChangePasswordAsync(csentry, oldPassword, newPassword));
}
else
{
IObjectPasswordProvider provider = this.GetProviderForType(csentry);
provider.ChangePassword(csentry, oldPassword, newPassword);
}
}
private void SetPasswordWithProvider(CSEntry csentry, SecureString newPassword, PasswordOptions options)
{
IObjectPasswordProviderAsync asyncProvider = this.GetAsyncProviderForType(csentry);
if (asyncProvider != null)
{
asyncProvider.SetPasswordAsync(csentry, newPassword, options);
}
else
{
IObjectPasswordProvider provider = this.GetProviderForType(csentry);
provider.SetPassword(csentry, newPassword, options);
}
}
private void ConditionalRenameConnector(ConnectedMA ma, CSEntry csentry, MVEntry mventry, Rule connectorRule)
{
Tracer.TraceInformation("enter-conditionalrenameconnector");
try
{
if (connectorRule.ConditionalRename == null)
{
return;
}
string escapedCN = null;
string replacedValue = null;
if (string.IsNullOrEmpty(connectorRule.ConditionalRename.EscapedCN))
{
Tracer.TraceInformation("no-cn-to-escape");
replacedValue = connectorRule.ConditionalRename.NewDNValue.ReplaceWithMVValueOrBlank(mventry);
}
else
{
escapedCN = ma.EscapeDNComponent(connectorRule.ConditionalRename.EscapedCN.ReplaceWithMVValueOrBlank(mventry, "")).ToString();
Tracer.TraceInformation("escaped-cn {0}", escapedCN);
replacedValue = connectorRule.ConditionalRename.NewDNValue.ReplaceWithMVValueOrBlank(mventry, escapedCN);
}
ReferenceValue newdn = ma.CreateDN(replacedValue);
ReferenceValue olddn = ma.CreateDN(csentry.DN.ToString());
Tracer.TraceInformation("old-dn '{0}'", olddn.ToString());
Tracer.TraceInformation("new-dn '{0}'", newdn.ToString());
if (this.AreDNsEqual(olddn, newdn, ma, connectorRule.ConditionalRename.StrictDNCompare))
{
Tracer.TraceInformation("no-renaming-necessary");
}
else
{
Tracer.TraceInformation("dn-rename-required");
csentry.DN = newdn;
}
}
catch (Exception ex)
{
Tracer.TraceError("error {0}", ex.GetBaseException());
throw;
}
finally
{
Tracer.TraceInformation("exit-conditionalrenameconnector");
}
}
/// <summary>
/// Routing function that takes the flow-rule-name and calls out to the appropriate method to handle
/// the required flowrule
///
/// do *NOT* just drop everything into a single monolithic switch statement as it's horrible to work with
/// and make use of constants rather than magic strings wherever possible
///
/// when creating flow rules, avoid using generic rules and try to employ a verb-noun style structure
/// so our flow rules are creating meaning rather than just functioning as a place-holder for routing
/// </summary>
/// <param name="FlowRuleName"></param>
/// <param name="csentry"></param>
/// <param name="mventry"></param>
void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
{
switch (FlowRuleName.ToUpper())
{
//-- example call out for the SAMPLE_FLOW_RULE
case SAMPLE_RULE_NAME: sampleIAF(csentry, mventry); break;
default:
//-- if we haven't got a handler in place, then throw an exception and log the object type so we've
//-- got a record of which object failed and why both out to the log *and* in the MIM Console
string message = string.Format("Unexpected import flow rule - {0}", FlowRuleName);
logger.Error(message);
throw new EntryPointNotImplementedException(message);
}
}
public override bool Met(MVEntry mventry, CSEntry csentry)
{
if (!mventry[this.MVAttribute].IsPresent)
{
Tracer.TraceInformation("Condition failed (Reason: No metaverse value is present) {0}", this.Description);
return(false);
}
if (!mventry[this.MVAttribute].BooleanValue)
{
Tracer.TraceInformation("Condition failed (Reason: Boolean value is false) {0}", this.Description);
return(false);
}
return(true);
}
public void SetPassword(CSEntry csentry, SecureString newPassword, PasswordOptions options, PasswordContext context)
{
User u = new User
{
Credentials = new UserCredentials()
{
Password = new PasswordCredential()
{
Value = newPassword.ConvertToUnsecureString()
}
}
};
AsyncHelper.RunSync(((OktaConnectionContext)context.ConnectionContext).Client.Users.UpdateUserAsync(u, csentry.DN.ToString()));
}
public override bool Met(MVEntry mventry, CSEntry csentry)
{
string csValue = csentry[CSAttribute].IsPresent ? csentry[CSAttribute].Value : null;
string mvValue = mventry[MVAttribute].IsPresent ? mventry[MVAttribute].Value : null;
if (csValue != mvValue)
{
Tracer.TraceInformation("Condition failed (Reason: Values are not equal) {0}", this.Description);
return(false);
}
else
{
return(true);
}
}
public void ChangePassword(CSEntry csentry, SecureString oldPassword, SecureString newPassword)
{
try
{
logger.Info($"Changing password for: {csentry.DN}");
this.ChangePasswordWithProvider(csentry, oldPassword, newPassword);
logger.Info($"Successfully changed password for: {csentry.DN}");
}
catch (Exception ex)
{
logger.Error($"Error changing password for {csentry.DN}");
logger.Error(ex.UnwrapIfSingleAggregateException());
throw;
}
}
public void SetPassword(CSEntry csentry, SecureString newPassword, PasswordOptions options)
{
try
{
logger.Trace($"Setting password for: {csentry.DN}");
this.SetPasswordWithProvider(csentry, newPassword, options);
logger.Info($"Successfully set password for: {csentry.DN}");
}
catch (Exception ex)
{
logger.Error($"Error setting password for {csentry.DN}");
logger.Error(ex.UnwrapIfSingleAggregateException());
throw;
}
}
public object GetValueOrDefault(Direction direction, CSEntry csentry, MVEntry mventry)
{
object value = this.DefaultValue;
bool sourceValueIsPresent = direction.Equals(Direction.Import) ? csentry[Name].IsPresent : mventry[Name].IsPresent;
if (direction.Equals(Direction.Import))
{
value = csentry[Name].Values;
}
else
{
value = mventry[Name].Values;
}
return(value);
}
private void FlowReferenceAttribute(CSEntry csentry, MVEntry mventry, bool targetIsDN, AttributeType targetType)
{
if (targetType == AttributeType.Reference)
{
csentry[this.Target].ReferenceValue = mventry[this.Source].ReferenceValue;
}
else if (targetType == AttributeType.String)
{
csentry[this.Target].StringValue = mventry[this.Source].ReferenceValue.ToString();
}
else
{
throw new InvalidOperationException(string.Format("Cannot convert reference source value to target type {0}", targetType));
}
}
DeprovisionAction IMASynchronization.Deprovision(CSEntry csentry)
{
Tracer.TraceInformation("enter-deprovision");
List <DeprovisionOption> rules = null;
try
{
string maName = csentry.MA.Name;
Tracer.TraceInformation("ma: {1}, dn: {2}", maName, csentry.DN);
ManagementAgent ma = config.ManagementAgent.Where(m => m.Name.Equals(maName)).FirstOrDefault();
if (ma == null)
{
throw new NotImplementedException("management-agent-" + maName + "-not-found");
}
rules = ma.DeprovisionRule.DeprovisionOption.ToList <DeprovisionOption>();
if (rules == null)
{
Tracer.TraceInformation("no-rules-defined-returning-default-action", ma.DeprovisionRule.DefaultOperation);
return(FromOperation(ma.DeprovisionRule.DefaultOperation));
}
foreach (DeprovisionOption r in rules)
{
Tracer.TraceInformation("found-option name: {0}, description: {1}", r.Name, r.Description);
}
//DeprovisionRule rule = rules.Where(ru => ru.Conditions.AreMet(csentry, mventry)).FirstOrDefault();
return(FromOperation(ma.DeprovisionRule.DefaultOperation));
}
catch (Exception ex)
{
Tracer.TraceError("deprovision {0}", ex.GetBaseException());
throw ex;
}
finally
{
if (rules != null)
{
rules.Clear();
rules = null;
}
Tracer.TraceInformation("exit-deprovision");
}
}
protected bool IsUnknownTargetObjectType(CSEntry csentry)
{
bool result = true;
if (csentry.ObjectType == CONTACT)
{
result = false;
}
else
{
result = true;
}
return(result);
}
void CallPasswordScript(PasswordOperation Action, CSEntry csentry, SecureString oldPassword, SecureString newPassword, PasswordOptions options)
{
Tracer.Enter("callpasswordscript");
PSDataCollection <PSObject> passwordPipeline = new PSDataCollection <PSObject>();
try
{
Command cmd = new Command(Path.GetFullPath(PasswordManagementScript));
cmd.Parameters.Add(new CommandParameter("User", Username));
cmd.Parameters.Add(new CommandParameter("Password", Password));
cmd.Parameters.Add(new CommandParameter("ClientId", ClientId));
cmd.Parameters.Add(new CommandParameter("Secret", Secret));
cmd.Parameters.Add(new CommandParameter("Credentials", GetSecureCredentials()));
cmd.Parameters.Add(new CommandParameter("ClientCredentials", GetSecureClientCredentials()));
cmd.Parameters.Add(new CommandParameter("Action", Action.ToString()));
if (options.HasFlag(PasswordOptions.UnlockAccount))
{
cmd.Parameters.Add(new CommandParameter("UnlockAccount"));
}
if (options.HasFlag(PasswordOptions.ForceChangeAtLogOn))
{
cmd.Parameters.Add(new CommandParameter("ForceChangeAtLogOn"));
}
if (options.HasFlag(PasswordOptions.ValidatePassword))
{
cmd.Parameters.Add(new CommandParameter("ValidatePassword"));
}
cmd.Parameters.Add(new CommandParameter("NewPassword", newPassword.ConvertToUnsecureString()));
if (Action == PasswordOperation.Change)
{
cmd.Parameters.Add(new CommandParameter("OldPassword", oldPassword.ConvertToUnsecureString()));
}
passwordPipeline.Add(new PSObject(csentry));
passwordResults = InvokePowerShellScript(cmd, passwordPipeline);
}
catch (Exception ex)
{
Tracer.TraceError("callpasswordscript", ex);
throw;
}
finally
{
passwordPipeline = null;
Tracer.TraceInformation("callpasswordscript");
}
}
public override bool Met(MVEntry mventry, CSEntry csentry)
{
if (!mventry[this.MVAttribute].IsPresent)
{
Tracer.TraceInformation("Condition failed (Reason: No metaverse value is present) {0}", this.Description);
return(false);
}
else
{
if (!Regex.IsMatch(mventry[this.MVAttribute].Value, this.Pattern, RegexOptions.IgnoreCase))
{
Tracer.TraceInformation("Condition failed (Reason: RegEx doesnt match) {0}", this.Description);
return(false);
}
return(true);
}
}
private bool ProxyAddressIsInSMTPMailDomain(CSEntry csentry, string ProxyAddress, bool onlyMatchingFirstSuffix, bool hasBeenMigrated)
{
GALMA MAConfig = null;
string MailDomainSuffix = null;
//
// Find the index of the MA that csentry is in
//
MAConfig = FindMA(csentry);
//
// if no domain names defined
//
if ((MAConfig.MailDomainNames == null) || (MAConfig.MailDomainNames == null))
{
throw new TerminateRunException("Mail suffixes are not defined for MA: " + MAConfig.MAName);
}
//
// Check if the given proxy address ends with one the
// mail domain suffixes for that MA
//
foreach (string MailDomainSuffix_loopVariable in MAConfig.MailDomainNames)
{
MailDomainSuffix = MailDomainSuffix_loopVariable;
// AFRIEDRICHSEN 06 Jan 2016 - checking for mail.onmicrosoft.com address first and returning it
if (hasBeenMigrated && ProxyAddress.ToLower().Contains("mail.onmicrosoft.com"))
{
return(true);
}
if (ProxyAddress.ToLower().EndsWith(MailDomainSuffix.ToString().ToLower()))
{
return(true);
}
if (onlyMatchingFirstSuffix)
{
return(false);
}
}
return(false);
}
public void InvokeFlowRule(FlowRule rule, CSEntry csentry, MVEntry mventry)
{
Tracer.TraceInformation("enter-invokeflowrule {0}", rule.Name);
Tracer.Indent();
try
{
FlowRule r = (FlowRule)rule;
object targetValue = null;
foreach (Value value in r.SourceExpression.Source)
{
if (value.GetType().Equals(typeof(MultiValueAttribute)))
{
MultiValueAttribute attr = (MultiValueAttribute)value;
object mv = attr.GetValueOrDefault(r.Direction, csentry, mventry);
targetValue = attr.Transform(mv, TransformDirection.Source);
}
if (value.GetType().Equals(typeof(Attribute)))
{
Attribute attr = (Attribute)value;
object concateValue = attr.GetValueOrDefault(r.Direction, csentry, mventry);
concateValue = attr.Transform(concateValue, TransformDirection.Source);
targetValue = targetValue as string + concateValue;
attr = null;
continue;
}
if (value.GetType().Equals(typeof(Constant)))
{
targetValue = targetValue + ((Constant)value).Value;
continue;
}
}
targetValue = r.Target.Transform(targetValue, TransformDirection.Target);
r.Target.SetTargetValue(r.Direction, csentry, mventry, targetValue);
r = null;
}
catch (Exception ex)
{
Tracer.TraceError("invokeflowrule {0}", ex.GetBaseException());
throw ex;
}
finally
{
Tracer.Unindent();
Tracer.TraceInformation("exit-invokeflowrule {0}", rule.Name);
}
}
/// <summary>
/// Evaluates true if the conditions are met for the given inputs.
/// </summary>
/// <param name="mventry">Metaverse operand</param>
/// <param name="csentry">Connectorspace operand</param>
/// <returns></returns>
public virtual bool Met(MVEntry mventry, CSEntry csentry)
{
Tracer.TraceInformation("enter-conditionsmet");
try
{
if (Operator.Equals(ConditionOperator.And))
{
bool met = true;
foreach (ConditionBase condition in ConditionBase)
{
met = condition.Met(mventry, csentry);
Tracer.TraceInformation("'And' condition '{0}'/{1} returned: {2}", condition.GetType().Name, condition.Description, met);
if (met == false)
{
break;
}
}
Tracer.TraceInformation("All 'And' conditions {0} met", met ? "were" : "were not");
return(met);
}
else
{
bool met = false;
foreach (ConditionBase condition in ConditionBase)
{
met = condition.Met(mventry, csentry);
Tracer.TraceInformation("'Or' condition '{0}'/{1} returned: {2}", condition.GetType().Name, condition.Description, met);
if (met == true)
{
break;
}
}
Tracer.TraceInformation("One or more 'Or' conditions {0} met", met ? "were" : "were not");
return(met);
}
}
catch (Exception ex)
{
Tracer.TraceError("error {0}", ex.GetBaseException());
throw;
}
finally
{
Tracer.TraceInformation("exit-conditionsmet");
}
}
private IList <object> GetRightValues(CSEntry csentry, MVEntry mventry)
{
switch (this.RightTarget)
{
case ComparisonTarget.MetaverseObject:
return(this.GetRightValues(mventry));
case ComparisonTarget.ConnectorSpaceObject:
return(this.GetRightValues(csentry));
case ComparisonTarget.Constant:
return(this.GetRightConstantValue());
default:
throw new NotSupportedException("Unknown comparison type");
}
}
void IMAExtensible2Password.ChangePassword(CSEntry csentry, SecureString oldPassword, SecureString newPassword)
{
Tracer.Enter("changepassword");
try
{
CallPasswordScript(PasswordOperation.Change, csentry, oldPassword, newPassword, PasswordOptions.None);
}
catch (Exception ex)
{
Tracer.TraceError("changepassword", ex);
throw;
}
finally
{
Tracer.Exit("changepassword");
}
}
void IMAExtensible2Password.SetPassword(CSEntry csentry, SecureString newPassword, PasswordOptions options)
{
Tracer.Enter("setpassword");
try
{
CallPasswordScript(PasswordOperation.Set, csentry, new SecureString(), newPassword, options);
}
catch (Exception ex)
{
Tracer.TraceError("setpassword", ex);
throw;
}
finally
{
Tracer.Exit("setpassword");
}
}
public override bool Met(MVEntry mventry, CSEntry csentry)
{
if (!mventry[this.MVAttribute].IsPresent)
{
Tracer.TraceInformation("Condition failed (Reason: No metaverse value is present for {0}) {1}", this.MVAttribute, this.Description);
return(false);
}
bool set = ((mventry[this.MVAttribute].IntegerValue & (1 << this.BitPosition)) != 0);
if (!set)
{
Tracer.TraceInformation("Condition failed (Reason: Bit {0} in attribute {1} is not set) {2} ", this.BitPosition, this.MVAttribute, this.Description);
return(false);
}
return(true);
}
// added bool hasBeenMigrated to use in suffix selection
protected string FindMatchedDomainSuffix(CSEntry csentry, bool checkMailRouting, bool onlyMatchingFirstSuffix, bool hasBeenMigrated)
{
string result = null;
GALMA MAConfig = null;
//
// CheckMailRouting is true if called for Contact,
// false for user and group.
//
// So for contact (true == checkMailRouting), if the MA is
// configured to use mail routing, then skip finding from
// matching proxy, the caller will then map the source CS
// target address to MV directly.
//
if (true == checkMailRouting)
{
MAConfig = FindMA(csentry);
if (false == MAConfig.MailRouting)
{
result = null;
}
}
//
// Check every smtp address in proxy addresses if they end
// with one of the mail domain suffixes that that forest
// controls return it
//
foreach (Value ProxyAddress in csentry[PROXY_ADDRESSES].Values)
{
string ProxyAddressString = ProxyAddress.ToString();
// AFRIEDRICHSEN 06 Jan 2016 - added hasBeenMigrated to logic for smtp selection in function call
if (ProxyAddressString.ToUpper().StartsWith(SMTP_PREFIX))
{
if (ProxyAddressIsInSMTPMailDomain(csentry, ProxyAddressString, onlyMatchingFirstSuffix, hasBeenMigrated))
{
result = "SMTP:" + ProxyAddressString.Split(':')[1].ToLower();
}
}
}
return(result);
}
public void MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry)
{
IList <object> sourceValues = this.GetSourceValuesForExport(mventry);
IList <object> returnValues;
if (this.Transforms.Any(t => t.ImplementsLoopbackProcessing))
{
IList <object> existingTargetValues = this.GetExistingTargetValuesForExportLoopback(csentry);
returnValues = Transform.ExecuteTransformChainWithLoopback(this.Transforms, sourceValues, existingTargetValues);
}
else
{
returnValues = Transform.ExecuteTransformChain(this.Transforms, sourceValues);
}
this.SetDestinationAttributeValueForExport(csentry, returnValues);
}
private void DeprovisionConnector(ConnectedMA ma, CSEntry csentry, MVEntry mventry, Rule connectorRule)
{
Tracer.TraceInformation("enter-deprovisionconnector");
try
{
Tracer.TraceInformation("deprovision-connector: DN: '{0}', MA: '{1}'", csentry.DN, csentry.MA.Name);
csentry.Deprovision();
}
catch (Exception ex)
{
Tracer.TraceError("error {0}", ex.GetBaseException());
throw;
}
finally
{
Tracer.TraceInformation("exit-deprovisionconnector");
}
}
public void MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
{
switch (FlowRuleName.ToLower())
{
case "cd.user:id->mv.person:accountname":
if (csentry["id"].IsPresent && csentry["id"].StringValue.Length > 20)
{
mventry["accountName"].StringValue = csentry["id"].StringValue.Substring(0, 19);
}
else
{
mventry["accounName"].StringValue = csentry["id"].StringValue;
}
break;
default:
throw new NotImplementedException();
}
}
public override void Generate(ConnectedMA ma, CSEntry csentry, MVEntry mventry, Rule rule)
{
Tracer.TraceInformation("enter-attributeflowconstant");
base.Generate(ma, csentry, mventry, rule);
try
{
string escapedCN = null;
string replacedValue = null;
replacedValue = this.Constant.ReplaceWithHelperValuesOrBlank(rule.Helpers);
if (string.IsNullOrEmpty(this.EscapedCN))
{
Tracer.TraceInformation("no-CN-to-escape");
replacedValue = replacedValue.ReplaceWithMVValueOrBlank(mventry);
}
else
{
escapedCN = this.EscapedCN.ReplaceWithHelperValuesOrBlank(rule.Helpers);
escapedCN = ma.EscapeDNComponent(this.EscapedCN.ReplaceWithMVValueOrBlank(mventry, "")).ToString();
Tracer.TraceInformation("escaped-cn '{0}'", escapedCN);
replacedValue = replacedValue.ReplaceWithMVValueOrBlank(mventry, escapedCN);
}
Tracer.TraceInformation("flow-constant-'{0}'-to-'{1}'", replacedValue, this.Target);
if (this.Target.Equals("[DN]", StringComparison.OrdinalIgnoreCase))
{
csentry.DN = csentry.MA.CreateDN(replacedValue);
}
else
{
csentry[(this.Target)].Value = replacedValue;
}
}
catch (Exception ex)
{
Tracer.TraceError("error {0}", ex.GetBaseException());
throw;
}
finally
{
Tracer.TraceInformation("exit-attributeflowconstant");
}
}
/// <summary>
/// IMVSynchronization.ShouldDeleteFromMV
/// Determines if the metaverse object should be deleted along with the connector space object
/// after a connector space object has been disconnected from a metaverse object during inbound
/// synchronization. The Identity Integration Server calls this method when an object deletion rule,
/// which was configured in Identity Manager to use a rules extension, is triggered.
/// </summary>
/// <param name="csentry"></param>
/// <param name="mventry"></param>
/// <returns></returns>
bool IMVSynchronization.ShouldDeleteFromMV(CSEntry csentry, MVEntry mventry)
{
throw new EntryPointNotImplementedException();
}
/// <summary>
/// The MapAttributesForExport method is called to map attributes from a metaverse entry to a connector space entry.
/// </summary>
/// <param name="FlowRuleName">
/// Contains the name of the flow rule. You must use only alphanumeric characters for the FlowRuleName parameter,
/// otherwise you can encounter problems in a rules extension.
/// Note: Flow rules are not executed in the order shown in Identity Manager.
/// Identity Integration Server uses these rules according to the state of the metaverse object.
/// Configure your rules based on the state of the object rather than the rules being called in a predetermined order.
/// </param>
/// <param name="mventry">Contains an MVEntry object that represents the source metaverse entry.</param>
/// <param name="csentry">Contains a CSEntry object that represents the destination connector space entry.</param>
/// <remarks>
/// This method is called when:
/// - the export flow rules do not overlap with the import flow rules or
/// - if the source attribute has a precedence greater than or equal to the precedence of the overlapping import flow rule.
/// Management agent precedence is set in Metaverse Designer.
/// </remarks>
void IMASynchronization.MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry)
{
string ruleName;
string mvAttribute;
string csAttribute;
switch (FlowRuleName)
{
case "GetDomain:distinguishedName,domain":
// This flow rule is to correctly populate the ProfileIdentifier attribute in the SharePoint Connectorspace object.
try
{
GetFlowRuleParameters(FlowRuleName, out ruleName, out mvAttribute, out csAttribute);
// TODO: ComesFromID helps us not initializing the domain property if the account comes from LDAP.
// It does not help however in the cases of claim based accounts when the domain cannot be importe back
// with full import. We need another way to create account names.
string domain = GetDomainValue(mventry[mvAttribute].Value);
if (string.IsNullOrEmpty(domain))
{
/*
if (csentry[csAttribute].IsPresent)
{
csentry[csAttribute].Values.Clear();
}
*/
}
else
{
csentry["ProfileIdentifier"].Value = domain + "\\" + mventry["accountName"].Value;
}
}
catch (Exception e)
{
// For some reason the date was not able to be converted and
// an exception occured. Throw decline of mapping which will
// either use a lower precedence mapping or will
// skip the mapping for this attribute.
// However, it will not stop the run.
// throw new DeclineMappingException();
throw new UnexpectedDataException("Error while processing Set-SPS-ProfileIdentifier-Out rule extension: " + e.ToString(), e);
}
break;
case "GetDisplayName:displayName,PreferredName":
try
{
GetFlowRuleParameters(FlowRuleName, out ruleName, out mvAttribute, out csAttribute);
// First try to get the name from the designated attribute
string displayName = null;
if (mventry[mvAttribute].IsPresent)
displayName = mventry[mvAttribute].Value.Trim();
if (string.IsNullOrEmpty(displayName))
{
// The attribute is NULL. Get the name from the distinguishedName.
displayName = GetDisplayNameFromDistinguishedName(mventry["distinguishedName"].Value);
}
if (string.IsNullOrEmpty(displayName))
{
if (csentry[csAttribute].IsPresent)
{
csentry[csAttribute].Values.Clear();
}
}
else
{
csentry[csAttribute].Value = displayName;
}
}
catch (Exception)
{
// For some reason the date was not able to be converted and
// an exception occured. Throw decline of mapping which will
// either use a lower precedence mapping or will
// skip the mapping for this attribute.
// However, it will not stop the run.
throw new DeclineMappingException();
}
break;
}
}
/// <summary>
/// The MapAttributesForImport method is called to map attributes from a connector space entry to a metaverse entry.
/// </summary>
/// <param name="FlowRuleName">Contains the name of the flow rule. You must use only alphanumeric characters for the FlowRuleName parameter, otherwise you can encounter problems in a rules extension.</param>
/// <param name="csentry">Contains a CSEntry object that represents the source connector space entry.</param>
/// <param name="mventry">Contains an MVEntry object that represents the destination metaverse entry.</param>
void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
{
string ruleName;
string csAttribute;
string mvAttribute;
switch (FlowRuleName)
{
case "DomainSIDToString":
try
{
if (csentry["objectSID"].IsPresent)
{
mventry["stringSID"].Value = Utils.ConvertSidToString(csentry["objectSID"].BinaryValue);
}
}
catch (Exception e)
{
throw new UnexpectedDataException("Error while processing DomainSIDToString rule extension: " + e.ToString(), e);
}
break;
case "ConvertToString:nCName,nCName":
GetFlowRuleParameters(FlowRuleName, out ruleName, out csAttribute, out mvAttribute);
// Used to convert Reference to string DN
mventry[mvAttribute].Value = csentry[csAttribute].Value.ToString();
break;
case "ProxyAddressesToSipAddress:proxyAddresses,SPS-SipAddress":
// Used to get the Sip Address from the ProxyAddresses attribute
GetFlowRuleParameters(FlowRuleName, out ruleName, out csAttribute, out mvAttribute);
try
{
String[] valueArray;
if (csentry[csAttribute].IsPresent)
{
// Usually proxy address is multivalue, but just in case it is checked here and handled accordingly
if (csentry[csAttribute].IsMultivalued == true)
{
valueArray = csentry[csAttribute].Values.ToStringArray();
}
else
{
valueArray = new String[1] { csentry[csAttribute].Value };
}
foreach (String value in valueArray)
{
if (value.StartsWith("sip:", StringComparison.OrdinalIgnoreCase) == true)
{
mventry[mvAttribute].Value = value.Substring(4); // remove the "sip:"
break;
}
}
}
}
catch (Exception e)
{
throw new UnexpectedDataException("Error while processing ProxyAddressesToSipAddress rule extension: " + e.ToString(), e);
}
break;
}
}
/// <summary>
/// The ResolveJoinSearch method is called when a join rule is configured to use a rules extension to resolve conflicts, and when one or more results from a metaverse search match the values that are generated by the IMASynchronization.MapAttributesForJoin method.
/// </summary>
/// <param name="joinCriteriaName">Contains a string that contains the name of the join criteria. You must use only alphanumeric characters for the joinCriteriaName parameter, otherwise you can encounter problems in a rules extension.</param>
/// <param name="csentry">Contains the CSEntry object that represents the connector space entry that will be joined to the metaverse entry.</param>
/// <param name="rgmventry">Contains an array of MVEntry objects that represent the metaverse entries that match the join operation criteria. On return, the imventry parameter receives the index of the object in this array to which the connector space entry will be joined.</param>
/// <param name="imventry">If the method returns True, this parameter receives the index of the object in the rgmventry parameter to which the connector space entry will be joined.</param>
/// <param name="MVObjectType">Contains a string that contains the name of the metaverse class.</param>
/// <returns></returns>
bool IMASynchronization.ResolveJoinSearch(string joinCriteriaName, CSEntry csentry, MVEntry[] rgmventry, out int imventry, ref string MVObjectType)
{
throw new EntryPointNotImplementedException();
}
/// <summary>
/// The MapAttributesForJoin method generates a list of values based on the CSEntry attribute values that will be used to search the metaverse.
/// </summary>
/// <param name="FlowRuleName">Contains the name of the flow rule. You must use only alphanumeric characters for the FlowRuleName parameter, otherwise you can encounter problems in a rules extension.</param>
/// <param name="csentry">Contains a CSEntry object that represents the connector space entry.</param>
/// <param name="values">Contains a ValueCollection object that receives the list of attribute values generated by this method to be used to search the metaverse.</param>
void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
throw new EntryPointNotImplementedException();
}
/// <summary>
/// The FilterForDisconnection method determines if a connector CSEntry object will be disconnected.
/// A connector space or CSEntry object is disconnected when a delta export matches a filter or if
/// the filter rules are changed and the new filter criteria for disconnecting an object are met.
/// </summary>
/// <param name="csentry">Contains the CSEntry object to which this method applies.</param>
/// <returns>Returns True if the object will be disconnected or False if the object will not be disconnected.</returns>
bool IMASynchronization.FilterForDisconnection(CSEntry csentry)
{
throw new EntryPointNotImplementedException();
}
/// <summary>
/// The ShouldProjectToMV method is called to determine if a new connector space object should be projected to a new metaverse object when the connector space object does not join to an existing metaverse object.
/// </summary>
/// <param name="csentry">Contains a CSEntry object that represents the new connector space entry.</param>
/// <param name="MVObjectType">A String object that, on output, receives the name of the metaverse class to which the connector space entry should be projected.</param>
/// <returns>
/// Returns True if the connector space entry should be projected. The MVObjectType parameter receives the name of the metaverse class to which the connector space entry should be projected.
/// Returns False if the connector space entry should not be projected.
/// </returns>
bool IMASynchronization.ShouldProjectToMV(CSEntry csentry, out string MVObjectType)
{
string sourceObjectDN;
switch (csentry.ObjectType)
{
case "user":
MVObjectType = "Person";
// Cross-forest domain accounts are projected as contacts. They will be flowed to
// to MOSS to establish the cross-forest relationship in order to resolve to
// forest (master) account if user logs in using cross-forest (subordinate) account.
if (csentry["msDS-SourceObjectDN"].IsPresent)
{
sourceObjectDN = csentry["msDS-SourceObjectDN"].Value;
if ((!String.IsNullOrEmpty(sourceObjectDN)) &&
(sourceObjectDN != csentry.DN.ToString()))
{
MVObjectType = "contact";
}
}
break;
case "group":
MVObjectType = "group";
// Ignore groups for which hideDLMembership == true
if (csentry["hideDLMembership"].IsPresent)
{
Attrib attribute = csentry["hideDLMembership"];
if (attribute != null && attribute.IsPresent && attribute.BooleanValue)
{
return false;
}
}
break;
case "contact":
MVObjectType = "contact";
// Ignore contacts without sourceObjectDN or self-referencing ones
sourceObjectDN = csentry["msDS-SourceObjectDN"].Value;
if (String.IsNullOrEmpty(sourceObjectDN) || String.Compare(sourceObjectDN, csentry.DN.ToString(), StringComparison.OrdinalIgnoreCase) == 0)
return false;
break;
default:
throw new UnexpectedDataException("Unsupported object type - " + csentry.ObjectType);
}
return true;
}
public static extern int InitJSEngine(JSErrorReporter er, CSEntry csEntry, JSNative req, OnObjCollected onObjCollected);
/// <summary>
/// The Deprovision method is called when a metaverse entry is deleted and the
/// connector space entries connected to the metaverse entry become disconnector objects.
/// </summary>
/// <param name="csentry">Contains a CSEntry object that represents the connector space entry that was connected to the deleted metaverse entry.</param>
/// <returns>Returns one of the DeprovisionAction values that determines which action should be taken on the connector space entry.</returns>
DeprovisionAction IMASynchronization.Deprovision(CSEntry csentry)
{
throw new EntryPointNotImplementedException();
}