public void Provision(MVEntry mventry)
{
foreach (var provRule in _provRules)
{
if (provRule.SourceObject != mventry.ObjectType)
{
continue;
}
bool passes = ProvisionEval.PassesCondition(provRule, mventry);
if (passes)
{
if (mventry.ConnectedMAs[provRule.Agent].Connectors.Count < 1)
{
//Provision
CSEntry csentry =
mventry.ConnectedMAs[provRule.Agent].Connectors.StartNewConnector(provRule.TargetObject);
ProvisionEval.ApplyInitialFlows(provRule, csentry, mventry);
csentry.CommitNewConnector();
}
}
else if (provRule.Deprovision)
{
mventry.ConnectedMAs[provRule.Agent].Connectors.DeprovisionAll();
}
}
}
public void Provision(MVEntry mventry)
{
CSEntry csentry = mventry.ConnectedMAs[MAName].Connectors.StartNewConnector(
ProvisionedObjectType);
foreach (var provisionSetter in SimpleAttributeSetters)
{
csentry[provisionSetter.CSAttribute].Value = mventry[provisionSetter.MVAttribute].Value;
}
foreach (AdvancedAttributeSetter attributeSetter in AdvancedAttributeSetters)
{
string value = AttributeFormatter.FormatValue(mventry, attributeSetter.ReplaceFormat);
if (attributeSetter.CSAttribute.ToLower() == "dn")
{
csentry.DN = mventry.ConnectedMAs[MAName].CreateDN(value);
}
else
{
csentry[attributeSetter.CSAttribute].Value = value;
}
}
csentry.CommitNewConnector();
}
public void Provision(MVEntry mventry)
{
string maName = "ADMA";
ManagementAgent ma = mventry.ConnectedMAs[maName];
//begin changes
if (mventry.ConnectedMAs[maName].Connectors.Count == 0)
{
//provision new AD object
if (mventry["uid"].IsPresent && mventry["accountName"].IsPresent && mventry["ou"].IsPresent)
{
string cn = string.Format("CN={0}", mventry["uid"].StringValue);
ReferenceValue dn = mventry.ConnectedMAs[maName].EscapeDNComponent(cn).Concat(mventry["ou"].StringValue);
CSEntry adCSentry = mventry.ConnectedMAs[maName].Connectors.StartNewConnector("user");
adCSentry.DN = dn;
string pwd = GenerateRandomString(32);
adCSentry["unicodePwd"].Value = pwd;
//Log.Debug(pwd);
adCSentry["SamAccountName"].StringValue = mventry["AccountName"].StringValue;
adCSentry.CommitNewConnector();
}
}
else
{
//rename existing AD object
CSEntry adCSentry = mventry.ConnectedMAs[maName].Connectors.ByIndex[0];
ReferenceValue newDn = mventry.ConnectedMAs[maName].EscapeDNComponent(string.Format("Cn={0}", mventry["uid"].StringValue)).Concat(mventry["ou"].StringValue);
adCSentry.DN = newDn;
}
}
void IMVSynchronization.Provision(MVEntry mventry)
{
//get our provisioning ma from the db
string provisioningMAName = FIMConfiguration.GetProvisioningMA()["ma_name"].ToString();
XmlDocument xmldoc = FIMConfiguration.GetConfigXML(provisioningMAName, "private_configuration_xml");
XmlNodeList attributes = xmldoc.SelectNodes("//MAConfig/parameter-values/parameter");
//loop through each MA/object type selected
foreach (XmlNode attrib in attributes)
{
string param = attrib.Attributes["name"].Value;
string maName = param.Substring(0, param.LastIndexOf(" - "));
string objectType = param.Substring(param.LastIndexOf(" - ") + 3);
//if enabled, provision it
if (attrib.InnerText.Equals("1"))
{
//our ma has been enabled for provisioning, create a new csentry and add initial flows
ConnectedMA ma = mventry.ConnectedMAs[maName];
if (ma.Connectors.Count == 0)
{
CSEntry csentry = ma.Connectors.StartNewConnector(objectType);
//go and get the real anchor info, our provisioning ma
//uses a generic anchor to ensure tha flows can be
//defined for the actual anchor
XmlDocument maSchemaConfig = FIMConfiguration.GetConfigXML(maName, "dn_construction_xml");
XmlNode maSchemaRoot = maSchemaConfig.FirstChild;
//get dn for the object
List <string> anchors = new List <string>();
if (maSchemaRoot.FirstChild.Name.Equals("attribute", StringComparison.InvariantCultureIgnoreCase))
{
XmlNodeList anchorList = maSchemaConfig.SelectNodes("//dn-construction/attribute");
foreach (XmlNode anchor in anchorList)
{
anchors.Add(anchor.InnerText);
}
}
else
{
XmlNodeList anchorList = maSchemaConfig.SelectNodes("//dn-construction/dn[@object-type='" + objectType + "']/attribute");
foreach (XmlNode anchor in anchorList)
{
anchors.Add(anchor.InnerText);
}
}
//our export schema defines the initial attributes to flow
XmlDocument xmlFlows = FIMConfiguration.GetConfigXML(provisioningMAName, "export_attribute_flow_xml");
XmlNodeList flows = xmlFlows.SelectNodes("//export-attribute-flow/export-flow-set[@cd-object-type='" + maName + "']/export-flow");
foreach (XmlNode flow in flows)
{
//get the mapping for each flow defined and provision an initial flow
string csAttribName = flow.Attributes["cd-attribute"].Value;
csAttribName = csAttribName.Substring(csAttribName.LastIndexOf(" - ") + 3);
XmlNode mappingNode = flow.FirstChild;
string mappingType = mappingNode.Name;
string flowValue = null;
ValueCollection flowValues = null;
switch (mappingType)
{
case "direct-mapping":
string mvAttribName = mappingNode.FirstChild.InnerText;
if (mventry[mvAttribName].IsPresent)
{
if (mventry[mvAttribName].IsMultivalued)
{
flowValues = mventry[mvAttribName].Values;
}
else
{
//TODO: convert this to its proper type if necessary (i.e. int, boolean, etc)
flowValue = mventry[mvAttribName].Value;
}
}
break;
case "constant-mapping":
flowValue = mappingNode.FirstChild.InnerText;
break;
case "scripted-mapping":
break;
default:
throw new Exception("Unexpected mapping type encountered. Only Direct, Constant and Advanced/Scripted flows are allowed. Check flow rules and try again.");
}
if (flowValue != null || flowValues != null)
{
//calc dn if necessary
if (csAttribName.Equals("dn", StringComparison.InvariantCultureIgnoreCase))
{
//are we safe to assume that if we are calculating dn, we must
//be using flowValue and not flowValues?
string rdn = flowValue.ToString();
ReferenceValue dn = ma.EscapeDNComponent(rdn);
csentry.DN = dn;
}
else
{
try
{
if (flowValue != null)
{
csentry[csAttribName].Values.Add(flowValue);
}
else if (flowValues != null)
{
csentry[csAttribName].Values.Add(flowValues);
}
}
catch (InvalidOperationException ex)
{
if (!ex.Message.Equals("attribute " + csAttribName + " is read-only", StringComparison.InvariantCultureIgnoreCase))
{
throw;
}
else
{
//our anchor attribute is read only, set a temporary dn
if (anchors.Contains(csAttribName))
{
ReferenceValue dn = ma.EscapeDNComponent(Guid.NewGuid().ToString());
csentry.DN = dn;
}
}
}
}
}
}
//do we want to throw an error now if any writeable anchor attributes have not been set??
//otherwise they will get one on export, we will leave it that way for now
csentry.CommitNewConnector();
}
}
}
}
void IMVSynchronization.Provision(MVEntry mventry)
{
switch (mventry.ObjectType.ToLower())
{
//Person - MV Object type to scope provision of contoso users to the GALSync domain, as contact objects, under the "ExternalContacts" OU
#region case "person":
case "person":
{
bool bContactsConnected = false; // reset our boolean
bool bProv = false;
if (mventry["mail"].IsPresent) bProv = true;
maContacts = mventry.ConnectedMAs["GALSync"]; //Declares MA to Provisions
int iNumConnectorsContacts = maContacts.Connectors.Count; // count our connectors to this MA
if (bProv)
{
if (iNumConnectorsContacts > 0) bContactsConnected = true;
RDN = "CN=" + mventry["cn"].Value + ",OU=ExternalContacts" + ",DC=GALSync,DC=com";
targetDN = maContacts.CreateDN(RDN); //Created the CS DN
if (!(bContactsConnected)) //If not found while iNumConnectorsContacts
{
CSEntry = maContacts.Connectors.StartNewConnector("contact"); //Starts a new connector
CSEntry.DN = targetDN; //Sets the CS DN from targetDN
CSEntry["targetAddress"].Value = mventry["mail"].Value; //flows mail attribute MV > CS
CSEntry.CommitNewConnector(); //commits the connector to cs db
}
}
break;
}
#endregion case "person"
//GALSyncPerson - MV Obkect type to scope provision of external contacts from the GALSync.com domain to AD in Contoso under the "ExternalContacts" OU
#region case "GalSyncPerson":
case galsyncperson":
{
bool bContactsConnected = false; // reset our boolean
bool bProv = false;
if (mventry["mail"].IsPresent) bProv = true;
maContacts = mventry.ConnectedMAs["AD MA"]; //Declares MA to Provisions
int iNumConnectorsContacts = maContacts.Connectors.Count; // count our connectors to this MA
if (bProv)
{
if (iNumConnectorsContacts > 0) bContactsConnected = true;
RDN = "CN=" + mventry["cn"].Value + ",OU=ExternalContacts" + ",DC=Contoso,DC=com";
targetDN = maContacts.CreateDN(RDN); //Created the CS DN
if (!(bContactsConnected)) //If not found while iNumConnectorsContacts
{
CSEntry = maContacts.Connectors.StartNewConnector("contact"); //Starts a new connector
CSEntry.DN = targetDN; //Sets the CS DN from targetDN
CSEntry["targetAddress"].Value = mventry["mail"].Value; //flows mail attribute MV > CS
CSEntry.CommitNewConnector(); //commits the connector to cs db
}
}
break;
}
#endregion case "GalSyncPerson"
}
}
void ProvisionUPSA(MVEntry mventry, string MA_name)
{
var attr_map = new Dictionary <string, string>()
{
{ "accountName", "AccountName" },
{ "department", "Department" },
{ "displayName", "UserName" },
{ "mail", "WorkEmail" },
{ "objectSid", "SID" },
{ "lastName", "LastName" },
{ "firstName", "FirstName" },
{ "telephoneNumber", "WorkPhone" },
};
ConnectedMA ManagementAgent = mventry.ConnectedMAs[MA_name];
int Connectors = ManagementAgent.Connectors.Count;
if (0 == Connectors && mventry.ObjectType.Equals("person", StringComparison.OrdinalIgnoreCase))
{
if (mventry["accountName"].IsPresent)
{
string anchor = mventry["accountName"].Value;
CSEntry csentry = ManagementAgent.Connectors.StartNewConnector("user");
AttributeNameEnumerator iter = mventry.GetEnumerator();
while (iter.MoveNext())
{
string CS_AttrName;
if (attr_map.TryGetValue(iter.Current, out CS_AttrName))
{
csentry[CS_AttrName].Value = mventry[iter.Current].Value;
}
}
csentry["Anchor"].Value = anchor;
csentry.CommitNewConnector();
}
}
if (mventry.ObjectType.ToLower() == "group" && 0 == Connectors)
{
try
{
if (mventry["accountName"].IsPresent)
{
string anchor = mventry["accountName"].Value;
CSEntry csentry = ManagementAgent.Connectors.StartNewConnector("group");
csentry["Anchor"].Value = anchor;
csentry.CommitNewConnector();
}
}
catch (ObjectAlreadyExistsException)
{
// Suppress the exception when an object exists with same distinguished name in the connector space.
// The object should join on the next inbound synchronization run
}
}
if (mventry.ObjectType.ToLower() == "contact" && 0 == Connectors)
{
try
{
if (mventry["sAMAccountName"].IsPresent)
{
string anchor = mventry["sAMAccountName"].Value;
CSEntry csentry = ManagementAgent.Connectors.StartNewConnector("contact");
csentry["Anchor"].Value = anchor;
csentry.CommitNewConnector();
}
}
catch (ObjectAlreadyExistsException)
{
// Suppress the exception when an object exists with same distinguished name in the connector space.
// The object should join on the next inbound synchronization run
}
}
}