Discussion:
Usage of For:Each Connector/Loop
(too old to reply)
PM
2020-04-30 01:31:41 UTC
Permalink
Hello ,

I am trying to design an AL where the requirement is as follows :

1. Take the AD role name from a csv file . Say there are 100 role names .
2. Fetch all role DN from LDAP . Altogether or one by one ?
3. Search on Person node on LDAP for all people who have the role ( or role DN ) as one their roles .
4. Remove the role from all people who have the role .

I am having difficulties designing the AL .

Please help me build the AL and also what connectors are suited best to serve this requirement . Is For:Each connector good for this requirement ?

Happy to help with more information .

Thanks
Franzw
2020-05-01 06:15:42 UTC
Permalink
Post by PM
Hello ,
1. Take the AD role name from a csv file . Say there are 100 role names .
2. Fetch all role DN from LDAP . Altogether or one by one ?
3. Search on Person node on LDAP for all people who have the role ( or role DN ) as one their roles .
4. Remove the role from all people who have the role .
I am having difficulties designing the AL .
Please help me build the AL and also what connectors are suited best to serve this requirement . Is For:Each connector good for this requirement ?
Happy to help with more information .
Thanks
Please - you are not giving all relevant information - you are talking about roles/persons and ldap - so this is PROBABLY ISIM related - but we cannot know.

In general your flow should be :

1.iterate over the rolesnames in AD (ldap iterator)
in the data section :
2.look up the role in ldap (ISIM?) (ldap lookup)
3.lookup member of the role (connector loop - ldap lookup)
4.foreach person remove the role

The last operation is not a single operation - it can either be performed using APIs or using the DSMLV2 Connector in update mode (HRFeed logic) and you may need to lookup/build the necessary data for this. Personally I normally "just" reuse my HRFeed logic as it is the simplest.

If this is ISIM - you should NOT remove the role from a person using ldap operation - that will not trigger the ISIM workflows as needed - but Java APPS or WS (SOAP) will.

HTH
Regards
Franz Wolfhagen

Loading...