sorengranfeldt / mare Goto Github PK

Hi Søren!
We’re using MARE with an external DLL, which seems to be working fine. However we’ve now had the need arise to use rule extensions for deprovision actions and got a strange error. The wiki page says deprovision is coming in a later version but, that of course hasn’t been updated in a while.

I’ll probably dig into the code myself as well but you might already have an idea.

First of, thank you very much for making MRE and MARE.

I would however really like if MARE would be a bit more like MRE in some regards.

• Ability to choose where rules are located, like in MRE. I like to keep my rules in a separate data directory in non-system partition.
• Ability to give rules and conditions descriptions. Without descriptions colleagues may not be entirely sure of exact purpose of a rule. Not without reading documentation at least, and we all write docs, right?
• Ability to enable/disable individual rules in a file.

I am trying the create user principal name by joining the AccountName with a domain name. Example:
The AccountName is "Jsmith" and the domain "domain1.com"
the result should be "[email protected]"

How can I achieve that?
Thanks

Hello.

AD defines group scope and type in one attribute; groupType.

Security and Distribution types have three values each. This is quite simple to achieve with a RegexIsMatch transform.

<Transform xsi:type="RegexIsMatch" Pattern="^(2|4|8)$" TrueValue="Distribution" FalseValue="Security" />

But I hit a wall trying to figure out how to transform the six possible values into three types; DomainLocal, Global and Universal. The only way I could think of is to make multiple flow rules with a SourceValueMatch condition. Surely this should be achievable in a single rule?

If I place my 'FIM.MARE.config.xml' file in the [fim]\Extensions Directory with the DLL, I get an error that the dll can not be instantiated. It's OK, I can move the config-file, but the documentation tells me it should be in the same directory as the DLL, or has that changed ??

Currently it’s possible to use the bit handling transforms for the specific bits from the useraccountcontrol field. So you can import this values specific bit by bit. This works great!
The request is: is it possible to export only 1 bit to the current value of the useraccountcontrol value in AD? I like to accomplish the export rule as detailed in the following blog, only then not with sync rules but with mare: https://blogs.msdn.microsoft.com/connector_space/2015/05/22/understanding-useraccountcontrol-management-with-fim/

In the documentation I found you can apply the setbit transform only on a source value. Is there a way to use an attribute from the target side as source? Or is there another way to achieve the goal?





<< retrieve this from the CS in an export rule?

I tried to flow a combination of a static value and a concatenate of a multivalue to one attribute in Active Directory. So it seems the multivalueconcatenate transforms wiped the first static value. Maybe this is a bug?

The result of the flowrule below is only the transform value of the second source. The first static value is ignored to the target.

When I change the order of the sources, the flowrule returns both values to the target.. See rule below.

Dear team, I want remove all attributes from a multivalue attribute that not match a specific Pattern
But I Found that do this are inverted
IF i use MultiValueRemoveIfNotMatch it remove all values within the pattern
<FlowRule Name="employeetype" Direction="Import" xsi:type="FlowRule"> <SourceExpression> <Source Name="ou" xsi:type="MultiValueAttribute"> <Transforms> <Transform xsi:type="MultiValueRemoveIfNotMatch" Pattern="^.*(dipendenti|esterni|registered|alum|studenti).*$" /> <Transform xsi:type="MultiValueConcatenate" Separator="|" /> </Transforms> </Source> </SourceExpression> <Target Name="employeeType" ActionOnNullSource="SetDefault" DefaultValue="n/a" /> </FlowRule>

If I use MultiValueRemoveIfMatch it works correct and keep only values in the pattern.

Create Interface to allow for a coded transform to be loaded from own DLL library with library of transforms

Hi,
In a import flow rule, is there a way to merge values from multiple attributes, into a single multi-value attribute?
I tried something like the following, but source attributes are concatenated into a single string.

<FlowRule Name="MyFlowRule" Direction="Import" xsi:type="FlowRule">
  <SourceExpression>
    <Source xsi:type="Attribute" Name="mailAddr1" />
    <Source xsi:type="Attribute" Name="mailAddr2" />
    <Source xsi:type="Attribute" Name="mailAddr3" />
  </SourceExpression>
  <Target Name="mailAddresses" ActionOnNullSource="None" />
</FlowRule>

Or should I specify somewhere that mailAddresses is a multi-valued attribute?

There's a set of rules I haven't been able to get to work. I am not getting any errors during synchronization either in sync manager, or event log.

The problem is that no membershipAddWorkflow or membershipLocked attributes appear in any metaverse group objects. Other MARE person and group rules I've created appear to work. The attributes do appear if I set them as constants and skip MARE rules entirely.

What could possibly be the problem with these rules? The membershipAddWorkflow in metaverse is a string, whereas membershipLocked in metaverse is a boolean.

        <FlowRule Name="MembershipAddWorkflow" 
            Direction="Import" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="extensionAttribute1" 
                    xsi:type="Attribute">
                </Source>
            </SourceExpression>
            <Target Name="membershipAddWorkflow" 
                ActionOnNullSource="SetDefault" 
                DefaultValue="None" />
        </FlowRule>

        <FlowRule Name="MembershipLocked" 
            Direction="Import" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="extensionAttribute2" 
                    xsi:type="Attribute">
                </Source>
            </SourceExpression>
            <Target Name="membershipLocked" 
                ActionOnNullSource="SetDefault" 
                DefaultValue="0" />
        </FlowRule>

        <FlowRule Name="MembershipAddWorkflow" 
            Direction="Export" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="membershipAddWorkflow" 
                    xsi:type="Attribute">
                </Source>
            </SourceExpression>
            <Target Name="extensionAttribute1" 
                ActionOnNullSource="SetDefault" 
                DefaultValue="None" />
        </FlowRule>

        <FlowRule Name="MembershipLocked" 
            Direction="Export" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="membershipLocked" 
                    xsi:type="Attribute">
                </Source>
            </SourceExpression>
            <Target Name="extensionAttribute2" 
                ActionOnNullSource="SetDefault" 
                DefaultValue="0" />
        </FlowRule>

And here are working MARE rules for groups that I've set.

        <FlowRule Name="GroupScope" 
            Direction="Import" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="groupType" 
                    xsi:type="Attribute" />
            </SourceExpression>
            <Target Name="scope" 
                ActionOnNullSource="Delete">
                <Transforms>
                    <Transform xsi:type="RegexReplace" 
                        Pattern="^(4|\-2147483644)$" 
                        Replacement="DomainLocal" />
                    <Transform xsi:type="RegexReplace" 
                        Pattern="^(2|\-2147483646)$" 
                        Replacement="Global" />
                    <Transform xsi:type="RegexReplace" 
                        Pattern="^(8|\-2147483640)$" 
                        Replacement="Universal" />
                </Transforms>
            </Target>
        </FlowRule>

        <FlowRule Name="GroupType" 
            Direction="Import" 
            xsi:type="FlowRule">
            <SourceExpression>
                <Source Name="groupType" 
                    xsi:type="Attribute" />
            </SourceExpression>
            <Target Name="type" 
                ActionOnNullSource="Delete">
                <Transforms>
                    <Transform xsi:type="RegexReplace" 
                        Pattern="^(\-2147483646|\-2147483644|\-2147483640)$" 
                        Replacement="Security" />
                    <Transform xsi:type="RegexReplace" 
                        Pattern="^(2|4|8)$" 
                        Replacement="Distribution" />
                </Transforms>
            </Target>
        </FlowRule>

AddDays, Minutes, Hours and such
Substract
CompareTo

I set a rule with this XML
<FlowRule Name="ismember" Direction="Import" xsi:type="FlowRule"> <SourceExpression> <Source Name="MVMEMBERSHIP" xsi:type="MultiValueAttribute"> <Transforms> <Transform xsi:type="MultiValueRemoveIfMatch" Pattern="^(member)$" /> <!-- remove all values except member --> <Transform xsi:type="MultiValueConcatenate" Separator="|" /> <!-- convert the value to a single string--> <Transform xsi:type="RegexReplace" Pattern="^$" Replacement="true" /> <!-- If the filed is populated set the flag at true--> </Transforms> </Source> </SourceExpression> <Target Name="FLAGIsMember" ActionOnNullSource="SetDefault" DefaultValue="false" /> </FlowRule>

If the multivalue not contains "member" i receive a nullReference Excpetion in the method

` public class MultiValueConcatenate : Transform
{
[XmlAttribute("Separator")]
public string Separator { get; set; }
public override object Convert(object value)
{
if (value == null) return value;

        string returnValue = null;
        List<object> values = FromValueCollection(value);
        foreach (object val in values)
        {
            Tracer.TraceInformation("source-value {0}", val.ToString());
            returnValue = returnValue + val.ToString() + this.Separator;
        }
        returnValue = returnValue.Substring(0, returnValue.LastIndexOf(this.Separator)); 
        return returnValue;
    }
}

`
at returnValue = returnValue.Substring(0, returnValue.LastIndexOf(this.Separator));

Hi Søren
I’m using your cool FIM.MARE in an Customer Project and we are searching for a Solution to Export the Active Directory AccountExpires Attribute.
I tried to use the Importing Rule as a Sample to Export the EmployeeEndDate to the AccountExpires Attribute in Active Directory but without Success.
I'm not sure if I just did it wrong or if this is not possible at the moment. If it is not possible at the moment, is there a possibility that this will be implemented in a next release?
KR Mario Bader

Hey Soren,

Any chance of adding the Word transform function to MARE?

Many thanks in advance.

Tom

A while ago you added an "EXTERNAL"-feature in MRE to utilize code already existing in 'MVEXTENSION.DLL' (etc). The same feature would be extremely useful in MARE! We have some very complex ruleextensions already defined in exisiting DLLs, and I would like to continue using them but also being able to add new MARE-defined ruleextensions without interrupting the running solution.

I'm working with FIM.MARE and trying to apply a Transform within a Export FlowRule.

<FlowRule Name="ExportSchool" Direction="Export" xsi:type="FlowRule">
  <SourceExpression>
    <Source Name="departmentId" xsi:type="Attribute"> D857
      <Transforms>
        <Transform xsi:type="LookupMVValue" LookupAttributeName="id" ExtractValueFromAttribute="locationId" /> L7891
        <Transform xsi:type="LookupMVValue" LookupAttributeName="id" ExtractValueFromAttribute="Code" /> 7891
      </Transforms>
    </Source>
  </SourceExpression>
	<Target Name="School" ActionOnNullSource="Delete" />
		<Transforms>
		  <Transform xsi:type="Replace" OldValue="7891" NewValue="7891E" />
		</Transforms>
	</Target>
</FlowRule>

I haven't tested the above, but I had the Transform for Replace on the Source instead of the Target and it didn't write a the new Value. My question is does the Replace need a rule above the Replace on whether Code 7891 is True or False, then it will write the new value? Values after # are not in file, just for reference.

Thank you for any insight.