-
Notifications
You must be signed in to change notification settings - Fork 5
Sample rules
The samples below shows different ways of using the flow rules to construct advanced flow of data between connector space and metaverse objects.
This rule can be used with the AD MA to import the create date (whenCreated) from Active Directory and convert that specific date to a FIM/MIM usable format
<FlowRule Name="whenCreated" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="whenCreated" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="FormatDate" DateType="DateTime" FromFormat="yyyyMMddHHmmss.0Z" ToFormat="yyyy-MM-ddTHH:mm:ss.000"/>
</Transforms>
</Source>
</SourceExpression>
<Target Name="adWhenCreated" ActionOnNullSource="Delete" />
</FlowRule>This rule can check whether the lastLogonTimeStamp is within the last 90 days.
<FlowRule Name="isexpired" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="lastLogonTimeStamp" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="FormatDate" DateType="FileTimeUTC" ToFormat="yyyy-MM-dd hh:MM:ss"/>
<Transform xsi:type="IsBeforeOrAfter" AddDays="90" Relativity="After" />
<Transform xsi:type="RegexReplace" Pattern="^$" Replacement="true" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="isExpired" ActionOnNullSource="SetDefault" DefaultValue="1" />
</FlowRule>This rule can be used with the AD MA to import the lastLogonTimeStamp attribute in Active Directory and convert this to a readable datetime format.
<FlowRule Name="LastLogonTime" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="lastLogonTimeStamp" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="FormatDate" DateType="FileTimeUTC" ToFormat="yyyy-MM-dd hh:MM:ss"/>
</Transforms>
</Source>
</SourceExpression>
<Target Name="lastLogonTime" ActionOnNullSource="Delete" />
</FlowRule>This rule converts the filetime from Active Directory's attribute accountExpires to a date that can be used in the FIM Service
<FlowRule Name="accountExpires" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="accountExpires" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="RegexReplace" Pattern="^0$" Replacement="148001472000000000" />
<!-- 0 is never so convert to highest FIM date 2069-12-31 / 148001472000000000 -->
<Transform xsi:type="RegexReplace" Pattern="^9223372036854775807$" Replacement="148001472000000000" />
<!-- 9223372036854775807 is never so convert to highest FIM date 2069-12-31 / 148001472000000000 -->
<Transform xsi:type="FormatDate" DateType="FileTimeUTC" ToFormat="yyyy-MM-ddTHH:mm:ss.000"/>
</Transforms>
</Source>
</SourceExpression>
<Target Name="accountExpires" ActionOnNullSource="Delete" />
</FlowRule>This rule replaces text in DN to extract domain name
<FlowRule Name="Domain" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="[DN]" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="ReplaceBefore" IndexOf="DC=" ReplaceValue="" />
<Transform xsi:type="RegexReplace" Pattern="^DC\=emea.+" Replacement="emea" />
<Transform xsi:type="RegexReplace" Pattern="^DC\=asia.+" Replacement="asia" />
<Transform xsi:type="RegexReplace" Pattern="^DC\=america.+" Replacement="america" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="domain" ActionOnNullSource="Delete" />
</FlowRule>This rule looks up the managers metaverse object from the value in 'managerAsString' and extracts the mail from the found metaverse object (the manager) and flow that value to the description attribute on the CS object. If no metaverse object is found, the description attribute is cleared.
<FlowRule Name="ManagerEMail" Direction="Export" xsi:type="FlowRule">
<SourceExpression>
<Source Name="managerAsString" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="LookupMVValue" LookupAttributeName="accountName" ExtractValueFromAttribute="mail" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="description" ActionOnNullSource="Delete" />
</FlowRule>The same transform '[LookupMVValue]' as above is used in the example below to lookup the manager in the metaverse from his username and convert that to a reference value that can be flowed to the 'manager' attribute in Active Directory. Please notice the value of the ExtractValueFromAttribute has the special value of '{"[DN]"}' which means - get the DN for the connected MA specified in the attribute 'MAName'.
<FlowRule Name="ManagerFromString" Direction="Export" xsi:type="FlowRule">
<SourceExpression>
<Source Name="managerAsString" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="LookupMVValue" LookupAttributeName="accountName" ExtractValueFromAttribute="[DN]" MAName="inceptio.local"/>
</Transforms>
</Source>
</SourceExpression>
<Target Name="manager" ActionOnNullSource="Delete" />
</FlowRule>This flow rule extracts the time of connection between the CS object and the metaverse object. Can be useful for taking different action on specific objects. The time is normally stored on the format '2015-11-18T14:59:56.000' needed for the FIM Service. You can do transforms to get another format.
<FlowRule Name="ConnectionChangeTime" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="[ConnectionChangeTime]" xsi:type="Attribute"/>
</SourceExpression>
<Target Name="peopleConnectionTime" ActionOnNullSource="Delete" />
</FlowRule>This rule flow the value 'Active' or 'Inactive' to the metaverse attribute 'isActiveText' depending on whether the user is enabled or disabled in Active Directory - by examining bit 1 in the attribute 'userAccountControl'.
<FlowRule Name="IsActiveText" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="userAccountControl" xsi:type="Attribute"/>
</SourceExpression>
<Target Name="isActiveText" ActionOnNullSource="Delete">
<Transforms>
<Transform xsi:type="IsBitSet" BitPosition="1"/>
<Transform xsi:type="Replace" OldValue="True" NewValue="Inactive"/>
<Transform xsi:type="Replace" OldValue="False" NewValue="Active"/>
</Transforms>
</Target>This rule imports an Active Directory objects SID and converts it to a string
<FlowRule Name="AccountSidToString" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="objectSid" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="SIDToString" SIDType="AccountSid" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="objectSidAsString" ActionOnNullSource="Delete" />
</FlowRule>This rule imports the objectGuid from an Active Directory object and converts it to a string version of a GUID.
<FlowRule Name="GUIDToString" Direction="Import" xsi:type="FlowRule">
<SourceExpression>
<Source Name="objectGUID" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="Base64ToGUID" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="objectGuidAsString" ActionOnNullSource="Delete" />
</FlowRule>This may not be a practical sample but show how to use conditions to only apply a flow rule to certain objects. This rule will turn accountname to all uppercase for all persons who's department is either Sales or Purchase and is located in either Beijing or New York.
<FlowRule Name="AccountName" Direction="Export" xsi:type="FlowRule">
<Conditions Operator="Or">
<Condition xsi:type="ObjectClassMatch" Source="CSEntry" Target="MVEntry" Pattern="^person" />
<Condition xsi:type="SubCondition" Operator="And">
<Condition xsi:type="SourceValueMatch" Source="MVEntry" AttributeName="company" Pattern="^Sales|Purchase$" />
<Condition xsi:type="SourceValueMatch" Source="MVEntry" AttributeName="city" Pattern="^Beijing|New York$" />
</Condition>
</Conditions>
<SourceExpression>
<Source Name="AccountName" xsi:type="Attribute">
<Transforms>
<Transform xsi:type="ToUpper"/>
</Transforms>
</Source>
</SourceExpression>
<Target Name="sAMAccountName" ActionOnNullSource="None" />
</FlowRule>This rule sets bit 2 in the existing userAccountControl in the connector space on export, if the isActive metaverse attribute is false. Notice the RetrieveFrom attribute on the Source element, that specifies that the value to transfrom should come from the CS and not from the MV, even though this is an export rule.
<FlowRule Name="UserAccountControl" Direction="Export" xsi:type="FlowRule">
<Conditions Operator="And">
<Condition xsi:type="SourceValueMatch" Source="MVEntry" AttributeName="isActive" Pattern="^false$" />
</Conditions>
<SourceExpression>
<Source Name="userAccountControl" xsi:type="Attribute" RetrieveFrom="CS">
<Transforms>
<Transform xsi:type="SetBit" BitPosition="1" Value="true" />
</Transforms>
</Source>
</SourceExpression>
<Target Name="userAccountControl" ActionOnNullSource="None" />
</FlowRule>This rule is specified twice but with different conditions. If the user has a True value in the 'isCrmUser' attribute then the first rule is applied and the mobile number is exported. However, if the user does not have a True value in the 'isCrmUser' attribute then the second rule is applied and the mobile number is cleared (deleted) on export.
<!-- mobile begin -->
<FlowRule Name="Mobile" Direction="Export" xsi:type="FlowRule">
<Conditions Operator="Or">
<Condition xsi:type="SourceValueMatch" Source="MVEntry" AttributeName="isCrmUser" Pattern="^True" />
</Conditions>
<SourceExpression>
<Source Name="mobile" xsi:type="Attribute">
<Transforms/>
</Source>
</SourceExpression>
<Target Name="MobilePhone" ActionOnNullSource="Delete" DefaultValue="true"/>
</FlowRule>
<FlowRule Name="Mobile" Direction="Export" xsi:type="FlowRule">
<Conditions Operator="Or">
<Condition xsi:type="SourceValueNotMatch" Source="MVEntry" AttributeName="isCrmUser" Pattern="^True" />
</Conditions>
<SourceExpression>
<Source xsi:type="Constant" Value=""/>
</SourceExpression>
<Target Name="MobilePhone" ActionOnNullSource="Delete" DefaultValue=""/>
</FlowRule>
<!-- mobile end -->Get the latest release here (https://github.com/sorengranfeldt/mare/releases)