This sample code is intended to enable AD connector (version prior to 9.1) to delete users that are eSSO enabled. Currently the connector cannot handle the scenario when eSSO stores the users configuration data under the respective user object. The code provided can enhance the connector to delete the leafs associated with the user, enabling the default connector code to delete the user object.
Please note that this issue has been addressed in the 9.1 version of the AD connector by adding the parameter isUserDeleteLeafNode in the IT Resource. By enabling this parameter, the delete operation will use the TreeDeleteControl (1.2.840.113556.1.4.805) to delete all the sub-leafs in one operation.
This fix is done for Bug 6407478 DEPROVISIONING OF AD USER RESOURCE FAILS WHEN THE USER OBJECT HAS LEAF NODES
Software Requirements/Prerequisites
To compile the code Java JDK is needed, the same as the JDK used by the Application Server running OIM.
The ADESSOExtension class from this example extends com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks class from the default AD connector, overriding deleteUser method.
1. Create the following folders in your development workspace:
OIM_AD_ESSO
OIM_AD_ESSO/com/custom/AD
OID_AD_ESSO/lib
2. Create the file ADESSOExtension.java in OIM_AD_ESSO/com/custom/AD
3. Copy xliActiveDirectory.jar and xlVO.jar to OIM_AD_ESSO/lib
(the files can be found under current Xellerate home directory)
4. Review the java file and compile it with the command (run the command from OIM_AD_ESSO folder)
javac -classpath lib/xliActiveDirectory.jar;lib/xlVO.jar com/custom/AD/*
5. Build a JAR file containing the class:
jar cvf ad_esso.jar com
6. Copy the JAR file created to OIM_HOME/xellerate/JavaTasks
To configure the adapter to call the custom code perform the following actions:
1. Open Design Console and search for the adapter (AD Delete User) in Adapter Manager
2. Add a Java Task before "Delete user" task
2.1 Functional Task-> Java -> New Object Instance
2.2 Set task name as "Delete Leafs"
2.3 Select API Source as JavaTaskJar:ad_esso.jar
2.4 Select Method as com.custom.AD.ADESSOExtension.deleteUser(....) and click Save
2.5 Map constructor parameters as Adapter Variables -> ADServer (your resource name) in the order:
Server Address,RootContext, Admin FQDN,Admin Password,UseSSL,SSL Port Number,TargetLocale Language, TargetLocale Country
2.6 Map the method parameters as:
Output: Adapter Variables->Return Variable
Input: Adapter Task->Get Hierarchy
Input: Adapter Task->Get User Object Name
3. Save the adapter and re-build it
This sample code is provided for educational purposes only and not supported by Oracle Support Services. It has been tested internally, however, and works as documented. We do not guarantee that it will work for you, so be sure to test it in your environment before relying on it.
Proofread this sample code before using it! Due to the differences in the way text editors, e-mail packages and operating systems handle text formatting (spaces, tabs and carriage returns), this sample code may not be in an executable state when you first receive it. Check over the sample code to ensure that errors of this type are corrected.
package com.custom.AD;
import java.util.Vector;
import java.util.logging.Logger;
public class ADESSOExtension extends com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks {
public static Logger logger = Logger.getLogger("XL_INTG.ACTIVEDIRECTORY");
public ADESSOExtension(String ad_server, String rootcon, String princDN,
String p_password, String pbSSL, String sslPort, String language,
String country) throws Exception {
super(ad_server,
rootcon,
princDN,
p_password,
pbSSL,
sslPort,
language,
country
);
}
public boolean deleteUser(String hierarchy, String username) throws Exception {
hierarchy = checkHierarchy(hierarchy);
Vector v = getObjects("cn="+username + "," + "cn="+username + "," + hierarchy);
logger.info("Found " + v.size() + " leafs...");
for (int i=v.size()-1;i>-1;i--){
logger.info("Found leaf: " + v.get(i).toString());
String name = v.get(i).toString();
if (!"".equals(name.trim()) && name.length()>3){
super.deleteUser("cn="+username + "," + "cn="+username + "," + hierarchy,name.substring(3));
}
}
super.deleteUser("cn="+username + "," + hierarchy,username);
return true;
}
}
Code Output
23:02:21,515 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\SupportTools\
23:02:24,937 INFO [STDOUT] Dec 3, 2007 11:02:24 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found 5 leafs...
23:02:25,031 INFO [STDOUT] Dec 3, 2007 11:02:25 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found leaf:
23:02:25,125 INFO [STDOUT] Dec 3, 2007 11:02:25 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found leaf: CN=D4B13D82-9279-4A89-AEEA-802FDDD45B87
23:02:25,218 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
23:02:28,406 INFO [STDOUT] Dec 3, 2007 11:02:28 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found leaf: CN=SSOProvisioning
23:02:28,500 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
23:02:31,703 INFO [STDOUT] Dec 3, 2007 11:02:31 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found leaf: CN=SyncState
23:02:31,796 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
23:02:37,468 INFO [STDOUT] Dec 3, 2007 11:02:37 PM com.custom.AD.ADESSOExtensio n deleteUser
INFO: Found leaf: CN=208a5b4e-1c22-4cba-8f56-364ee6c126e3
23:02:37,578 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
23:02:40,875 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
23:02:45,906 INFO [STDOUT] Running Delete User
23:02:45,937 INFO [ACTIVEDIRECTORY] Certificate Path::C:\Program Files\Support Tools\
