Systems - SSH: Manage users
Introduction
SSH connector is used for communication through SSH protocol. Connector uses CSV files to transfer data between IDM and the connected server. These CSV files must be parsed in scripts specified in the connector configuration. Then the script performs operation required by IDM based on the information provided in CSV. Scripts are stored on the connected server.
Schema
A required schema attribute is
__NAME__
- java.lang.String. Value of this attribute is used in the scripts as "AccountId".
Example CSV files
Get operation - example input of the script:
getUser AccountId user1
Get operation - example output of the script:
AccountId;Name;EmailAddress "user1";"John Doe";"john.doe@domain.tld"
Create operation - example input of the script:
createUser Name;EmailAddress John Doe;john.doe@domain.tld
Create operation - example output of the script:
AccountId user1
List objects operation - example input of the script:
listObjects objectType Users
List objects operation - example output of the script:
AccountId user1 user2 user3
Example of bash script for all connector operations
The script uses external AWK script for parsing CSV: csvawk.txt
#!/bin/bash # Autor: BCV solutions s.r.o. ##################################################################################################################################################### # CONFIGURATION # ##################################################################################################################################################### # Awk skript for CSV parsing AWKCSV="/home/bcv/csvawk.txt" # Used programs (standard linux distribution) AWK=/bin/awk # Log file LOG_FILE="/home/bcv/ssh_connector.log" ##################################################################################################################################################### # Log Log () { cat ->> $LOG_FILE } # Error Error() { cat - >&2 [ $# -ge 1 ] && exit $1 } parseInput() { Log <<< "parseInput() BEGIN" OIFS=$IFS; IFS=\; local row=0 while read input; do row=$((row+1)) Log <<< "row: $row, input: $input" if [ ${row} -eq 1 ]; then IDM_Request=$input; fi if [ ${row} -eq 2 ]; then CSVH=( $input ); fi if [ ${row} -eq 3 ]; then IFS=$OIFS eval $($AWK -f $AWKCSV <<< ${input}) break fi done IFS=$OIFS; #Basic input validation - header cannot have less columns than values if [ ${#CSVV[*]} -gt ${#CSVH[*]} ]; then Error 1 <<< "ERROR: Spatny format CSV dat $1." fi for i in $(seq 0 $((${#CSVH[*]} - 1))); do eval "CSV_${CSVH[$i]}=\"${CSVV[$i]}\"" done Log <<< "parseInput() END" } # Use operation from IDM useOperation() { Log <<< "useOperation() BEGIN" Log <<< "variable IDM_REQUEST: $IDM_Request" case "$IDM_Request" in ("listObjects") listUsers ;; ("getUser") getUser ;; ("createUser") createUser ;; ("updateUser") updateUser ;; ("deleteUser") deleteUser ;; (*) Error 1 <<< "ERROR: Unsupported operation $IDM_Request." ;; esac Log <<< "useOperation() END" } listUsers(){ Log <<< "listUsers() BEGIN" echo "AccountId" # Add your code here Log <<< "listUsers() END" } getUser() { Log <<< "getUser() BEGIN" if [ "x$CSV_AccountId" != "x" ]; then CSV_login=$CSV_AccountId elif [ "x$CSV_Name" != "x" ]; then CSV_login=$CSV_name else Error 110 <<< "ERROR: Nebylo zadano accountId ani Name." fi Log <<< "getUser() LOGIN: $CSV_AccountId" #echo "AccountId;attrname" #echo "${CSV_login};attrvalue # Add your code here Log <<< "getUser() END" } createUser() { Log <<< "createUser() BEGIN" Log <<< "createUser() LOGIN: $CSV_AccountId" # Add your code here echo $CSV_login Log <<< "createUser() END" } updateUser() { Log <<< "updateUser() BEGIN" Log <<< "updateUser() LOGIN: $CSV_AccountId" # Add your code here echo $CSV_AccountId Log <<< "updateUser() END" } deleteUser() { Log <<< "deleteUser() BEGIN" Log <<< "deleteUser() LOGIN: $CSV_AccountId" # Add your code here Log <<< "deleteUser() END" } Log <<< "======== SCRIPT STARTED ========" parseInput useOperation Log <<< "======== SCRIPT FINISHED ========"
Known issues
See the list of known issues in our tracking system