Tag Archive for: Tivoli Directory Integrator

Security Directory Integrator – Custom SQL for JDBC Connectors

/in /by
By Joshua Moore, PathMaker Group Consultant

Security Directory Integrator, formally known as Tivoli Directory Integrator, is a powerful tool that we often use to bulk load data into ISIM. Security Directory Integrator, otherwise known as SDI, has the capability of transforming data of one type to another. One of the challenges is querying specific data from a database source. For example, we often use a SDI to match existing system data to another source based on a User ID, Employee ID, or some type of unique identifier that is maintained in both systems.

 

For the purposes of this blog entry we will focus on the JDBC Connector provided with the standard SDI installation/configuration. As shown in “Figure 1” the connector properties are relatively standard. Providing the required connection parameters and connection to the database should be seamless.

Figure 1:

 

With connection properties configured link criteria can be provided to match input data, also known as “work,” and matched to data within the connected table. To provide the custom SQL to the database connection Lookup we will need to bypass the standard “Link Criteria” and feed in custom JavaScript back on the Connections tab as shown above. Leave “Link Criteria.”

Figure 2:

Context for this Example

In order to provide more context around this scenario, here is the background on the task at hand. A report (csv format) has been provided with a list of server names and supporting content. These server names have been abbreviated in ways to encompass more than one unique value, such as a wildcard character (i.e. myservername*001 or myservernamedev*.) The wildcards therefore denote only one instance in the report when realistically there could be multiple servers for all related supporting content of the report. For this scenario, the wildcard must be translated into a manner in which SQL can look up related server names and output the unique servers for each wildcard value.

 

To provide the JDBC connection with a custom SQL statement we need to tell SDI to use advanced JavaScript for the connection. On the connection tab for JDBC connector there is an “Advanced” option (Figure 3) below the standard connection criteria. 

Figure 3:

Connection Tab – Advanced Options

In this Advanced section, confirm that “Use custom SQL prepared statements” check box is checked. This tells SDI to use custom JavaScript and bypass the Link Criteria. The next step is to provide the custom JavaScript. Click on “SQL Lookup.” It does not look like much of a link but it will launch a new window (Figure 4). In this new window, you will provide the JavaScript to create, format, and customize your SQL to be used as “Link Criteria” for the JDBC connector.

 

As for our scenario, we are querying server names that have asterisks (*) as wildcard characters to denote more than one unique server. If you are familiar with SQL syntax you know that these asterisks cannot be used in a SQL query as wildcard characters. As noted in Figure 4, the SQL must be returned in a “string value.”

Figure 4:

Custom SQL Statement for JDBC connector:

 

Conclusion

There are a variety of use cases for providing custom SQL to complete the JDBC Connectors connection criteria. This simple example, although not exhaustive, was chosen to demonstrate how to provide the connector with the appropriate custom SQL using JavaScript. There is always potential for more work around types of “Link Criteria” to provide, but hopefully this will get you started on the right path.

TDI Null Entries

/0 Comments/in , , , /by

Tivoli Directory Integrator is a powerful tool that we often use as part of an ITIM migration or rollout. What makes it great is its unique ability to translate data from one source of almost any type into another. It really doesn’t matter if you’re using something as a primitive XLS maintained manually by HR or a complex set of relational databases. TDI can get the data, do any number of out of the box or even custom translations that are necessary to get your data into the form you want it.

Through this data “smoothing” process there will inevitably be some odd-ball data that you find. Whether it is a random string value when you expected a Boolean true/false or a legacy attribute that’s only assigned to 25% of the objects you’re migrating.

And then there’s the “null” entry, which will come up often as well. Null values are pesky because we don’t always know why they’re there, sometimes it’s important that the attribute is moved over whether there is a value assigned or not. Other times we want to clean up our data while we’re moving it, and pull out all any attributes assigned with no value. Luckily for us, TDI has a feature built in to assist with this. Read more

Tivoli Directory Integrator – Before Initialize

/2 Comments/in , /by

As I mentioned in prior PathMaker Group blogs Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out of the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract account data from Active Directory using an LDAP connector.

Have you ever wanted to build a dynamic iterator filter that can be created when the assembly line is executed?  In the following example the assembly line uses an LDAP connector to iterate Active Directory.  The requirement is to find AD accounts where the “whenChanged” is in the last 5 days and AD entry should be a user account or a user contact and have a mail attribute.
Read more