Discovery using jsexclude=yes and exclude( ) javascript function
Created: 2021-07-06 14:49:58Modified: 2024-04-26 12:43:30
Tags: Javascript
Discovery using jsexclude=yes and exclude( ) javascript function
As of v4.0 there is an enhanced ldap query function which allows pre-filtering of discovered source data.
For all source LDAP connections, the Source tab includes Optional Query Filter parameters. These parameters may be used to filter incoming data on Discovery. A simple query or a combination of queries (compound queries) allows you to ‘include’ or ‘exclude’ source records based on source attribute data using standard ldap search syntax. This KB explains standard ldap search syntax and provides examples of simple and compound queries.
Sometimes, the Source Tab query syntax gets very long and difficult to manage. Or, basic ldap syntax does not allow the complexity to get your desired result.
Instead of (or in addition to) the Source Tab query parameters, there is a function that allows you to fine tune a discovery filter using javascript. The exclude() can be customized to allow more granular specifications to include/exclude source records on discovery. When enabled, every discovered record will pass through the exclude() function.
NOTE: Source tab query filters are processed FIRST. Any record that passes the query filter will THEN go through the exclude() function (if enabled).
Any time you change source tab or filter or exclude() settings, ALWAYS test using Discovery to confirm the correct records are discovered, as well as SIMULAION to ensure proper results. Be on the lookout for unexpected ADDs and Deletes on Simulation).
To enable the exclude() function, add the following to your config.txt (Custom tab, Raw Config):
jsexclude=yesCreate or edit \UnitySync-v4\global\eval.js
If you do not have eval.js, copy eval-example.js to eval.js and edit. If you already utilize an eval.js, make a backup copy then edit eval.jsFunction should be written such that when it returns TRUE, the source record IS Excluded.
Remember, the only valid return values for exclude() are TRUE (exclude it) or FALSE (Don’t exclude it).
A Simple Example:
Client’s department is a four digit number. However department is a alpha numeric attribute. Therefor, a regular query filter can not be used to compare the numeric values. Using exclude() you can pre-exclude desired departments.
If Department is greater or equal to 600, exclude it.
function exclude()
{
var dept=getsrc("department");
dept=+dept //convert string to integer
if (dept >= 600) {return "TRUE"} //exclude it!
return FALSE;
// Falling through to return FALSE means do NOT exclude it.
}
A More Complex Example:
If userprincipalname does not match required format, exclude it: 16digits@xyz (ie. 1234567890123456@xyz)
function exclude()
{
var desc = getsrc(“userprincipalname”);
//using getsrc to grab source userprincipalname value.
if (desc.length!=20) {return “TRUE”;}
// if total length != 20, exclude it
else if (desc.substr(16,4) != “@xyz”) { return “TRUE”;}
// if does not end with @xyz, exclude it
else if (isNaN(desc.substr(0,16))) { return “TRUE”;}
// if not 16 leading digits, exclude it
return FALSE;
// Correct format, DO NOT exclude it
}
Sample Data
DName userprincipalname If not valid, exclude it**
Betty Jane 1234567890@xyz 10@xyz length not 20
Joe User 1234567890123456@xyz 16@xyz (GOOD DO NOT EXCLUDE)
Kelly Walker 1234567890123456@xyz.com length not 20
Kris Wilson 12345678901234560000 20 length, no @xyz
User Test 3 1234567890@xyz length not 20
User Test1 invalid890123456@xyz leading 16 not all digits
User Test2 101invalid890123456@ leading 16 not all digits / no @xyz