in some cases we would like to use LDAP query from AD by rule, for example you start a WF which run operation on Active Directory account, in some customers they make changes directly on AD and not by IDM like move containers or change CN, that cause the link to break and require aggregation to run.
if you have case like this and you cant run aggregate since DN change than you can use LDAP to get user new DN, following LDAP Rule support query by any AD attribute which is filterbale
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1669205811708" id="0a64184786111c298186124fc83f0660" language="beanshell" modified="1675355488311" name="ruleLDAPQueryByAttribute" type="Workflow">
<Signature returnType="Object">
<Inputs>
<Argument name="applicationName">
<Description>
The current WorkflowContext.
</Description>
</Argument>
<Argument name="filterAttribute">
<Description>
The workflow handler associated with the current WorkflowContext.
</Description>
</Argument>
<Argument name="attributeValue">
<Description>
The current Step.
</Description>
</Argument>
</Inputs>
</Signature>
<Source>
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Attributes;
import sailpoint.tools.GeneralException;
// Initialize example
// String applicationName="Active Directory";
// filterAttribute="IDNumber";
// attributeValue="10051837";
log.error("applicationName="+applicationName+";filterAttribute="+filterAttribute+";attributeValue="+attributeValue);
Map filter = new HashMap();
filter.put(filterAttribute, attributeValue);
// Get connection
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
Application application = context.getObjectByName(Application.class, applicationName);
Attributes attributes = application.getAttributes();
List settings = attributes.getList("domainSettings");
for (Object setting : settings)
if (setting instanceof Map) {
Map map = (Map) setting;
env.put(Context.SECURITY_PRINCIPAL, (String) map.get("user"));
env.put(Context.SECURITY_CREDENTIALS, context.decrypt((String) map.get("password")));
}
settings = attributes.getList("forestSettings");
for (Object setting : settings)
if (setting instanceof Map) {
Map map = (Map) setting;
env.put(Context.PROVIDER_URL, "ldap://" + (String) map.get("gcServer"));
}
DirContext dirContext = new InitialLdapContext(env, null);
// Get DNs List
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String fields = "";
for (Map.Entry entry : filter.entrySet())
fields += "(" + entry.getKey() + "=" + entry.getValue() + ")";
List dns = new ArrayList();
NamingEnumeration <SearchResult> results = dirContext.search("", "(&" + fields + ")", searchControls);
while (results.hasMore()) {
SearchResult entry = results.next();
dns.add(entry.getName());
}
return dns;
</Source>
</Rule>