Discovery using jsexclude=yes and exclude( ) javascript function

Created: 2021-07-06 14:49:58
Modified: 2021-07-06 15:20:34
Tags: Javascript

Discovery using jsexclude = yes and exclude( ) javascript function

As of v4.0 there is an enhanced ldap query function which allows pre-filtering of discovered source data.

For all source LDAP connections, the Source tab includes Optional Query Filter parameters. These parameters may be used to filter incoming data on Discovery. A simple query or a combination of queries (compound queries) allows you to ‘include’ or ‘exclude’ source records based on source attribute data using standard ldap search syntax. This KB explains standard ldap search syntax and provides examples of simple and compound queries.

Sometimes, the Source Tab query syntax gets very long and difficult to manage. Or, basic ldap syntax does not allow the complexity to get your desired result.

Instead of (or in addition to) the Source Tab query parameters, there is a function that allows you to fine tune a discovery filter using javascript. The exclude() can be customized to allow more granular specifications to include/exclude source records on discovery. When enabled, every discovered record will pass through the exclude() function.

NOTE: Source tab query filters are processed FIRST. Any record that passes the query filter will THEN go through the exclude() function (if enabled).

Any time you change source tab or filter or exclude() settings, ALWAYS test using Discovery to confirm the correct records are discovered, as well as SIMULAION to ensure proper results. Be on the lookout for unexpected ADDs and Deletes on Simulation).

  1. To enable the exclude() function, add the following to your config.txt (Custom tab, Raw Config):
    jsexclude=yes

  2. Create or edit \UnitySync-v4\global\eval.js
    If you do not have eval.js, copy eval-example.js to eval.js and edit. If you already utilize an eval.js, make a backup copy then edit eval.js

  3. The following sample exclude() will filter out (aka Exclude) all records except those with the format of 16digits@xyz (i.e. 1234567890123456@xyz)

When enabled in Raw Config with jsexclude=yes, function exclude() is performed on each source record (after source tab query has been applied)

Function should be written such that when it returns TRUE, the source record IS Excluded.

Example: eval.js
(Return “TRUE” means EXCLUDE it because format is not 16@xyz)

Remember, the only valid return values for exclude() are TRUE (exclude it) or FALSE (Don’t exclude it).

function exclude()
{
var desc = getsrc(“userprincipalname”);
//using getsrc to grab source userprincipalname value.

if (desc.length!=20) {return “TRUE”;}
// if total length != 20, exclude it

else if (desc.substr(16,4) != “@xyz”) { return “TRUE”;}
// if does not end with @xyz, exclude it

else if (isNaN(desc.substr(0,16))) { return “TRUE”;}
// if not 16 leading digits, exclude it

return FALSE;
// Correct format, DO NOT exclude it

}

(End of Script)

Sample Data

DName           userprincipalname                If not valid,  exclude it**
Betty Jane      1234567890@xyz                  10@xyz length not 20
Joe User        1234567890123456@xyz            16@xyz (GOOD DO NOT EXCLUDE)
Kelly Walker    1234567890123456@xyz.com        length not 20
Kris Wilson     12345678901234560000            20 length, no @xyz
User Test 3     1234567890@xyz                  length not 20
User Test1      invalid890123456@xyz            leading 16 not all digits
User Test2      101invalid890123456@            leading 16 not all digits / no @xyz
Share this article:
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync