Apply a dynamic filter in LDAP Filter

Johnny D_ · ‎11-29-2018

Hi everybody.

This is my very first topic on the community.

My question is about the "LDAP OU Definition".

What we want is to identify in LDAP, the new created accounts. List them in a table, then push the mail adresse Inside Workday.

The sequence is : Scheduled Data Import --> use a data source LDAP --> Supported by a LDAP Target.

In the LDAP Target you define the LDAP Filter for requesting AD.

Everything works fine, but my target is to produce a dynamic LDAP Filter, based on the "WhenCreated" LDAP Parameter

For exemple, if i define this kind a filter : (&(objectClass=person)(sn=*)(!(objectClass=computer))(whenCreated>=20061001000000.0Z))

--> It's ok i find 10 accounts.

But i would like the criteria of the parameter whenCreated dynamic "20061001000000.0Z"

Like this i would be able to ask to LDAP "Give me the user accounts who have been created since my last execution".

To do this, i have created a "script include" (ADCaller_script_getDateCreated), including ADCaller_script_getDateCreated function who only do return "20061001000000.0Z"; (first step for proof of concept)

And i adjust the LDAP Filter :

(&(objectClass=person)(sn=*)(!(objectClass=computer))(whenCreate>=javascript:ADCaller_script_getDateCreated()))

--> It's KO i find always 0 accounts.

--> It looks the "javascript:ADCaller_script_getDateCreated()" is not translated

--> I've tried : javascript:global.javascript:ADCaller_script_getDateCreated() : KO

--> I've tried to create de DynamicFilter Option referenced to the script include : KO

--> I haven't tried to do a Class script include, with a method "getDateCreated" and call it with javascript:new MyScript().myMethod() because i think the result will be identical.

Therefore, i'm asking to the community : Is it possible to implement something like a dynamic value Inside a LDAP Filter ? If yes, what is wrong in my code and do you have a functional example?

Thanks in advance,

Cordially

gracjan · ‎03-11-2021

Great. I am enlightened. Thank you and thank you for your prompt reply. I am new to scripting and servicenow. I am trying to update LDAP filter to filter out records that weren't updated in more than 24 hours.

we have a field called 'modifyTimestamp' so what I am trying to get is this:

(modifyTimestamp>=now-24hours)

so from what I understand....

generic filter

(&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=20210304000001.0Z)(extensionAttribute4=*))

how do I enter a new filter to the scheduled import postscript? If I paste this to the post scrip is that going to update the the above filter?

var ldapFilter = gs.getProperty('template.ldap.filter.prop');
var dateDyn = ADCaller_script_getDateCreated(); // script include function returning the right next date (do you mind sharing this as well?)

var ldapDbObj = new GlideRecord('ldap_ou_config');
ldapDbObj.get(data_source.ldap_target.sys_id);

ldapDbObj.filter = ldapFilter.replaceAll("#DATE#",dateDyn) ;
ldapDbObj.update();

Please help!

This is what I entered into the post script:

var ldapDbObj = new GlideRecord('ldap_ou_config');
var dateDyn = gs.hoursAgo(24);

ldapDbObj.get(data_source.ldap_target.sys_id);

ldapDbObj.filter = ldapFilter.replaceAll("#DATE#",dateDyn);
ldapDbObj.update();

Johnny D_ · ‎03-11-2021

This : (&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=20210304000001.0Z)(extensionAttribute4=*))

is an example of a final LDAP Filter, not what i call a generic filter. This is what you want produce by script and put as the LDAP Filter for next run.

What i call a Template filter (or generic filter) is a filter with an identifiable and repleceable string, in my case #DATE#.

If you do :

var template = "(&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=#DATE#)(extensionAttribute4=*))" ;

template= template.replaceAll("#DATE#","20210304000001.0Z") ;

gs.info("MyTemplate : "+template);

The result will be :

"MyTemplate : (&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=20210304000001.0Z)(extensionAttribute4=*))"

==> #DATE# has been found and replaced by the second argument of replaceAll() function.

But if you do :

var template = "(&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=20210101000001.0Z)(extensionAttribute4=*))" ;

template= template.replaceAll("#DATE#","20210304000001.0Z") ;

gs.info("MyTemplate : "+template);

The result will remain:

"MyTemplate : "(&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=20210101000001.0Z)(extensionAttribute4=*))""

Because there is no #DATE# in the string (template) to be replaced by the date you want.

That's why i advises to use a variable containing a LDAP Filter Template, by Template i mean there is no date, but a #DATE# string to be replaced by script with the date you want.

Everytime your script run, it read the property and get the same template. Only the calculated date change.

For the date it's not right :

var dateDyn = gs.hoursAgo(24); // This funtion will return Something like 2021-03-10 20:14:15 : KO this is not the required LDAP format "YYYYMMDDHHmmss.OZ"

--> Find in attachment the script i used for example, it's not a perfect script (but working).

In your case :

1) Create a String property called : template.ldap.filter.prop

2) Store this string inside : (&(objectClass=user)(sn=*)(!(objectClass=computer))(modifyTimestamp>=#DATE#)(extensionAttribute4=*))

3) Get the value in JS variable : var ldapFilter = gs.getProperty('template.ldap.filter.prop');

4) Set the variable dateDyn in the LDAP Format ;

5) Then generate the LDAP Filter you want :

ldapDbObj.filter = ldapFilter.replaceAll("#DATE#",dateDyn) ;

And the result will probably be better 🙂

A tips : If you are new to ServiceNow you can use "Fix scripts" to make some tests quickly.

Good luck, hang on, and you will see, ServiceNOW is a wonderful platform for us.

Johnny D_ · ‎03-11-2021

And the script for LDAP date.

Johnny D_ · ‎03-11-2021

I can't upload attachement. This is the script i used :

function ADCaller_script_getDateCreated(){

var anteriorite = gs.getProperty('lmg.wd.ad.ldap.days'); // Property containing the number of days in the past

// If property is zero we look very far in the past (equal to get every records)
if(anteriorite == 0){
return "20160101000000.0Z";
}

var locDate = new Date(); // We create a date, but you can use gs.daysAgo() or gs.hoursAgo()
locDate.setDate(locDate.getDate() - anteriorite ) ; // On recule d'un journée pour se positionner la veille

var zeroMonth = "" ;
var zeroDay= "" ;

if( (locDate.getMonth() + 1) < 10) zeroMonth = '0'; // add a zero prefix for month 1,2,3...9
if( (locDate.getDate()) < 10) zeroDay = '0'; // add a zero prefix for days 1,2,3...9

// formatting the date for LDAP Format
var dateToReturn = locDate.getFullYear()+zeroMonth+(locDate.getMonth() + 1)+zeroDay+locDate.getDate()+"000001.0Z";

return dateToReturn ;

}

gracjan · ‎03-16-2021

Thank you so much.