LDAP Search - Ignoring records older than a year

ras2247 · ‎08-24-2010

I have a client that wishes for us not to import their student LDAP accounts that haven't been modified in over a year. They have an extensionattribute that contains a date in 'yyyy-mm-dd' format. That field contains the last modified date.

Now, from my research on LDAP Search filters I only see method of doing this on specific dates. For example, if I wanted to omit all accounts that were last modified on 2004/08/09 I would use a filter similar to this: (pwdLastSet<=127365120000000000).

So, is there a method to create a search filter to filter out all accounts that haven't been modified in over a year?

Thanks..

Chris Federlin · ‎12-15-2022

You can use data_source in the pre & post scripts to access the data source on the scheduled data import. This will allow you to not use a hardcoded sys_id.

var ou = new GlideRecord('ldap_ou_config');
	var curOU = data_source.ldap_target;
    // Find the specific OU RECORD that you have defined your filter on
    if (ou.get(curOU)) {
        ou.filter = bf + newdt.toString() + '*))';
        ou.update();
    }

TimW1 · ‎09-06-2019

This is better in my opinion. I modified the above to basically take a delta between my last sync and now. This avoids any duplicate processing... Just run it as a pre-script instead of a post-script

//USER SYNC DELTA

// This is just for logging purposes
dt = gs.nowDateTime();
// Define how long you want to go back
nt = gs.MinutuesAgo(10);
var lastrec = '';

var gr = new GlideRecord('ldap_import');
//gr.addEncodedQuery('sys_import_set.numberSTARTSWITHISET0014201');
gr.orderByDesc('u_whenchanged');
gr.setLimit(1);
gr.query();
while(gr.next()){
//gs.log("WOOTWOOT - in while1");
lastrec = gr.u_whenchanged;
//gs.log("WOOTWOOT - in while2 - " + lastrec);
}

setLastRun(nt,lastrec);
function setLastRun(nt){
// Looking for any user that is not employee type of other and was modified after a tbd date
var bf = '(&(objectclass=person)(whenchanged>=';

// Clear out all the DateTime info this important so the correct date format is sent back to the filter
var desired = nt.replace(/[^\w\s+]/gi, '');
var newdt = desired.replace(" ", "");

var ou = new GlideRecord('ldap_ou_config');
// Find the specific OU RECORD that you have defined your filter on
if(ou.get('1bc16288db3ff340ef1674dfaa96193d')){
//gs.log("WOOTWOOT - updating rec - " + lastrec);
ou.filter = bf + lastrec + '))';
ou.update();
}
// Logging to see the new filter we have updated and when the import was completed
gs.log("LDAP Filter Updated with " + bf + lastrec + '))');
}

//STOP COPYING HERE --- THIS IS THE END OF THE USER SYNC - BELOW IS GROUP SYNC

//GROUP SYNC DELTA

// This is just for logging purposes
dt = gs.nowDateTime();
// Define how long you want to go back
nt = gs.MinutuesAgo(10);
var lastrec = '';

var gr = new GlideRecord('ldap_group_import');
gr.addEncodedQuery('sys_import_set.numberSTARTSWITHISET'); //Leave this... the order by descending doesn't work without a query
gr.orderByDesc('u_whenchanged');
gr.setLimit(1);
gr.query();
while(gr.next()){
//gs.log("WOOTWOOT - in while1");
lastrec = gr.u_whenchanged;
//gs.log("WOOTWOOT - in while2 - " + lastrec);
}

setLastRun(nt,lastrec);
function setLastRun(nt){
// Looking for any user that is not employee type of other and was modified after a tbd date
var bf = '(&(objectclass=group)(whenchanged>=';

// Clear out all the DateTime info this important so the correct date format is sent back to the filter
var desired = nt.replace(/[^\w\s+]/gi, '');
var newdt = desired.replace(" ", "");

var ou = new GlideRecord('ldap_ou_config');
// Find the specific OU RECORD that you have defined your filter on
if(ou.get('71a03ca8db7f3740ef1674dfaa9619a3')){
//gs.log("WOOTWOOT - updating rec - " + lastrec);
ou.filter = bf + lastrec + '))';
ou.update();
}
// Logging to see the new filter we have updated and when the import was completed
gs.log("LDAP Groups Filter Updated with " + bf + lastrec + '))');
}