The publisher channel may submit events to be published, using the change log tool usclh (on UNIX) or idmevent.exe (on Windows). These tools will create an event, which will be picked up by the driver shim on a polling interval and published to the Identity Manager engine, where it may be processed by Policy. The change log tool may be invoked at anytime on the application system. One commonly-used technique is to call the changelog tool from the polling script, which is executed on the polling interval as well. In such a scenario, the polling script can determine what changed and submit the changes to the change log to be processed immediately after the polling script terminates. However, if you wish to invoke the change log tool from another mechanism, events will be queued in the changelog and published on intervals when necessary.
The syntax for the change log tool on UNIX, usclh, is as follows:
usclh -t <type> [-c class] [-e event-id] [-a association] [-s src-dn] [-o old-src-dn] [-p password] [-w old-password] [-n new-name] [-r] [-y old-association] [-z new-association] [-l status-level] [-m status-message] [-1 | -2] [-?]
Where each option is described in the following table:
Table D-3 Options
When invoked, the changelog utility waits for input on standard input until an EOF (end of file) character is received. If entered on the command-line, you can terminate it with the Ctl-d meta character. Additional name/value pairs can then be passed to this tool to supply additional event information such as attribute values being added or removed.
When invoked from a script, you can use a “here-is” document format to pass standard input to the changelog tool. When passing input to a command-line utility through standard input, you have the advantage that the information is protected from the environment, adding security to your publisher. When using command-line arguments, these options will appear in cleartext to the outside environment with tools such as “ps”.
Examples from a script:
usclh -t add -c User -a bob <<EOF ADD_CN=bob ADD_Login Disabled=true EOF usclh -t modify -c User -a bob <<EOF ADD_CN=bob ADD_Login Disabled=true EOF usclh -t modify-password -c User -a bob <<EOF OLD_PASSWORD=secret PASSWORD=newsecret EOF usclh -t rename -c User -a bob -n bob2 -r <<EOF EOF
Examples from a command line:
usclh -t add -c User -a bob ADD_CN=bob ADD_Login Disabled=true ^d usclh -t delete -c User -a bob ^d usclh -t modify-password -c User -a bob -w secret -p newsecret ^d usclh -t xds <modify class-name="User" event-id="12345"> <association>bob</association> <modify-attr attr-name="MyAttr"> <remove-all-values/> <add-value> <value>some new value</value> </add-value> </modify-attr> </modify> ^d