Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Example scripts for Code42 User Directory Sync

Overview

Code42 User Directory Sync allows you to automatically manage users in your cloud Code42 environment. Once configured, it connects your directory service (for example, Active Directory) to your Code42 environment and automatically creates users, updates their organization and role assignments, and deactivates users in Code42 based on changes made within your directory service. 

When you install the Code42 User Directory Sync tool, the installation generates three types of scripts used to control synchronization of users in your directory service with Code42:

  • Active script
    Determines when a user is considered active. If the user is new and marked as active, the user is provisioned in Code42.
  • Org script
    Determines how to assign users to organizations. If a user is provisioned to an organization that doesn't previously exist in Code42, the organization is created and that user is assigned to it. If a user is provisioned without an organization, they will be assigned to the organization defined in the Edit Organization Mapping Method dialog.
  • Role script
    Determines how a user is assigned roles in Code42 based on information for that user from your directory service. A user can be provisioned with one or more roles. If a user is provisioned without any roles specified, the user is created using the default roles configured for their organization in Code42. Ensure the roles you want to manage with the roles script are whitelisted for use in the Select Roles dialog.

When first installed, the scripts are empty. You must create your own versions of the scripts before you can provision users from your directory service to Code42. This article provides example scripts you can use as the basis for your own scripts. 

Considerations

  • Code42 User Directory Sync scripts are very similar to LDAP scripts. In the examples in this article, replace the CN, DC, and OU values with values matching your directory service environment.
  • This article assumes you understand the basics of using scripts to manage users with Code42 User Directory Sync. See User management with Code42 User Directory Sync.
  • If you need help configuring scripts, contact your Customer Success Manager (CSM) to engage the Professional Services team.

Before you begin

Before you can create scripts, install the Code42 User Directory Sync tool to a dedicated host computer. After installation, the following empty template files are added in the location where the tool is installed:

  • ActiveScript.js
  • OrgScript.js
  • RoleScript.js

Using the examples below, create your own scripts using these files as a starting place. 

To point to the scripts you create, set the following properties in the config.properties file:

  • script.active.location
  • script.org.location
  • script.role.location

After you set these script location properties, the scripts are run when you launch the C42UserDirectorySync executable with the --sync-now flag. 

Example active scripts

An active script takes the directory service entry for users as its input and returns a boolean value indicating whether or not the users should be active in Code42.  

Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in Code42.

Make users from an organizational unit active in Code42

Professional Services filename: Active_script_by_ou.js

The following script selects users within the specified organizational unit and makes them active in Code42. 

Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in Code42.

Copied!
function isActive(entry) {
    if (entry.userAccountControl & 0x2 || entry.dn == null) {
        return false;
    }
    if (entry.dn.indexOf("OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
        return true;
    }
    return false;
}

Make users from a security group active in Code42

Professional Services filename: Active_script_by_sec_group.js

The following script selects users within the specified security group and makes them active in Code42. 

Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in Code42.

Copied!
function isActive(entry) {
    if (entry.userAccountControl & 0x2 || entry.memberOf == null) {
        return false;
    }
    for (i = 0; i < entry.memberOf.length; i++) {
        if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
            return true;
        }
    }
    return false;
}

Make users with certain attributes active in Code42

Professional Services filename: Active_script_select_attribute.js

The following script selects users who match the specified attributes and makes them active in Code42.

The valueInAttribute function tests the value of the user's attribute against the list of possible values provided, and returns true if any match. Otherwise, the script returns false.

Copied!
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the values variable, store a list of values for the above attribute.
var values = [
    "CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
    "CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org"
];

function isActive(entry) {
    // First, check if the user is active and has the desired attribute. If they are not, return false.
    if (entry.userAccountControl & 0x2 || entry[attribute] == null) {
        return false;
    }

    // If the user's attribute contains any of the values in the values field, we return true. Otherwise, return false.
    return valueInAttribute(entry, attribute, values)
}

// This function compares the values in testValues with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function valueInAttribute(entry, attribute, testValues) {
    var entryValues = entry[attribute];
    try {
        if (typeof entryValues != "object") {
            entryValues = [entry[attribute]];
        }
    } catch (err) {
        print("Threw error trying to get " + attribute + " and set it: " + err);
    }
    try {
        for (var i = 0; i < testValues.length; i++) {
            for (var x = 0; x < entryValues.length; x++) {
                if (entryValues[x].indexOf(testValues[i]) >= 0) {
                    return true;
                }
            }
        }
    } catch (err) {
        print("Threw an active script " + attribute + " error: " + err);
    }
    return false;
}

Example org scripts

An org script takes the directory service entry for the users as its input and returns a string which is the name of the Code42 organization into which the users should be placed.

If the specified Code42 organization does not exist, it is created in Code42 and users are provisioned to it.

Provision users from an organizational unit to a Code42 organization

Professional Services filename: Org_script_by_ou.js

The following script selects users from the specified organizational unit and provisions them to the specified organization in Code42.

Unmapped users are provisioned into the "No Orgscript Match" organization.

Copied!
function getOrgName(entry) {
    if (entry.dn == null) {
        return "No DN attribute";
    }
    if (entry.dn.indexOf("OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
        return "Users";
    }
    return "No OrgScript match";
}

Provision users from a security group to a Code42 organization

Professional Services filename: Org_script_by_sec_group.js

The following script selects users from the specified security group and provisions them to the specified organization in Code42. 

Unmapped users are provisioned into the "No Orgscript Match" organization.

Copied!
function getOrgName(entry) {
    if (entry.memberOf == null) {
        return "No memberOf attribute";
    }
    for (i = 0; i < entry.memberOf.length; i++) {
        if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
            return "Example Org";
        }
    }
    return "No OrgScript match";
}

Provision users with certain attributes to a Code42 organization

Professional Services filename: Org_script_select_attribute.js

The following script selects users who match the specified attributes and provisions them to the specified organization in Code42. 

Copied!
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the defaultOrg variable, store the name of the org to which users should be sorted if none of the mapped values match their attribute.
var defaultOrg = "Unsorted Users";
// In the valuesMap variable, store a list of attribute values and their corresponding org names.
var valuesMap = [
    {
        attributeValue: "CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
        orgIs: "Security Group"
    },
    {
        attributeValue: "CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
        orgIs: "Security Group2"
    }
];

function getOrgName(entry) {
    // If the user's attribute contains one of the attribute values in valuesMap, return the corresponding org name. Otherwise, return the default org.
    return getOrgByTestString(entry, attribute, valuesMap, defaultOrg);
}

// This function compares the values in valuesMap with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function getOrgByTestString(entry, attribute, valuesMap, defaultOrg) {
    if (entry[attribute] == null) {
        return defaultOrg;
    }
    var entryValues = entry[attribute];
    try {
        if (typeof entryValues != "object") {
            entryValues = [entry[attribute]];
        }
    } catch (err) {
        print("Threw error trying to get " + attribute + " and set it: " + err);
    }
    try {
        for (var i = 0; i < valuesMap.length; i++) {
            for (var x = 0; x < entryValues.length; x++) {
                if (entryValues[x].indexOf(valuesMap[i].attributeValue) >= 0) {
                    return valuesMap[i].orgIs;
                }
            }
        }
    } catch (err) {
        print("Threw an org script " + attribute + " error: " + err);
    }
    return defaultOrg;
}

Example role scripts

A role script takes as its input the directory service entry for the users, and returns an array of strings, each one representing a role that the users should have in Code42. 

Code42 only allows roles to be assigned if they have been selected ("whitelisted") in the Select Roles dialog in the Code42 console. 

Give users from an organizational unit a specific role in Code42

Professional Services filename: Role_script_by_ou.js

The following script selects users from the specified organizational unit and gives them the specified role in Code42. 

Copied!
function getRoles(entry) {
    if (entry.dn == null) {
        return [];
    }
    if (entry.dn.indexOf("OU=Admins,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
        return [
            "Customer Cloud Admin"
        ];
    }
    return [
        "Desktop User",
        "PROe User"
    ];
}

Give users from a security group a specific role in Code42

Professional Services filename: Role_script_by_sec_group.js

The following script selects users from the specified security group and gives them the specified role in Code42. 

Copied!
function getRoles(entry) {
    if (entry.memberOf == null) {
        return [];
    }
    for (i = 0; i < entry.memberOf.length; i++) {
        if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
            return [
                "Customer Cloud Admin"
            ];
        }
    }
    return [
        "Desktop User",
        "PROe User"
    ];
}

Give users with certain attributes a specific role in Code42

Professional Services filename: Role_script_select_attribute.js

Copied!
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the defaultRoles variable, store an array of roles that all users should have.
var defaultRoles = [
    "PROe User",
    "Desktop User"
];
// In the valuesMap variable, store a list of attribute values, and a list of the corresponding roles.
var valuesMap = [
    {
        attributeValue: "CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
        roles: [
            "Customer Cloud Admin"
        ]
    },
    {
        attributeValue: "CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
        roles: [
            "Cross Org Help Desk - No Web Restore",
            "User Modify"
        ]
    }
];

function getRoles(entry) {
    // Start the new role collection with the defaults.
    var userRoles = defaultRoles.map(function(role) {
        return role;
    });
    // If the user's attribute contains one of the attribute values in valuesMap, add the corresponding roles to their list. Then, return the list (which contains the default roles plus any roles that were added).
    return addRolesByTestString(entry, attribute, valuesMap, userRoles);
}

// This function compares the values in valuesMap with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function addRolesByTestString(entry, attribute, valuesMap, userRoles) {
    if (entry[attribute] == null) {
        return userRoles;
    }
    var entryValues = entry[attribute];
    try {
        if (typeof entryValues != "object") {
            entryValues = [entry[attribute]];
        }
    } catch (err) {
        print("Threw error trying to get " + attribute + " and set it: " + err);
    }
    try {
        for (var i = 0; i < valuesMap.length; i++) {
            for (var x = 0; x < entryValues.length; x++) {
                if (entryValues[x].indexOf(valuesMap[i].attributeValue) >= 0) {
                    userRoles.push.apply(userRoles, valuesMap[i].roles);
                }
            }
        }
    } catch (err) {
        print("Threw an org script " + attribute + " error: " + err);
    }
    return userRoles;
}

Related topics

  • Was this article helpful?