loadplatform
Use the loadplatform program to query connectors for their abilities and populate platform, objoper and objrel database tables with the information. The program also sets the default attributes for the connector platforms by populating attrdef and attrdefval tables. This is particularly useful when custom connectors have been created and the target type needs to be available in the user interface.
When used without the -force argument, it is safe to run. If run with -force it can return to defaults any custom settings in newly created target system configurations, in system attributes, discovery templates, account attribute overrides.
Bravura Security Fabric target systems types are displayed in Type drop-down list on the page. Target types in this list are displayed according to target system category.
loadplatform is installed in the Bravura Security Fabric instance util directory.
Requirements
The client software required by the specified target systems must be installed or else the platform data for the connector will not be imported to the database.
The loadplatform program loads a binary executable (.exe), or a scripted platform definition file that calls a binary agent. If you do not specify an .exe or .con extension, the program looks for files with either extension. If both exist, loadplatform loads the .exe file.
To load and list official scripted connectors, both the scripted platform definition file (.con) and the configuration script specified within the .con file must be located in the agent directory.
Usage
loadplatform.exe -a <connector name> [-dry-run] loadplatform.exe -target [-dry-run]
Argument | Description |
|---|---|
-v, --version | Print out version and exit |
-a, --agent <connector name> | Load the specified connector. |
-target | Load all target system connectors. |
-d, --dir <directory path> | Changes the directory to look for the agents and connectors in the specified path. |
-32bit | Load 32-bit connectors. |
-dry-run | Query the specified connectors but do not write the information to the database. |
-force | Forcibly update attribute information if conflict exists. WarningDo not run the command with this argument until you check the |
-list-db-inserts | Include a list of all inserted database values. |
Examples
To import information about the Unix connector into the database, type:
loadplatform.exe -a agtunix.exe
To see the operations supported by the Active Directory DN connector, type:
loadplatform.exe -dry-run -a agtaddn.exe
Loading a new scripted target system type
Some target system types listed on the Target system information page are defined by scripted platform definition files that call a binary agent such as the SSH scripted agent (agtssh) and specify a configuration script that defines supported operations.
Scripted platform definition files are written in the following format:
# KVGROUP-V2.0
<name> = {
agent = <binaryToRun>;
script = <script>;
category = <category>;
platform = <platformId>;
description = <languageTagName>;
}for example:
# KVGROUP-V2.0
agtssh-sample = {
agent = agtssh.exe;
script = sampleScript.cfg;
category = SCRIPT;
platform = AGTSSH-SAMPLE;
description = !!!AGTSSH-SAMPLE-DESC;
}The keys in the scripted platform definition file are all required and are all case-sensitive. The "category" must be a valid platform category. These are described in platcat.csv in the agent\dat directory.
To load a new scripted target system type:
Write a configuration script in the format described in Script systems in the Connector Pack documentation .
Write a scripted platform definition file in the format described on this page.
Add both the configuration script and the .con file to the agent directory.
From the util directory, run:
loadplatform -a <con filename>.con
This loads the new target system type into the instance database.
Scripted platform definition files and configuration scripts can also be loaded from other directories outside the agent directory. To do this, place both the configuration script and the .con file into the desired directory and run loadplatform with the absolute or relative path to the .con file. For example:
loadplatform -a <con filename>.con -d "C:\path\to\agent"
SQL scripted connectors also support defining managed identities by using a configuration file in following format:
# KVGROUP-V2.0
<name> = {
agent = <binaryToRun>;
script = <script>;
category = <category>;
platform = <platformId>;
description = <languageTagName>;
objects = <object type>;
}for example:
# KVGROUP-V2.0
agtoracustom = {
agent = agtorascript.exe;
script = agtoracustom.cfg;
category = ATTAP;
platform = ORACUSTOM;
description = "Custom oracle target";
system = false;
objects = {ACCT;ASSET;GRP;ROLE;};
}Providing managed identities in the configuration file allows connectors to be loaded with only operations related to the specified objects.
Loading a new platform category
Bravura Security Fabric can load a new platform category dynamically. Connector Pack 1.1 or later is required.
To load a new platform category:
Modify the platcat.csv from the agent\dat directory.
Add a new category to the platcat.csv file.
Add the language tag for this new category to the en-errmsg.kvg file.
Generate and install a new set of skins.
See Customization in the Bravura Security Fabric Documentation site for more information.
From the util directory, run:
loadplatform -target
This loads the new platform category into the platcat table.
Loading default attributes
Bravura Security Fabric can load default attributes for connectors from attribute files located in agent\dat directory. The default attributes for connectors are defined in different files which may include account attributes file, group attributes file and object attributes file depending on the connector supported operations.
To load the default attributes:
Modify or create a new attribute file(s) in the agent\dat directory.
From the util directory, run:
loadplatform -a <agent>
This loads or modifies the default attributes for the connector platforms by populating attrdef and attrdefval tables.
You should be able to find default attributes for account and group under Manage the system > Resources > Account attributes or Manage the system > Resources > Group attributes then select the connector target system type or the connector target system.
Loading a new or modified discovery template
Bravura Security Fabric can load target system discovery templates dynamically. Connector Pack 3.1.0 or later is required. By default, they are located in the agent\dat directory.
Discovery template files are written in the following format:
KVGROUP-V2.0
templates = {
<TARGET_TEMPLATE> = {
name = <PSLang name description>
address = <PSLang address description>
<key> = <value>; # target system option
...
...
<key> = <value>;
Resources = {
};
TargetAttrs = {
};
};
}for example:
# KVGROUP-V2.0
templates = {
NT_TEMPLATE = {
name = "$comp[\"dNSHostName\"][0]";
address = "\"{server=\" + $comp[\"dNSHostName\"][0] + \";}\"";
runlist = true;
listattributes = true;
listgroups = true;
idarchivepush = true;
adminresethide = true;
selfresethide = true;
adminunlockhide = true;
selfunlockhide = true;
adminclaimhide = true;
selfclaimhide = true;
selfmanagehide = true;
listmembertype = A;
Resources = {
ls_scmacct;
ls_taskacct;
ls_iisacct;
ls_comacct;
ls_normacct;
};
TargetAttrs = {
ADDR_ATTR = "DNSHOSTNAME";
DESC_ATTR = "DNSHOSTNAME";
};
};The keys in the discovery template file are all required, and are all case sensitive. The name and address keys are written using PSLang expression based on account attributes discovered using auto discovery.
To load a discovery template:
Modify or create a new <target>-template.cfg file in the agent\dat directory.
From the util directory, run:
loadplatform -a <agent>
This loads the agent with the new/modified discovery template onto the instance. You should be able to find the discovery template under Manage the system > Resources > Target systems > Discovery templates.