Sadly, the AD plugin won't cut it - this is a fully fledged LDAP IDM, and it contains a lot of metadata which is missing from (our) AD database.

sounds like you might need to roll your own in that case.

Microsoft claims the ADSI scripting engine can connect to any LDAP interface and query any attributes. This might be a case for a roll your own plugin.

You can always call out to external command line tools, or Powershell scripts to do the LDAP queries. Find some examples for adfind.exe here:

http://www.vcoportal.de/2011/08/small-but-useful-command-line-tools-for-vco-workflows/

Cheers,

Joerg

Thanks for the feedback.

Shelling out to an external command is never an ideal option; it deepens the dependency chain and increases the chance of breakage.

Also, it's a bit surprising how often DOS and PowerShell tools are referenced in here, given that Orchestrator is built around the Apache Rhino javascript engine and comes with its own Linux-based appliance. I am using this.

Anyway; Does anyone (who follows this thread ) have any idea how one can access LDAP from inside the Rhino engine?

>> Anyway; Does anyone (who follows this thread ) have any idea how one can access LDAP from inside the Rhino engine?

Rhino engine does not come with out of the box support for LDAP. But in vCO you can expose arbitrary Java class in the scripting (see vSphere 5.5 Documentation Center ) You could pick some java library for LDAP access and expose it to vCO scripting.

If you need more advance stuff you could also consider writing a vCO plugin.