I guess there aren't any predefined actions or plugins which do this, but does anyone know if and how one can access a generic LDAP server from vCO?
We need the SSO-integration so vCenter etc permissions can be used, but we also have a very large LDAP service which needs to be queried for stuff like email address etc.
Just to be very clear: I am not trying to fetch LDAP attributes through SSO, I need to access the LDAP directly.
when you say LDAP are you referring to Active Directory LDAP? If so there is an Active Directory plugin available.
Although in my opinion is not that usable as it only supports a single AD source. If you are using AD and you only have one of them it should suffice to your needs.
Sadly, the AD plugin won't cut it - this is a fully fledged LDAP IDM, and it contains a lot of metadata which is missing from (our) AD database.
sounds like you might need to roll your own in that case.
Microsoft claims the ADSI scripting engine can connect to any LDAP interface and query any attributes. This might be a case for a roll your own plugin.
You can always call out to external command line tools, or Powershell scripts to do the LDAP queries. Find some examples for adfind.exe here:
http://www.vcoportal.de/2011/08/small-but-useful-command-line-tools-for-vco-workflows/
Cheers,
Joerg
Thanks for the feedback.
Shelling out to an external command is never an ideal option; it deepens the dependency chain and increases the chance of breakage.
Also, it's a bit surprising how often DOS and PowerShell tools are referenced in here, given that Orchestrator is built around the Apache Rhino javascript engine and comes with its own Linux-based appliance. I am using this.
Anyway; Does anyone (who follows this thread ) have any idea how one can access LDAP from inside the Rhino engine?
>> Anyway; Does anyone (who follows this thread ) have any idea how one can access LDAP from inside the Rhino engine?
Rhino engine does not come with out of the box support for LDAP. But in vCO you can expose arbitrary Java class in the scripting (see vSphere 5.5 Documentation Center ) You could pick some java library for LDAP access and expose it to vCO scripting.
If you need more advance stuff you could also consider writing a vCO plugin.