VMware Cloud Community
Halukkocaman
Enthusiast
Enthusiast
Jump to solution

Email of Logged in User

Hi,

I'm trying to get the email address of logged in user in vRO. From the community search I found the discusstion below.

Getting AD User attributes using plugin

I try to run the script but I got an error message. I try to modify it to see were I get stuck. I just run the script below with output name  actionResult and type Array/AD:User. Script did not failed but value was empty, so it tells me that this could not find any user. What would be the reason for this?

id = Server.getCurrentLdapUser().displayName;

actionResult = ActiveDirectory.searchExactMatch("User", id);

If I only run "id = Server.getCurrentLdapUser().displayName;" returns correct value. I also validate that I can get an attribute of an AD user if I select the AD user as an input.

Thanks,

Haluk

Reply
0 Kudos
1 Solution

Accepted Solutions
igaydajiev
VMware Employee
VMware Employee
Jump to solution

Ataching sample workflow for resolving user's email. It contains 2 examples:

Examples are created based on functionality available in AD server 3.x+ (Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory ).

1. Find AD user based on users distinguished name (DN) and return it's mail.

       Note: This example will work only in case vRO server authentication is configured to be Ldap mode. Since "DN" attribute is properly populated only in this case. In case vRO server is configured to use SSO mode "DN" attribute contains username itself and not users distinguished name.

   

2. Find AD user based on it's userPrincipalName  (users logon name). more details can b found here User Naming Attributes (Windows)

You can easily modify this example to work against arbitrary LDAP server (it is not needed to be same as LDAP server used by vRO server itself)

Regarding 1000 entries limitaation ...

This is default settings of Microsoft Active directory server to return maximum "1000" entries per query (MaxPageSize). In case you need more entries you need to use paging and request them on portions or change default settings of the server (not recomended). Latest vRO plugin introduce supports for generic LDAP queries and also Paging funcitonality. Some examples are available here :Active Directory plugin 3.0.0 - New and Noteworthy

Hope it helps!

View solution in original post

Reply
0 Kudos
10 Replies
iiliev
VMware Employee
VMware Employee
Jump to solution

In the referenced discussion, the code in the last post is slightly different:

requesterLogin = Server.getCurrentLdapUser().loginName; 

targetUser = ActiveDirectory.searchExactMatch("User", requesterLogin); 

adUser = targetUser[0];

That is, it is using Server.getCurrentLdapUser().loginName and not Server.getCurrentLdapUser().displayName as in your code.

Reply
0 Kudos
Halukkocaman
Enthusiast
Enthusiast
Jump to solution

I try that too.

pastedImage_0.png

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

Hmm, seems to work for me.

Are you absolutely sure that the current user logged in vRO client actually exists in the Active Directory instance configured as default? If yes, then could you provide details about your environment - platformversion, AD plug-in version, configured AD servers, type of authentication, etc.?

Reply
0 Kudos
Halukkocaman
Enthusiast
Enthusiast
Jump to solution

Yes it is my user account and it is exist in AD.

vRO 7.1.0.4262825 build 4262825

AD plugin version : 3.0.2.4209033

I have one configured AD server out of 5-6 servers and I also added ldap name. (I need to add the one server to configure as a default DC for some other workflow.)

it is Ldap authentication.

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

Could you create a test workflow with an input parameter of type AD:User and check if you'll be able to browse and select your user from the default AD server, and print its properties?

Also, you may want to check with the latest Tech Preview version of the AD plug-in available here (although I doubt it will behave differently than the version you have) - Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory

Reply
0 Kudos
Halukkocaman
Enthusiast
Enthusiast
Jump to solution

I created the workflow below.

pastedImage_0.png

When I run this from vRO and select the user, it returns the email address.

I present this workflow to vCenter and run it from there and as you can see it did not picked up the user name automatically.

pastedImage_1.png

Other think I realized is that when I push to green plus button to add a user, I only see 1000 user accounts in the filter option. I tried to find my username but I could not. Interesting thing is, there are other users are in there that in same OU as my username. If I use the Browse option (tree view) to expend the OU my username is in, I can find my username. I also try to specify the root OU in vRO but it did not work either.

pastedImage_3.png

Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
Jump to solution

Ataching sample workflow for resolving user's email. It contains 2 examples:

Examples are created based on functionality available in AD server 3.x+ (Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory ).

1. Find AD user based on users distinguished name (DN) and return it's mail.

       Note: This example will work only in case vRO server authentication is configured to be Ldap mode. Since "DN" attribute is properly populated only in this case. In case vRO server is configured to use SSO mode "DN" attribute contains username itself and not users distinguished name.

   

2. Find AD user based on it's userPrincipalName  (users logon name). more details can b found here User Naming Attributes (Windows)

You can easily modify this example to work against arbitrary LDAP server (it is not needed to be same as LDAP server used by vRO server itself)

Regarding 1000 entries limitaation ...

This is default settings of Microsoft Active directory server to return maximum "1000" entries per query (MaxPageSize). In case you need more entries you need to use paging and request them on portions or change default settings of the server (not recomended). Latest vRO plugin introduce supports for generic LDAP queries and also Paging funcitonality. Some examples are available here :Active Directory plugin 3.0.0 - New and Noteworthy

Hope it helps!

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

For the issue with root OU not working in WebClient choosers - not all presentation properties you can define on an input parameter in vRO are supported in vSphere WebClient, and root object is one of the unsupported.

For user name not picked up automatically - from where exactly did you start the workflow? Auto population of the input parameter is expected to work when you right-click on a object of certain vCenter types (like virtual machine, datacenter, etc.).

Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
Jump to solution

I have forgot to add the attachement... Just added it.

Reply
0 Kudos
Halukkocaman
Enthusiast
Enthusiast
Jump to solution

I remove the first part of the script and left only the part below. Worked like a charm. Thank you.

var ldapClient = null;

ldapClient = host.getLdapClient();

/* You can use custom base in form 'ou=someuo,dc=somedomain,dc=com' to further limit the search*/

searchBase = host.getHostConfiguration().getLdapBase();

   

// Find user by login name

// and resolve users mail.

var loginName = Server.getCurrentLdapUser().loginName

    try {

        var username = Server.getCurrentLdapUser().loginName

        System.log(" == Search for user based on userPrincipalName  " +  username );

        entry = ldapClient.searchForEntry(searchBase , LdapSearchScope.SUB, 10000, "(userPrincipalName=" + username + ")");

        if (entry != null ) {

          email = entry.getAttributeValue("mail");

        }

    } catch (e) {

        System.error(e);    

    }

Reply
0 Kudos