Solved: Re: Getting AD User attributes using plugin

BWinchell · ‎11-02-2015

Hello,

I Used to use the:

requester = Server.getCurrentLdapUser().displayName;
requesterToAddress = Server.getCurrentLdapUser().emailAddress;

But now with VRO 6.03 with AD plugin 2.0.3.2824604 the .emailAddress does not work anymore.

I found this link written by Burke (http://www.vcoteam.info/articles/learn-vco/273-how-to-get-active-directory-user-properties.html) that seems to put me on the right path.

My issue is I get an error when I run this. I get the very first attrib (userPrincipalName) and then I get "[B cannot be cast to java.lang.String (Workflow:TEMP_getAdUserAttributes / Scriptable task (item1)#6)"

Any ideas?

Thanks

B

iiliev · ‎11-03-2015

One problem is that ActiveDirectory.searchExactMatch() returns an array of objects, not a single object.

So even if the search criteria is matched by only a single user, the method will return an array with one element, not a single element. So instead of

adUser = targetUser;

you should use

adUser = targetUser[0];

(you may also add a check to verify that the returned array contains at least one element)

BTW, if you are interested only of getting the value of a single attribute ('mail'), you don't need to iterate over all attributes; you can fetch its value directly with

adUser.getAttribute("mail");

and check the returned value for null or empty string "" in case there is no such attribute for this user.

View solution in original post

iiliev · ‎11-02-2015

Hi,

The first 2 lines are part of the server code; they do not use or depend on AD plug-in. By 'does not work anymore' do you mean that the code throws some exception, or that is always returns null/undefined?

For the second part - the error you are getting means the code is trying to convert object of type byte array [B to type String. Do you get this error for the attribute userPrincipalName or for the attribute that is enumerated after userPrincipalName?

Could you show your scripting code? Also, could you check in your AD what is the type of the attribute that trows the error? (In my sample AD, it is of type String and Burke's sample code works just fine for it.)

BWinchell · ‎11-03-2015

Hello,

The 2 lines of the server code is what I previously used to get the current user's email and AD name. I know those do not work anymore via some blogs. So I am looking for a simple replacement to do the same thing.

Here is the actual output of the code (setup exactly like the link provides in it's own workflow):

[2015-11-03 07:40:38.186] [I] ========== All Attributes ===========
[2015-11-03 07:40:38.190] [I] attribute: userPrincipalName(user@domain.com)
[2015-11-03 07:40:38.190] [I] [B cannot be cast to java.lang.String (Workflow:TEMP_getAdUserAttributes / Scriptable task (item1)#4)

Thanks

B

BWinchell · ‎11-03-2015

It looks like the 2nd attribute it is trying to get is "userCertificate". Part of that string has a "@" symbol in it. Could that be throwing the error?

Thanks

B

iiliev · ‎11-03-2015

Usually, certificate content is not a plain string but some binary data. I tried to add such new attribute to one of my sample users and got exactly the same exception.

Looking at the source code of AD plug-in it seems that there is a problem in the way ADBase.getAttribute() converts attribute values to strings - there is no special handling for types that cannot be gracefully cast to string type. I'll open a bug about it.

BWinchell · ‎11-03-2015

I got a workaround for the attribute I initially wanted is:

System.log("aduser" + adUser);
var attribs = adUser.allAttributes;
System.log("========== All Attributes ===========");
for each (attrib in attribs){
    if (attrib.name == "mail") {
  System.log("attribute: "+attrib.name+ "("+adUser.getAttribute(attrib.name)+")");
  }
}

So basically, instead of printing all the variables, I used the Inventory>AD>User>Variables to find the actual attribute I wanted and then filtered that one in the above code.

Thanks

B

BWinchell · ‎11-03-2015

Ok. Back to the original question, "how to get attributes out of AD for a user?"

I have attached 2 test flows to get an attribute.

TEMP_getAdUserAttribute: (*** need to set the input adUser ***) - This flow works

System.log("aduser: " + adUser);
var attribs = adUser.allAttributes;
System.log("attribs: " + attribs);
System.log("========== All Attributes ===========");
for each (attrib in attribs){
    if (attrib.name == "mail") {
  System.log("attribute: "+attrib.name+ "("+adUser.getAttribute(attrib.name)+")");
  }
}

TEST_EmailActions: (*** do not set the input adUser ***) - this fails with: "attribs: undefined" [basically it has an issue with the attribs array]

requester = Server.getCurrentLdapUser().displayName;
System.log("requester: " + requester);
requesterLogin = Server.getCurrentLdapUser().loginName;
System.log("requesterLogin: " + requesterLogin);
targetUser = ActiveDirectory.searchExactMatch("User", requesterLogin);
System.log("targetUser: " + targetUser);


adUser = targetUser;
System.log("adUser: " + adUser);
var attribs = adUser.allAttributes;
System.log("attribs: " + attribs);
System.log("============= Returned Attributes ===============");
for each (attrib in attribs){


    if (attrib.name == "mail") {
  System.log("attribute: "+attrib.name+ "("+adUser.getAttribute(attrib.name)+")");
  }
}

I cannot figure out why it works in one workflow and not the other.

Any suggestions?

Thanks

B

iiliev · ‎11-03-2015

One problem is that ActiveDirectory.searchExactMatch() returns an array of objects, not a single object.

So even if the search criteria is matched by only a single user, the method will return an array with one element, not a single element. So instead of

adUser = targetUser;

you should use

adUser = targetUser[0];

(you may also add a check to verify that the returned array contains at least one element)

BTW, if you are interested only of getting the value of a single attribute ('mail'), you don't need to iterate over all attributes; you can fetch its value directly with

adUser.getAttribute("mail");

and check the returned value for null or empty string "" in case there is no such attribute for this user.

BWinchell · ‎11-03-2015

So here is the final piece of code to get my attribute:

//Set current LDAP user;
requester = Server.getCurrentLdapUser().displayName;


  //Catch exceptions for "requester";
  if(requester == null) {
  System.error("!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  System.error("Module=SetCurrentRequester");
  System.error("LDAP requester is NULL");
  System.error("!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  throw exception;
  }


//Find current LDAP user attribute;
requesterLogin = Server.getCurrentLdapUser().loginName;
targetUser = ActiveDirectory.searchExactMatch("User", requesterLogin);
adUser = targetUser[0];


  // Catch exceptions for "targetUser";
  if (adUser == null) {
  System.error("!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  System.error("Module=SetCurrentRequester");
  System.error("targetUser/adUser requester is NULL");
  System.error("!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  throw exception;
  }
requesterToAddress = adUser.getAttribute("mail");


//Debug Output
debugSystem(debugOutput);


//Debug output function
function debugSystem(debugOutput) {
  if (debugOutput == true) {
  System.log("===========================DEBUG_BEGIN=======================");
  System.log("Module=SetCurrentRequester");
  System.log("LDAP requester: " + requester);
  System.log("LDAP login(requesterLogin): " + requesterLogin);
  System.log("Current LDAP user(targerUser): " + targetUser);
  System.log("Current AD user(adUser): " + adUser);
  System.log("Current AD user email(requesterToAddress): " + requesterToAddress);
  System.log("===========================DEBUG_END=========================");
  }
}

Thanks

B