Hello,
I am new to the orchestrator,I executes some of its workflows outside ,
so I want to know wether orchestrator provides any workflow that will authenticate the user means if I give the username and password that workflow should take that username and password as inputs and check that wether these credentials are matching to orchestrator's credentials..
Please help me out
-tanvi
Hi Tanvirao,
I found no possibility in vCO to execute custom Ldap-Query, but with the Microsoft-Plugin you are able to get some (not all) AD-Object attributes. The Manager-Attribute is also available.
vCO handles with different Ldap-Objects one is LdapUser and the same of MS-Plugin is Microsoft:User, with the LdapUser-Object you can't get the manager attribute, but with it you get the LdapUser of the current runnig workfow execution user.
I wrote two actions which you will find attached. One to convert the LdapUser-Object into the MS-Plugin-User-Object and the other to get a Property of the MS-UserObject.
With following script code you will get the Ldap-Object of the Manager using both actions:
var objLdapManager = null;
var objLdapUser = Server.getCurrentLdapUser();
var objADUser = System.getModule("com.alstom.vco4.basic").convertLdapUserIntoAdUser(objLdapUser);
var strManager = System.getModule("com.alstom.vco4.basic").getAdUserAttribute(objADUser,"manager");
if (strManager != null) {
objLdapManager = Server.getLdapElement(strManager);
System.log("The manager of '" + objLdapUser.commonName + "' is '" + objLdapManager.commonName + "'.");
} else {
System.log("The manager of '" + objLdapUser.commonName + "' couldn't be found.");
}
Hope this helps.
Rainer
Hi Tanvi,
Can you pls share your use case here regarding authenticating the user in the vCO using workflow. Basically, if you meant that how to authenticate a particular user before running a worklfow, then afaik this is not possible as the user is authenticated when one logins into the vCO Client. User is only able to run a workflow if he has the access rights. I dont think there's an explicit way to authenticate user once again.
As far as authenticating user with orchestrator credentials, there's no workflow which does this.
Hi Angela
Let me first clear what actually i want to do with orchestrator,
I want to create the workflow in which user requests for the VM , and On approval of his manager VM gets automatically created for him
that is the brief idea,I have created one web page for taking username and password from user but after submiting the page ,on backside the file should check that whether it is valid username and password by using active directory of vco
so pls can u help me for that or suggest something another way that i can do
Thank you,waiting for reply
Tanvi
Hi Tanvi,
we had a similar problem, and I found a working solution for us maybe you can use it, too.
We have a workflow which will be executed from a Requester (which only has the rights to execute this single workflow, no loginrights to vCenter), but because of the running credentials of this workflow it is not possible to create VMs within this workflow. The trick is to start a second workflow with other credentials (enough rights to execute other workflows in vCO and rights to create VMs in vCenter). Therefore I made an "User interaction" in the "Requester"-Workflow where the Operator has to put in his credentials to run the second workflow. To check if the credentials are valid I wrote the attached action.
This action has two input parameters (LoginCredentials and the LdapGroup to check if the user is member of). If the given login user is member of the vCO-Administrator-Group or member of the given LdapGroup, the action results true otherwise false.
The action has one known issue: If you have a multi domain environment (as we do) and accounts with the same name you will get true also if only one of the users has the needed rights.
To use that action to validate the user in the "Request"-workflow, you should use the "Custom validation"-property, the only problem is that you have to create it on an other field than the credential input, because it is not available in vCO on a credential object
The value could be like this:
( GetAction("com.alstom.vco4.basic","isValidVcoLogin").call( #operatorCredential,#securityGroup ) ) ? true : "Credentials are not valid."
I hope that helps.
Best regards,
Rainer
Hi Rainer,
Thank you for the help,But still i am facing some problem
when requester requests for the vm,the workflow will find the respective manager of current user and send mail to respective manager and then manager will send answer(approve or reject) for the user interaction
so to find the manager of running user i want to write ldap queries in VCO so can i write that ?
or is there any other solution to find out manager
Please help me out
eagerly waiting for reply
Tanvi
Hi Tanvi,
where is your manager defined?
In the LDAP-User-Object of the workfow running user (the requester)?
Or do you have a special database where you have defined the managers for specific requesters?
Rainer
Hi Rainer
user and manager both are in active directory
so is there any way to write ldap queries in VCO.
Waiting for fast reply
Tanvi
Hi Tanvirao,
I found no possibility in vCO to execute custom Ldap-Query, but with the Microsoft-Plugin you are able to get some (not all) AD-Object attributes. The Manager-Attribute is also available.
vCO handles with different Ldap-Objects one is LdapUser and the same of MS-Plugin is Microsoft:User, with the LdapUser-Object you can't get the manager attribute, but with it you get the LdapUser of the current runnig workfow execution user.
I wrote two actions which you will find attached. One to convert the LdapUser-Object into the MS-Plugin-User-Object and the other to get a Property of the MS-UserObject.
With following script code you will get the Ldap-Object of the Manager using both actions:
var objLdapManager = null;
var objLdapUser = Server.getCurrentLdapUser();
var objADUser = System.getModule("com.alstom.vco4.basic").convertLdapUserIntoAdUser(objLdapUser);
var strManager = System.getModule("com.alstom.vco4.basic").getAdUserAttribute(objADUser,"manager");
if (strManager != null) {
objLdapManager = Server.getLdapElement(strManager);
System.log("The manager of '" + objLdapUser.commonName + "' is '" + objLdapManager.commonName + "'.");
} else {
System.log("The manager of '" + objLdapUser.commonName + "' couldn't be found.");
}
Hope this helps.
Rainer
Hi Rainer,
I have installed Microsoft plugin in VCO ,but the problem is ,it is not showing any method and module like
System.getModule("com.alstom.vco4.basic").convertLdapUserIntoAdUser(objLdapUser);
Thank you
Tanvi.
Hi Tanvirao,
that's right, because the actions are not part of the plugin, they are written by myself and as mentioned I attached them to the community post. As the isValidVcoLogin-action you have to download them from my earlier community posts and import them to vco.
Rainer
Hi Rainer,
Thank you so much
This was really helpful for me
Tanvi.