VMware Cloud Community
mg1978
Enthusiast
Enthusiast
‎04-21-2013 11:24 PM

How to get Pre-Windows 2000 user from LDAP login user

HI All,

I have a workflow where I put data in a SQL DB. I put the LDAP login name [ Server.getCurrentLdapUser() ] as a string to the DB. My problem is now, that I need the login ID in the Pre-Windows 2000 format. I work with SQL Reporting server and this one is useing Pre-Windows 2000 format.

Could I get help to convert the LDAP (UPN) format to Pre-Windows 2000 format ?

0 Kudos
7 Replies
Burke-
VMware Employee
VMware Employee
‎04-22-2013 05:30 AM

Greetings, let me provide you with the approach that I use to discover such a thing:

Start by opening the API explorer and locating the Server object...

Once you've done that, look at the getCurrentLdapUser method and see what object type is returned (LdapUser)...

Click on "LdapUser" in the bottom pane of the API explorer and it should take you to the LdapUser object Type, in the bottom pane of the LdapUser Type object, click on the "Scriptable Object" link to take you to the LdapUser Scriptable Object...

Now expand the LdapUser Scriptable Object and take a look at the different properties available, those are what you get to choose from.

When Learning a new Object that I haven't worked with much in vCO, I like to create a simple test workflow that performs a System.log("property name: "+property.value) for each property of an object (and each method too)... So, for this particular example, this would look like:

var user = Server.getCurrentLdapUser();
System.log("allGroups: "+user.allGroups);
System.log("commonName: "+user.commonName);
System.log("displayInfo: "+user.displayInfo);
System.log("displayName: "+user.displayName);
System.log("dn: "+user.dn);
System.log("emailAddress: "+user.emailAddress);
System.log("groups: "+user.groups);
System.log("loginName: "+user.loginName);
System.log("userPrincipalName: "+user.userPrincipalName);

If you are authenticating against LDAP, you will get nice results... If you are authenticating using SSO, your results will not quite be the same - I'm pretty sure this has been discussed in the communities and a bug has probably been submitted. (If anyone who submitted a bug/PR on the LdapUser properties not returning expected results and sees this message, please post a link or details - thank you.)

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
mg1978
Enthusiast
Enthusiast
‎04-22-2013 05:39 AM

Thanks for the replay.

But I need to get a "Donain\userID" as result.

And this give me only the LDAP results like userPrincipalName. I would like to take this upn value and get an result (Domain\userID) in Pre-Windows 2000 format.

0 Kudos
Burke-
VMware Employee
VMware Employee
‎04-22-2013 06:07 AM

When this is the case, you have to work with what you CAN get... in this case, the userPrincipalName property gives you everything you need to construct the Pre-Windows 2000 format:

var upn = user.userPrincipalName;
System.log("Pre-Windows 2000 format: "+upn.split("@")[1].split(".")[0]+ "\\" +upn.split("@")[0]);

This works with SSO AND LDAP configured to connect to AD - well, at least it does in my lab Smiley Wink

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
mg1978
Enthusiast
Enthusiast
‎04-22-2013 06:16 AM

Thanks again,

But this don´t help me, because we have a lot of sub domains where the users have the IDs.

For example:

My userID is "agregoma", the upn name is "agregoma@prod.com" but the pre-windows 2000 name is "IT\agregoma".

The IT domain is a sub domain from the PROD domain.

0 Kudos
Burke-
VMware Employee
VMware Employee
‎04-22-2013 06:23 AM

I can only do so much here.... The first script gives you everything that is capable using the LdapUser object... Check through the results and see if the parts you need are there to put together the proper Pre-Windows 2000 name..

If you don't see the parts you need, then it can't do it using only the getLdapUser method, you'll have to find another way.

Potential options:

- run vCO on Windows, use the "command" object to run a local script that gets the desired account name in the format you want

- run vCO on Windows, use the "command" object to execute dsget or dsquery to get the info you need, parse results as needed

- Use the PowerShell plug-in to retrieve the desired info

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
mg1978
Enthusiast
Enthusiast
‎04-22-2013 06:37 AM

Hi,

yes this was aslo what I thinking.
Do you have a script which offer this?

0 Kudos
Burke-
VMware Employee
VMware Employee
‎04-22-2013 06:51 AM

No, I don't have any scripts to do this outside of vCO for vCO to call... I don't have a domain tree with multiple sub-domains as yours so I cannot test such scripts myself either.

I suggest you google some MIcrosoft-centric terms to locate such a script, then incorporate that script into your vCO workflow by calling it either via PowerShell or the command object (method depends on whether you are running vCO on Appliance or Windows).

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos