Well, I have another vCO instance. This one is version 5.1.1, and installed together with vCenter Server on Windows machine. Also configured with SSO Authentication. And all mentioned methods work fine there.

Is it possible to make vCO appliance 5.5 work the same way?

Another example - vCO appliance version 5.1.0 with SSO authentication - method "Server.searchLdapGroups()" also works. The only problem there is with "Server.searchLdapUsers()" method, which returns empty list if I supply some specific username, and fails with some other error, if I supply wildcard to it. There is another discussion on this forum mentioning this bug, which supposed to be fixed on version 5.1.1.

It looks that these methods work indeed. They throw an exception if I call them with a wildcard '*' as an argument. But if I use a specific name, or part of name + wildcard, then the objects are returned. (What would be the correct syntax for returning all users or all groups then?).

However, I still have problems with that functionality. In my vCO script I need to find LDAP groups to which a specific user belongs. So after receiving a LdapUser object, I try to find LdapGroups by reading its 'groups'/'allGroups' property. And these properties return an empty array even if the user is a member of one or more groups.

I also can't find members of LdapGroup by using 'subGroups' or 'users' property - the list is also empty. More than that - If I take a LdapUser, and LdapGroup objects and call 'isMemberOfGroup' method on LdapUser object, providing LdapGroup as an argument, then method returns 'false', while the user is a member of that group.

The code looks like this:

var admiral, navy;

var users = Server.searchLdapUsers('Admiral');

if (users.length > 0) {

  System.debug('Number of users: ' + users.length);     // Shows "Number of users: 1"

  admiral = users[0];

  var userGroups = admiral.groups;

  System.debug('Number of groups for Admiral: ' + userGroups.length);     // Shows "Number of groups for Admiral: 0"

}

var groups = Server.searchLdapGroups('Navy');

if (groups.length > 0) {

  System.debug('Number of groups: ' + groups.length);     // Shows "Number of groups: 1"

  navy = groups[0];

  var groupUsers = navy.users;

  System.debug('Number of users in Navy: ' + groupUsers.length);     // Shows "Number of users in Navy: 0"

}

System.debug('Admiral is in Navy: ' + admiral.isMemberOfGroup(navy)); // Shows "Admiral is in Navy: false"

The only exception with LdapUser is 'currentLdapUser'. If LdapUser object represents currentLdapUser, then its 'groups'/'allGroups' return the list of LdapGroups as it should be.

Could you try this to check if it is working properly in your environment?

Thank you.

You don't need to provide a wildcard in the search pattern, just provide a plain string and the search should find all records having provided string as substring. For example, searchLdapUsers('adm') will find all users whose name contains 'adm' like 'adm', 'admin', 'vcadministrator', etc.

On the other problem - 'user', 'groups' and 'isMemberOfGroup()' also don't work for me Looks like a bug, or non-implemented functionality.

So, logically then taking the list of all users/groups should be done with an empty string. Looks like it is working, but I have to test it.

Concerning the other problem, like I mentioned - it works on vCO 5.1.1 on Windows machine. So probably this is the Linux appliance issue. I guess I have to find the workaround for this.

Thank you for your help.

It's not Windows vs Linux issue. This code is OS agnostic.

The different behavior is probably related to the fact that the SSO implementations are different - vCO 5.1.x uses SSO 1.0 and vCO 5.5 uses SSO 2.0.