VMware {code} Community
AndreiAstra
Contributor
Contributor
‎11-09-2010 08:53 AM

How to get Groups for a User?

Hi,

I need to retrieve User Groups that a user belongs to. I''ll use the groups to lookup the authorization rights for the user.

I'm trying the following:

String domain = "MYDOMAIN";

String searchStr = "";

String belongsToGroup = null;

String belongsToUser = "testuser";

Boolean exactMatch = true;

Boolean findUsers = false;

Boolean findGroups = true;

UserSearchResult[] res = service.retrieveUserGroups(sic.getUserDirectory(),

domain, searchStr, belongsToGroup, belongsToUser,

exactMatch, findUsers, findGroups);

However, I'm getting the error:

AxisFault

faultCode: ServerFaultCode

faultSubcode:

faultString: The operation is not supported on the object.

faultActor:

faultNode:

faultDetail:

NotSupportedFault:null

The retrieveUserGroups() works fine, unless I'm trying to specify the 'belongsToUser' variable.

When using MOB, I'm getting:

Method Invocation Result: NotSupported

Is using the retrieveUserGroups() function the correct way to get the user groups?

What is the reason for the error?

Preview file
106 KB
0 Kudos
7 Replies
admin
Immortal
Immortal
‎11-10-2010 03:33 AM

Hi,

As per my understanding, "testuser" is not registered to the domain "MYDOMAIN" that might be reason for "Not Supported" message. One more thing, in "searchStr" field you should specify substring that can be used to search the group based on it. Specifying belongsToUser means only the groups would be returned that matches the search string and have the user specified in the "belongsToUser".

Hope it helps.

0 Kudos
AndreiAstra
Contributor
Contributor
‎11-10-2010 08:59 AM

Hi,

Thank you for the reply.

The user 'testuser' does exist withing the domain:

I have tried different search criteria. However, every time when the field 'belongsToUser' is not empty, I'm getting:

"Method Invocation Result: NotSupported"

I've tried it for two different VCs:

apiVersion="2.5u2" and apiVersion="4.1".

0 Kudos
admin
Immortal
Immortal
‎11-10-2010 09:29 PM

It seems that "testuser" is a user, just wanted to confirm do you have any group named "testuser". If not, can you please specify the group name of user "testuser" in the "searchStr".

domain: "MYDOMAIN"

searchStr: Group of the "testuser"

belongsToGroup:

belongsToUser: "testuser"

exactMatch: false

findUsers: false

findGroups: true

There may be possibility that your ESX server is not the part of "MYDOMAIN" domain, please check ESX's domain setting.

--

0 Kudos
AndreiAstra
Contributor
Contributor
‎11-11-2010 02:21 AM

I executed the above query. Still, I've got "Method Invocation Result: NotSupported".

I can see MYDOMAIN in 'domainList'.

The documentation says:

"The method also throws NotSupported if you specify membership (belongsToGroup or belongsToUser) and the server does not support by-membership queries".

I tried in for versions 2.5 and 4.1. Still got the same message.

Is there any other way to find user groups for a user?

0 Kudos
AndreiAstra
Contributor
Contributor
‎12-13-2010 11:48 AM

I managed my code to work by finding user's groups from Active Directory.

0 Kudos
Steve_Jin
Expert
Expert
‎12-18-2010 11:58 AM

It's expected to get NotSupported exception while trying your code with vCenter directly. It should work with ESX. However the users are different from ESX to vCenter even though an ESX is managed by vCenter. This is discussed with great detail in my book VMware VI and vSphere SDK (Prentice Hall), look for page 443 to 445.

From the exception, I can see you are still using AXIS which is slow and has problem for redistribution. You may want to check out the open source vijava API which is faster/smaller/cleaner and has been downloaded 11,000+. Here is the link: http://vijava.sf.net.

Steve Jin (http://www.doublecloud.org)

Steve JIN Author of VMware VI and vSphere SDK; Creator of open source VI Java API (http://vijava.sf.net); Blogger at http://www.doublecloud.org
0 Kudos
syed04
Contributor
Contributor
‎03-11-2013 11:55 PM

Hi,

Could any one find API on how to relate users and groups using VMware SDK? I am using vCenter 5.1 and the corresponding SDK.

I need to fetch all the privileges assigned to a user, including the ones propagated from the group(s) the user belongs. The scenario is as follows:

-User1 belongs to Group1.

-Group1 is assigned with Role1 with a predefined set of privileges.

-And this Group1 is included for the 'ROOT Folder' permissions, in the vSphere console's 'Permissions' tab and allowed the role to propagate to all its users belonging to the group.

Using the exisiting SDK, I could only find API to get the privileges assigned to either user or group directly. But, not the API which could give the privileges propagated to User1 from Group1. Or API which could find the group(s) to which this user belongs to.

I had explored the following API's to know the privileges and groups related to a user, but not luck yet.

-Authorization Manager (getPrivilegeList,HasPrivilegeOnEntity) . This gives all the privileges of all the groups assigned to an entity.

-User Directory(retrieveUserGroups) : Does not tell whether user belongs to a particular group.

I would appreciate any leads on this.

Thanks in advance.

0 Kudos