Hi,
I need to retrieve User Groups that a user belongs to. I''ll use the groups to lookup the authorization rights for the user.
I'm trying the following:
String domain = "MYDOMAIN";
String searchStr = "";
String belongsToGroup = null;
String belongsToUser = "testuser";
Boolean exactMatch = true;
Boolean findUsers = false;
Boolean findGroups = true;
UserSearchResult[] res = service.retrieveUserGroups(sic.getUserDirectory(),
domain, searchStr, belongsToGroup, belongsToUser,
exactMatch, findUsers, findGroups);
However, I'm getting the error:
AxisFault
faultCode: ServerFaultCode
faultSubcode:
faultString: The operation is not supported on the object.
faultActor:
faultNode:
faultDetail:
NotSupportedFault:null
The retrieveUserGroups() works fine, unless I'm trying to specify the 'belongsToUser' variable.
When using MOB, I'm getting:
Method Invocation Result: NotSupported
Is using the retrieveUserGroups() function the correct way to get the user groups?
What is the reason for the error?
Hi,
As per my understanding, "testuser" is not registered to the domain "MYDOMAIN" that might be reason for "Not Supported" message. One more thing, in "searchStr" field you should specify substring that can be used to search the group based on it. Specifying belongsToUser means only the groups would be returned that matches the search string and have the user specified in the "belongsToUser".
Hope it helps.
Hi,
Thank you for the reply.
The user 'testuser' does exist withing the domain:
I have tried different search criteria. However, every time when the field 'belongsToUser' is not empty, I'm getting:
"Method Invocation Result: NotSupported"
I've tried it for two different VCs:
apiVersion="2.5u2" and apiVersion="4.1".
It seems that "testuser" is a user, just wanted to confirm do you have any group named "testuser". If not, can you please specify the group name of user "testuser" in the "searchStr".
domain: "MYDOMAIN"
searchStr: Group of the "testuser"
belongsToGroup:
belongsToUser: "testuser"
exactMatch: false
findUsers: false
findGroups: true
There may be possibility that your ESX server is not the part of "MYDOMAIN" domain, please check ESX's domain setting.
--
I executed the above query. Still, I've got "Method Invocation Result: NotSupported".
I can see MYDOMAIN in 'domainList'.
The documentation says:
"The method also throws NotSupported if you specify membership (belongsToGroup or belongsToUser) and the server does not support by-membership queries".
I tried in for versions 2.5 and 4.1. Still got the same message.
Is there any other way to find user groups for a user?
I managed my code to work by finding user's groups from Active Directory.
It's expected to get NotSupported exception while trying your code with vCenter directly. It should work with ESX. However the users are different from ESX to vCenter even though an ESX is managed by vCenter. This is discussed with great detail in my book VMware VI and vSphere SDK (Prentice Hall), look for page 443 to 445.
From the exception, I can see you are still using AXIS which is slow and has problem for redistribution. You may want to check out the open source vijava API which is faster/smaller/cleaner and has been downloaded 11,000+. Here is the link: http://vijava.sf.net.
Steve Jin (http://www.doublecloud.org)
Hi,
Could any one find API on how to relate users and groups using VMware SDK? I am using vCenter 5.1 and the corresponding SDK.
I need to fetch all the privileges assigned to a user, including the ones propagated from the group(s) the user belongs. The scenario is as follows:
-User1 belongs to Group1.
-Group1 is assigned with Role1 with a predefined set of privileges.
-And this Group1 is included for the 'ROOT Folder' permissions, in the vSphere console's 'Permissions' tab and allowed the role to propagate to all its users belonging to the group.
Using the exisiting SDK, I could only find API to get the privileges assigned to either user or group directly. But, not the API which could give the privileges propagated to User1 from Group1. Or API which could find the group(s) to which this user belongs to.
I had explored the following API's to know the privileges and groups related to a user, but not luck yet.
-Authorization Manager (getPrivilegeList,
) . This gives all the privileges of all the groups assigned to an entity.HasPrivilegeOnEntity
-User Directory(retrieveUserGroups
) : Does not tell whether user belongs to a particular group.
I would appreciate any leads on this.
Thanks in advance.