Using Query as search filter for entities in a workflow

I had a requirement to give some people the possibility to change passwords for lower grade students and it was ok to give this right out per school and they had ~15 schools.

The first thing I did was to create one group for each school and the groups have the right to see the workflow. There are also attributes on the groups that identify the school-name that also exist as an attribute on the student objects.

At first I wanted to use the dnlookup control to search for the students but unfortunately that can not be dynamically filtered.

Doing a lot of searching made me stumble upon this old cool solution that I wanted to refresh and describe a little better:

My version is a bit more complex since I first have to look at what the user is entitled to change, which schools that is. And then compare the school with the school of the students as well as doing a name search for a specific student.

The fields of the form are these:

  • availschoolfield with data type dn and control type PickList

  • searchFilter with data type string and control type text

  • availableUsers with data type dn and control type PickList

  • ErrorMsg with data type string and control type Text

  • recipient with data type dn and control type DNDisplay

  • pwd with data type string and control type text

  • schoolcontainer with data type string and control type text

The aim was that the user get a list of schools to choose from in the availschoolfield, then type a free text search of the students name in the searchFilter. When tabbed out from that fielt the search will create a list of users in the availableUsers field. I that do read a few control attributes of that user to display so it is clear that it is the correct user but I have omitted that here since it has no relevance to the query and search functionality.

The ErrorMsg field is hidden until there is an error message to write, this can be omitted but then that has to be reflected in the script as well.

This scenario can be used genetically if just slightly modified to any scenario where there is a need to narrow down a search where the general dnlookup would display much more.


My first query is called pwdschools and has an Query Entity of Group. I have one parameter Key called user and two conditions, CN has to start with wf-pwd and Members equals %user%.

That is used to get the school the user is entitled to change passwords for.

The Second Query is called GetAvailableUsersbasedonMatchingPattern with Query Entity of Student (same as my user but a different start context). Here I have two parameter keys, school and str1 with the query condition “Full Name contains %str1% and xxDepartmentPrimaryEdu (aux string attribute that holds the school name) equals %school%

First to get the selectable schools I have tin in an on load event on the “availschoolfield”:

IDVault.globalQuery( "availschoolfield", "pwdschools", {"user": form.getValue("recipient") });

Choosing their triggers an on blur event to do this:

var s=form.getValue("availschoolfield");

if (s!='')


var o=IDVault.get(null, s, "group", "O");

form.setValues("schoolcontainer", o);


The code below will be added as an event(call it “loadRestrictedUsers”) to the “availableUsers” field and will be called from the “searchFilter” field using the method field.fireEvent(“loadRestrictedUsers”) on a “onBlur” event . This will result in the user “tabbing” out of the “searchFilter” after entering the search string and the “availableUsers” list will be refreshed and loaded with the matching results based on the search criteria.

if (form.getValue("schoolcontainer") != null) {

var schoolfilter = form.getValue("schoolcontainer");


var fil = form.getValue("searchFilter");

try {

var res = IDVault.globalQuery(null, "GetAvailableUsersbasedonMatchingPattern", {"school":schoolfilter, "str1":fil})

} catch(e){};

var actualValue = [];

var actualdn = [];

for (var i=0; i<res[0].length; i ) {

var dn =res[0][i].toString();

var str = IDVault.get(null, dn, 'Student', 'CN').toString();




if((actualValue.length > 0))







field.setValues(actualdn, actualValue);


After selecting a user in the “availableUsers” field I can go ahead and set a new password.

Setting passwords is not easily done in UserApp so I just set it to an aux string attribute and have a null driver react on that setting the password and removing the attribute value. In this case it is certainly secure enough.

Hope this helps someone.


How To-Best Practice
Comment List