Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Admiral
Admiral
602 views

How to query LDAP directory or AD from IDM workflow form

Hello,

I'm currently using a workflow form to create unique users. This works fine with idm DAL query within the identity vault, but now we also want to be sure this new account name does not exist in the AD directory.

I found some old threads about this subject and the coolsolution "use Ajax with jQuery" which looks great but quite complexe and I wonder if this is still supported with earlier IDM version like 4.6 and 4.7 where JBOSS is no longer used.

Does anyone know how to do that with earlier IDM versions ?

thanks a lot.

Sylvain
Labels (1)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

On 9/14/2018 4:56 AM, sma wrote:
>
> Hello,
>
> I'm currently using a workflow form to create unique users. This works
> fine with idm DAL query within the identity vault, but now we also want
> to be sure this new account name does not exist in the AD directory.
>
> I found some old threads about this subject and the coolsolution "use
> Ajax with jQuery" which looks great but quite complexe and I wonder if
> this is still supported with earlier IDM version like 4.6 and 4.7 where
> JBOSS is no longer used.
>
> Does anyone know how to do that with earlier IDM versions ?


Use the ECMA LDAP approach? Ugly since you instantiate the whole thing
each time. But no worse than using it in the engine.


0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Geoffrey Carman wrote:

> Use the ECMA LDAP approach? Ugly since you instantiate the whole thing each
> time. But no worse than using it in the engine.


Or inject a query into an AD driver to make it a little more fun...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Admiral
Admiral

lhaeger;2487591 wrote:
Geoffrey Carman wrote:

> Use the ECMA LDAP approach? Ugly since you instantiate the whole thing each
> time. But no worse than using it in the engine.


Or inject a query into an AD driver to make it a little more fun...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)


You mean this option : https://www.netiq.com/communities/cool-solutions/querying-connected-system-workflow-form/
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 9/14/2018 10:24 AM, sma wrote:
>
> lhaeger;2487591 Wrote:
>> Geoffrey Carman wrote:
>>
>>> Use the ECMA LDAP approach? Ugly since you instantiate the whole thing

>> each
>>> time. But no worse than using it in the engine.

>>
>> Or inject a query into an AD driver to make it a little more fun...
>>
>> --
>> http://www.is4it.de/en/solution/identity-access-management/
>>
>> (If you find this post helpful, please click on the star below.)

>
> You mean this option :
> https://www.netiq.com/communities/cool-solutions/querying-connected-system-workflow-form/


This will work, but it basically requires another driver, to make a SOAP
call into, and get the results.

That worked for a client we had (Rob is my boss) and their
circumstances. Probably you can do it simpler.


0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 9/14/2018 10:02 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>> Use the ECMA LDAP approach? Ugly since you instantiate the whole thing each
>> time. But no worse than using it in the engine.

>
> Or inject a query into an AD driver to make it a little more fun...


That is a good one! Then you have to parse the results from XDS to
whatever you need, but that is not that hard, just harder in ECMA than
in DirXML Script.

Does throw odd errors if the driver is down.

0 Likes
Absent Member.
Absent Member.

The old "Ajax & jQuery" approach should work with current IDM versions, too.

Wolfgang

On 14.09.2018 10:56, sma wrote:
>
> Hello,
>
> I'm currently using a workflow form to create unique users. This works
> fine with idm DAL query within the identity vault, but now we also want
> to be sure this new account name does not exist in the AD directory.
>
> I found some old threads about this subject and the coolsolution "use
> Ajax with jQuery" which looks great but quite complexe and I wonder if
> this is still supported with earlier IDM version like 4.6 and 4.7 where
> JBOSS is no longer used.
>
> Does anyone know how to do that with earlier IDM versions ?
>
> thanks a lot.
>
> Sylvain
>
>

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.