The last VMM toolkit I worked with had a service like Get Attributes by ID via implementing an LDAP query, something like the one below. The "borenra" value was an input variable to the BAW service flow like username and I could set whatever attributes I wanted to get out were set as another input variable that took in LDAP properties that would then be parsed on the LDAP query results and returned as an array for the output of the BAW service.
(&(objectCategory=Person)(sAMAccountName=borenra))
I ran into a similar issue where we had an email address coming in, but we needed to use the user's sAMAccountName. Note: this ended up being a temporary solution because we ended up standardizing on the email address as the login attribute for BAW via WAS Configuration to prevent there being multiple userIds at play. To resolve this requirement, I was able to create a copy of a service in that toolkit and instead of having the service generate the LDAP query as above, I had the copy generate a query like the below to query against the attribute I was interested in and parse the username. What you are able to do will of course depend on your toolkit and the underlying jar file that is handling the integration.
(&(objectCategory=Person)(telephoneNumber=8675309))
Whenever I have to work on integrations to LDAP, I always use an LDAP query tool to make sure that my LDAP query or filter is correct before trying to put it into BAW so I don't spend time scratching my head wondering why the generated query won't work. This way when I get to implementing it in BAW, if it doesn't work, I know there is something going on with my query generation and I can compare it to the known working LDAP query from the other tool.
------------------------------
Rackley Boren
------------------------------
Original Message:
Sent: Wed August 25, 2021 03:06 AM
From: Harsha Randunna
Subject: Get AD username (uid) attribute by passing the other attribute (telephoneNumber)
Hi Jens,
Thanks you for reply.
VMM toolkit already given the results of other attributes when we pass the username (uid). But in here we already get employeeNumber from there other system through a API and we need to get AD username (uid) by passing username (uid).
Thanks
Harsha Randunna
------------------------------
Harsha Randunna
Original Message:
Sent: Wed August 25, 2021 02:54 AM
From: Jens Engelke
Subject: Get AD username (uid) attribute by passing the other attribute (telephoneNumber)
Hi Harsha,
VMM can be configured to know about LDAP attributes even beyond its default schema. If you did, you can obtain a user's telephoneNumber or employeeNumber when querying a user record.
The VMM API also allows querying for all accounts that match a given filter (such as employeeNumber eq "12345"). If that is passed through in "your" VMM toolkit, I cannot tell. If you have the VMM toolkit's source, you can definitely make it work.
------------------------------
Jens Engelke
Original Message:
Sent: Tue August 24, 2021 08:58 AM
From: Harsha Randunna
Subject: Get AD username (uid) attribute by passing the other attribute (telephoneNumber)
Can we get a one attribute value by passing another attribute in place of (uid) in IBM BAW. Currently we are using VMM toolkit to fetch AD attribute such as telephoneNumber, employeeNumber etc by passing the username (uid). Now we just need to know whether there is any way to fetch AD username (uid) by passing another attribute as an example telephoneNumber.
------------------------------
Harsha Randunna
------------------------------