Hi Community members!

I have used the "LDAP Utilities: Search" function and it works well but it is required a person's email.

What if I need to run the same search but I have got only the user account artifact? Do we have something out of the box functions to query ldap based on username only?
May be someone already done this task, so I would be much appreciated if you share your experience with the task.  

From my point of view it could be done via 2 ways:
1. By modifying the default LDAP Search request
2. Run net user %username% /domain command and parse the results.

Please share your thoughts on this question.

BR,
Alexander

------------------------------
Alexander Saulenko
------------------------------

Hi Alexander,

This is possible with fn-ldap-utilities integration. The default pre-process script of "Example: LDAP Utilities: Search" workflow has:
inputs.ldap_search_base = "dc=example,dc=com"
inputs.ldap_search_filter = "(&(objectClass=person)(mail=%ldap_param%))"
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber"
inputs.ldap_search_param = artifact.value

In my environment to query Active Directory LDAP server, if I need to query the username, I can just change the search filter to:
inputs.ldap_search_filter = "(&(objectClass=person)(sAMAccountName=%ldap_param%))"
Or inputs.ldap_search_filter = "(&(objectClass=person)(cn=%ldap_param%))"

You can also return different attributes by edit  search attributes such as:
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber, sAMAccountName"
But you need to update the "LDAP Query results" data table and post-process script accordingly.

------------------------------
LILY WANG
------------------------------

Original Message:
Sent: Thu May 23, 2019 10:03 AM
From: Alexander Saulenko
Subject: LDAP Utilities: Search by cn

Hi Community members!

I have used the "LDAP Utilities: Search" function and it works well but it is required a person's email.

What if I need to run the same search but I have got only the user account artifact? Do we have something out of the box functions to query ldap based on username only?
May be someone already done this task, so I would be much appreciated if you share your experience with the task.  

From my point of view it could be done via 2 ways:
1. By modifying the default LDAP Search request
2. Run net user %username% /domain command and parse the results.

Please share your thoughts on this question.

BR,
Alexander

------------------------------
Alexander Saulenko
------------------------------

If you want to have only one workflow, you can use the following ldap parameter. It'll match eather User Name, Email Sender or Email Recipient
(|(mail=%ldap_param%)(sAMAccountName=%ldap_param%)(proxyAddresses=SMTP:%ldap_param%))

proxyAddresses are for alternate/secondary emails.

------------------------------
Clément Fouque
------------------------------

Original Message:
Sent: Thu May 23, 2019 10:11 PM
From: LILY WANG
Subject: LDAP Utilities: Search by cn

Hi Alexander,

This is possible with fn-ldap-utilities integration. The default pre-process script of "Example: LDAP Utilities: Search" workflow has:
inputs.ldap_search_base = "dc=example,dc=com"
inputs.ldap_search_filter = "(&(objectClass=person)(mail=%ldap_param%))"
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber"
inputs.ldap_search_param = artifact.value

In my environment to query Active Directory LDAP server, if I need to query the username, I can just change the search filter to:
inputs.ldap_search_filter = "(&(objectClass=person)(sAMAccountName=%ldap_param%))"
Or inputs.ldap_search_filter = "(&(objectClass=person)(cn=%ldap_param%))"

You can also return different attributes by edit  search attributes such as:
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber, sAMAccountName"
But you need to update the "LDAP Query results" data table and post-process script accordingly.

------------------------------
LILY WANG

Original Message:
Sent: Thu May 23, 2019 10:03 AM
From: Alexander Saulenko
Subject: LDAP Utilities: Search by cn

Hi Community members!

I have used the "LDAP Utilities: Search" function and it works well but it is required a person's email.

What if I need to run the same search but I have got only the user account artifact? Do we have something out of the box functions to query ldap based on username only?
May be someone already done this task, so I would be much appreciated if you share your experience with the task.  

From my point of view it could be done via 2 ways:
1. By modifying the default LDAP Search request
2. Run net user %username% /domain command and parse the results.

Please share your thoughts on this question.

BR,
Alexander

------------------------------
Alexander Saulenko
------------------------------

Lily, Clément,

Thank you so much for your answers. It is exactly what I tried to do.

I have checked and it works well. 

BR,
Alex.





------------------------------
Alexander Saulenko
------------------------------

Original Message:
Sent: Fri May 24, 2019 02:27 AM
From: Clément Fouque
Subject: LDAP Utilities: Search by cn

If you want to have only one workflow, you can use the following ldap parameter. It'll match eather User Name, Email Sender or Email Recipient
(|(mail=%ldap_param%)(sAMAccountName=%ldap_param%)(proxyAddresses=SMTP:%ldap_param%))

proxyAddresses are for alternate/secondary emails.

------------------------------
Clément Fouque

Original Message:
Sent: Thu May 23, 2019 10:11 PM
From: LILY WANG
Subject: LDAP Utilities: Search by cn

Hi Alexander,

This is possible with fn-ldap-utilities integration. The default pre-process script of "Example: LDAP Utilities: Search" workflow has:
inputs.ldap_search_base = "dc=example,dc=com"
inputs.ldap_search_filter = "(&(objectClass=person)(mail=%ldap_param%))"
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber"
inputs.ldap_search_param = artifact.value

In my environment to query Active Directory LDAP server, if I need to query the username, I can just change the search filter to:
inputs.ldap_search_filter = "(&(objectClass=person)(sAMAccountName=%ldap_param%))"
Or inputs.ldap_search_filter = "(&(objectClass=person)(cn=%ldap_param%))"

You can also return different attributes by edit  search attributes such as:
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber, sAMAccountName"
But you need to update the "LDAP Query results" data table and post-process script accordingly.

------------------------------
LILY WANG

Original Message:
Sent: Thu May 23, 2019 10:03 AM
From: Alexander Saulenko
Subject: LDAP Utilities: Search by cn

Hi Community members!

I have used the "LDAP Utilities: Search" function and it works well but it is required a person's email.

What if I need to run the same search but I have got only the user account artifact? Do we have something out of the box functions to query ldap based on username only?
May be someone already done this task, so I would be much appreciated if you share your experience with the task.  

From my point of view it could be done via 2 ways:
1. By modifying the default LDAP Search request
2. Run net user %username% /domain command and parse the results.

Please share your thoughts on this question.

BR,
Alexander

------------------------------
Alexander Saulenko
------------------------------

Hi all,

Its probably useful to mention here too that we recently updated LDAP Utilities so you can now use an LDAP Wildcard (*) in your search filter:

LDAP Functions for Resilient v1.1.0

https://exchange.xforce.ibmcloud.com/hub/extension/72b8204066d3b290b68bae2eeb1942cd

Example Search Filters using a Wildcard:

(uid=testuser)

Matches to all users that have exactly the value testuser for the attribute uid.

(uid=test*)

Matches to all users that have values for the attribute uid that start with test.

(!(uid=test*))

Matches to all users that have values for the attribute uid that do not start with test.

(&(department=1234)(city=Paris))

Matches to all users that have exactly the value 1234 for the attribute department and exactly the value Paris for the attribute city .

(|(department=1234)(department=56*))

Matches to all users that have exactly the value 1234 or a value that starts with 56 for the attribute department.

(&(department=12*)(!(department=123*)))

Matches to all users that have a value starting with 12, but not starting with 123 for the attribute department.

------------------------------
Shane Curtin
Integrations Engineer - IBM Resilient
------------------------------

Original Message:
Sent: Fri May 24, 2019 03:26 AM
From: Alexander Saulenko
Subject: LDAP Utilities: Search by cn

Lily, Clément,

Thank you so much for your answers. It is exactly what I tried to do.

I have checked and it works well. 

BR,
Alex.





------------------------------
Alexander Saulenko

Original Message:
Sent: Fri May 24, 2019 02:27 AM
From: Clément Fouque
Subject: LDAP Utilities: Search by cn

If you want to have only one workflow, you can use the following ldap parameter. It'll match eather User Name, Email Sender or Email Recipient
(|(mail=%ldap_param%)(sAMAccountName=%ldap_param%)(proxyAddresses=SMTP:%ldap_param%))

proxyAddresses are for alternate/secondary emails.

------------------------------
Clément Fouque

Original Message:
Sent: Thu May 23, 2019 10:11 PM
From: LILY WANG
Subject: LDAP Utilities: Search by cn

Hi Alexander,

This is possible with fn-ldap-utilities integration. The default pre-process script of "Example: LDAP Utilities: Search" workflow has:
inputs.ldap_search_base = "dc=example,dc=com"
inputs.ldap_search_filter = "(&(objectClass=person)(mail=%ldap_param%))"
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber"
inputs.ldap_search_param = artifact.value

In my environment to query Active Directory LDAP server, if I need to query the username, I can just change the search filter to:
inputs.ldap_search_filter = "(&(objectClass=person)(sAMAccountName=%ldap_param%))"
Or inputs.ldap_search_filter = "(&(objectClass=person)(cn=%ldap_param%))"

You can also return different attributes by edit  search attributes such as:
inputs.ldap_search_attributes = "uid,cn,sn,mail,telephoneNumber, sAMAccountName"
But you need to update the "LDAP Query results" data table and post-process script accordingly.

------------------------------
LILY WANG

Original Message:
Sent: Thu May 23, 2019 10:03 AM
From: Alexander Saulenko
Subject: LDAP Utilities: Search by cn

Hi Community members!

I have used the "LDAP Utilities: Search" function and it works well but it is required a person's email.

What if I need to run the same search but I have got only the user account artifact? Do we have something out of the box functions to query ldap based on username only?
May be someone already done this task, so I would be much appreciated if you share your experience with the task.  

From my point of view it could be done via 2 ways:
1. By modifying the default LDAP Search request
2. Run net user %username% /domain command and parse the results.

Please share your thoughts on this question.

BR,
Alexander

------------------------------
Alexander Saulenko
------------------------------