/
Using LDAP in Script Field Processor
Using LDAP in Script Field Processor
- Andy Brook [Plugin People]
Owned by Andy Brook [Plugin People]
Jul 05, 2021
4 min read
Since JEMH 3.3.46
Its now possible to query LDAP from within the Script Field Processor (as well as in the Custom Field Default) through the jemhUtils helper class:
How it works
In order to use LDAP you will need to have LDAP setup /selected within the profile, meaning alternateID → ldap, create from → ldap, even if ‘user creation’ is not enabled (UI limitation) talk to us if you need something else!
By default, just calling jemhUtils.getLdap() will provide an LDAP helper class initialized with the first selected ldap config in the profile, if there are more than one configs selected, a report message will be added in the LDAP section to point this out.
Available LDAP helper methods
public IJEMHUser getUserDetails(String ldapUsername)
public IJEMHUser getUserDetailsByEmailAddress(String emailAddress)
public List<IJEMHUser> searchWildcarded(String partialLdapFilter)
public Map<String, List<Object>> getAllUserAttributes(String fullLdapFilter);
public Map<String, List<Object>> getLimitedUserAttributes(String fullLdapFilter, String[] requiredReturnAtts);
public Map<String, Map<String, List<Object>>> search(String fullLdapFilter, String[] requiredReturnAtts, int maxResults);Spec of LDAPUser
public String getUserId();
public void setUserId(String userId);
public String getFullName();
public String getEmail();
public void setEmail(String email);
public String getFirstName();
public void setFirstName(String firstName);
public String getLastName();
public void setLastName(String lastName);
public JemhUserNameFormat getFullNameFormat();
public void setFullNameFormat(JemhUserNameFormat fullNameFormat);
public String[] getProxyAddresses();
public void setProxyAddresses(String[] proxyAddresses);
public void setDisplayName(String value);
public String getDisplayName();
public boolean isUserEnabled();
public void setUserEnabled(boolean isEnabled);
public ApplicationUser getJiraUser();
void setObjectClasses(String[] split);
public String[] getObjectClasses();
public void setPreferredUserDirectoryForCreate(Long preferredUserDirectoryForCreate);
public Long getPreferredUserDirectoryForCreate();Example
var ldap=jemhUtils.getLdap();
print('ldap = '+ldap.getClass().getName());
var username='andy';
var ldapUser = ldap.getUserDetails(username);
if (ldapUser != "null") {
print('user record for andy: '+ldapUser.getEmail());
} else {
print('no user found: '+username);
}Screenshot
Here we show the above script, along with a related Test Case being dynamically evaluated:
Full access to multiple-result attributes
Example Script
var ldap=jemhUtils.getLdap();
print('ldap = '+ldap.getClass().getName());
var username='andy';
var ldapUser = ldap.getUserDetails(username);
if (ldapUser != "null") {
print('user record for andy: '+ldapUser.getEmail());
} else {
print('no user found: '+username);
}
var atts = ['samAccountName','sn','mail','objectClass', 'memberOf'];
var matches = ldap.search('(sn=brook)', atts, 5);
var keySet = matches.keySet();
var keySetIter = keySet.iterator();
while (keySetIter.hasNext())
{
var key=keySetIter.next();
print('[record: '+key+']');
var hashMap=matches.get(key);
var hashMapKeys = hashMap.keySet();
var hashMapKeysIter = hashMapKeys.iterator();
while (hashMapKeysIter.hasNext())
{
var _key=hashMapKeysIter.next();
//print('got attrib key: '+_key);
var arrayListVal=hashMap.get(_key);
//print('got attrib key['+_key+'] value class: '+arrayListVal.getClass().getName());
var attribValueIterator=arrayListVal.iterator();
var idx=0;
while(attribValueIterator.hasNext())
{
var attribVal=attribValueIterator.next();
print('\t'+_key+"["+(idx++)+"] = "+attribVal);
}
}
}Console output
ldap = com.javahollic.jira.emh.service.DefaultJEMHLdapVelocityContextUtil
user record for andy: andy@dev.ppl.com
[record: andy]
mail[0] = andy@dev.ppl.com
sAMAccountName[0] = andy
objectClass[0] = top
objectClass[1] = person
objectClass[2] = organizationalPerson
objectClass[3] = user
sn[0] = Brook
memberOf[0] = CN=TS-read write,DC=dev,DC=ppl,DC=com
memberOf[1] = CN=differentgroup,OU=OtherGroups,DC=dev,DC=ppl,DC=com
memberOf[2] = CN=example-sub-sub-group,CN=Users,DC=dev,DC=ppl,DC=com
memberOf[3] = CN=jira-users,CN=Users,DC=dev,DC=ppl,DC=com
memberOf[4] = CN=Remote Desktop Users,CN=Builtin,DC=dev,DC=ppl,DC=com
memberOf[5] = CN=Administrators,CN=Builtin,DC=dev,DC=ppl,DC=comEdit time screenshot
Searching for a single user
var filter = "(sAMAccountName=Administrator)";
var ldap = jemhUtils.getLdap();
var atts = [ "sAMAccountName", "mail", "primaryGroupID", "memberOf" ];
var userAtts = ldap.getLimitedUserAttributes(filter, atts);
var keySetIter = userAtts.entrySet().iterator();
while (keySetIter.hasNext())
{
var anAtt = keySetIter.next();
print("Attr: "+anAtt.getKey()+" == "+anAtt.getValue());
}
// showing how to get single value from result
print("primaryGroupID = "+userAtts.get("primaryGroupID").get(0));
var userGroups = userAtts.get("memberOf").iterator();
while (userGroups.hasNext())
{
var aGroup = userGroups.next();
print("usergroup: "+aGroup);
}Results:
Attr: mail == [Administrator@dev.ppl.com]
Attr: sAMAccountName == [Administrator]
Attr: primaryGroupID == [513]
Attr: memberOf == [CN=jira-administrators,CN=Users,DC=dev,DC=ppl,DC=com, CN=jira-users,CN=Users,DC=dev,DC=ppl,DC=com, CN=Group Policy Creator Owners,CN=Users,DC=dev,DC=ppl,DC=com, CN=Domain Admins,CN=Users,DC=dev,DC=ppl,DC=com, CN=Enterprise Admins,CN=Users,DC=dev,DC=ppl,DC=com, CN=Schema Admins,CN=Users,DC=dev,DC=ppl,DC=com, CN=Remote Desktop Users,CN=Builtin,DC=dev,DC=ppl,DC=com, CN=Administrators,CN=Builtin,DC=dev,DC=ppl,DC=com]
primaryGroupID = 513
usergroup: CN=jira-administrators,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=jira-users,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=Group Policy Creator Owners,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=Domain Admins,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=Enterprise Admins,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=Schema Admins,CN=Users,DC=dev,DC=ppl,DC=com
usergroup: CN=Remote Desktop Users,CN=Builtin,DC=dev,DC=ppl,DC=com
usergroup: CN=Administrators,CN=Builtin,DC=dev,DC=ppl,DC=comGet all user attributes:
If the user filter finds many users, only the first is returned - i.e., if you search by email, be sure there is only ONE user in the directory with that “mail” attribute value!
var filter = "(sAMAccountName=Administrator)";
var ldap = jemhUtils.getLdap();
var userAtts = ldap.getAllUserAttributes(filter);
var keySetIter = userAtts.entrySet().iterator();
while (keySetIter.hasNext())
{
var anAtt = keySetIter.next();
print("Attr: "+anAtt.getKey()+" == "+anAtt.getValue());
}
// showing how to get single value from result
print("primaryGroupID = "+userAtts.get("primaryGroupID").get(0));Execution result:
Get specific user attributes:
var filter = "(sAMAccountName=Administrator)";
var ldap = jemhUtils.getLdap();
var atts = [ "sAMAccountName", "mail", "primaryGroupID" ];
var userAtts = ldap.getLimitedUserAttributes(filter, atts);
var keySetIter = userAtts.entrySet().iterator();
while (keySetIter.hasNext())
{
var anAtt = keySetIter.next();
print("Attr: "+anAtt.getKey()+" == "+anAtt.getValue());
}
// showing how to get single value from result
print("primaryGroupID = "+userAtts.get("primaryGroupID").get(0));Execution result:
, multiple selections available,
Related content
Populate the custom field with the extracted value from the email body
Populate the custom field with the extracted value from the email body
Read with this
Supported fields for use with Directives
Supported fields for use with Directives
Read with this
Use Directive Sets
Use Directive Sets
Read with this
Performing HTTP requests
Performing HTTP requests
Read with this