Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,551,908
Community Members
 
Community Events
184
Community Groups

Get value of LDAP "division" value via Script Runner

Trang Ngoc Nguyen
Trang Ngoc Nguyen Apr 17, 2023

I want to create a REST API to get the LDAP "division" value for a Jira user, but cannot find any way to do it.

What I have done so far:

1. I have created a LDAP connection in Script Runner resources and it works well.

2. I use the following code to retrieve the attribute value:

import com.onresolve.scriptrunner.ldap.LdapUtil
import org.springframework.ldap.core.AttributesMapper

import javax.naming.directory.SearchControls
import static org.springframework.ldap.query.LdapQueryBuilder.query;

def cnList = LdapUtil.withTemplate('LDAP') { template ->

def searchControls = new SearchControls()
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE)

searchControls.setReturningAttributes(new String[] { "*" })

template.search("", "sAMAccountName=xxxx", searchControls, { attributes ->
log.warn(attributes)

def manager = attributes.get('manager')?.get()
def division = attributes.get('division')?.get()
log.warn(division)

//attributes.get('cn').get()
} as AttributesMapper<String>)
}

3. With this code, I am able to retrieve all the standard attributes, for example distinguishedName, manager, directreports, even extensionAttribute11 etc. But I am unable to get the value for "division" attribute, even though there is existing the attribute, and the value can be well retrieved by using Elements Connect (can also be retrieved by using Script Runner to query an Elements Connect field and that field queries for the "division" attribute). The only difference I notice is that other attribute is available in grouped AD tab, while "division" can only be found in "Attribute Editor" in AD. The above code gives me back 53 attributes, but not all of them.

 

I have tried setting returningAttributes to include "division" or search for entries that have "division" but all failed. I would assume that it is because the template search has already limit the search to maybe standard attributes?, but I can't really find anything from the documentation to change that default behavior.

 

Any suggestion would be a great help! Thank you very much!

 

Answer
Watch
Like Be the first to like this
148 views

1 answer

1 accepted

0 votes
Answer accepted
Trang Ngoc Nguyen
Trang Ngoc Nguyen Apr 18, 2023

After hours of searching and trying different things I finally figured it out! The problem actually lies in the way you set up the LDAP resources in ScriptRunner.

When you first set up the resource following the ScriptRunner documentation, you are likely to get the PartialResultException error, and you will probably see the answers in this post:

https://community.atlassian.com/t5/Jira-Software-questions/Ldap-query-via-Jira-script-runner-doesn-t-work-Sync-extra/qaq-p/1351616

and then this 

https://stackoverflow.com/questions/16412236/how-to-resolve-javax-naming-partialresultexception

The StackOverflow post suggests this solution:

If you were using the port 636 change it to 3269

and if you try this solution it will work.

 

However, the problem with this solution is that in only search in the AD Global Catalog, while the "Divsion" attribute does not belong to the Global Catalog, neither is indexed nor have MAPI-Id (Full list of attributes properties here).

So, in order to get the "Division" value, you need to change the port in the resource configuration back to 636. And in "Environment Properties" box, add java.naming.referral=follow

Skjermbilde.PNG

Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Adaptavist
TAGS
AUG Leaders

Atlassian Community Events

See all events