Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Get value of LDAP "division" value via Script Runner

Trang Ngoc Nguyen
Trang Ngoc Nguyen April 17, 2023

I want to create a REST API to get the LDAP "division" value for a Jira user, but cannot find any way to do it.

What I have done so far:

1. I have created a LDAP connection in Script Runner resources and it works well.

2. I use the following code to retrieve the attribute value:

import com.onresolve.scriptrunner.ldap.LdapUtil
import org.springframework.ldap.core.AttributesMapper

import javax.naming.directory.SearchControls
import static org.springframework.ldap.query.LdapQueryBuilder.query;

def cnList = LdapUtil.withTemplate('LDAP') { template ->

def searchControls = new SearchControls()
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE)

searchControls.setReturningAttributes(new String[] { "*" })

template.search("", "sAMAccountName=xxxx", searchControls, { attributes ->
log.warn(attributes)

def manager = attributes.get('manager')?.get()
def division = attributes.get('division')?.get()
log.warn(division)

//attributes.get('cn').get()
} as AttributesMapper<String>)
}

3. With this code, I am able to retrieve all the standard attributes, for example distinguishedName, manager, directreports, even extensionAttribute11 etc. But I am unable to get the value for "division" attribute, even though there is existing the attribute, and the value can be well retrieved by using Elements Connect (can also be retrieved by using Script Runner to query an Elements Connect field and that field queries for the "division" attribute). The only difference I notice is that other attribute is available in grouped AD tab, while "division" can only be found in "Attribute Editor" in AD. The above code gives me back 53 attributes, but not all of them.

 

I have tried setting returningAttributes to include "division" or search for entries that have "division" but all failed. I would assume that it is because the template search has already limit the search to maybe standard attributes?, but I can't really find anything from the documentation to change that default behavior.

 

Any suggestion would be a great help! Thank you very much!

 

Answer
Watch
Like Be the first to like this
555 views

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Trang Ngoc Nguyen
Trang Ngoc Nguyen April 18, 2023

After hours of searching and trying different things I finally figured it out! The problem actually lies in the way you set up the LDAP resources in ScriptRunner.

When you first set up the resource following the ScriptRunner documentation, you are likely to get the PartialResultException error, and you will probably see the answers in this post:

https://community.atlassian.com/t5/Jira-Software-questions/Ldap-query-via-Jira-script-runner-doesn-t-work-Sync-extra/qaq-p/1351616

and then this 

https://stackoverflow.com/questions/16412236/how-to-resolve-javax-naming-partialresultexception

The StackOverflow post suggests this solution:

If you were using the port 636 change it to 3269

and if you try this solution it will work.

 

However, the problem with this solution is that in only search in the AD Global Catalog, while the "Divsion" attribute does not belong to the Global Catalog, neither is indexed nor have MAPI-Id (Full list of attributes properties here).

So, in order to get the "Division" value, you need to change the port in the resource configuration back to 636. And in "Environment Properties" box, add java.naming.referral=follow

Skjermbilde.PNG

Reply
groups-icon
App Central
TAGS
AUG Leaders

Atlassian Community Events

    See all events