I want to create a REST API to get the LDAP "division" value for a Jira user, but cannot find any way to do it.
What I have done so far:
1. I have created a LDAP connection in Script Runner resources and it works well.
2. I use the following code to retrieve the attribute value:
import com.onresolve.scriptrunner.ldap.LdapUtil
import org.springframework.ldap.core.AttributesMapper
import javax.naming.directory.SearchControls
import static org.springframework.ldap.query.LdapQueryBuilder.query;
def cnList = LdapUtil.withTemplate('LDAP') { template ->
def searchControls = new SearchControls()
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE)
searchControls.setReturningAttributes(new String[] { "*" })
template.search("", "sAMAccountName=xxxx", searchControls, { attributes ->
log.warn(attributes)
def manager = attributes.get('manager')?.get()
def division = attributes.get('division')?.get()
log.warn(division)
//attributes.get('cn').get()
} as AttributesMapper<String>)
}
3. With this code, I am able to retrieve all the standard attributes, for example distinguishedName, manager, directreports, even extensionAttribute11 etc. But I am unable to get the value for "division" attribute, even though there is existing the attribute, and the value can be well retrieved by using Elements Connect (can also be retrieved by using Script Runner to query an Elements Connect field and that field queries for the "division" attribute). The only difference I notice is that other attribute is available in grouped AD tab, while "division" can only be found in "Attribute Editor" in AD. The above code gives me back 53 attributes, but not all of them.
I have tried setting returningAttributes to include "division" or search for entries that have "division" but all failed. I would assume that it is because the template search has already limit the search to maybe standard attributes?, but I can't really find anything from the documentation to change that default behavior.
Any suggestion would be a great help! Thank you very much!
After hours of searching and trying different things I finally figured it out! The problem actually lies in the way you set up the LDAP resources in ScriptRunner.
When you first set up the resource following the ScriptRunner documentation, you are likely to get the PartialResultException error, and you will probably see the answers in this post:
and then this
https://stackoverflow.com/questions/16412236/how-to-resolve-javax-naming-partialresultexception
The StackOverflow post suggests this solution:
If you were using the port 636 change it to 3269
and if you try this solution it will work.
However, the problem with this solution is that in only search in the AD Global Catalog, while the "Divsion" attribute does not belong to the Global Catalog, neither is indexed nor have MAPI-Id (Full list of attributes properties here).
So, in order to get the "Division" value, you need to change the port in the resource configuration back to 636. And in "Environment Properties" box, add java.naming.referral=follow
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.