This is a wiki page to contribute helpful LDAP Queries in a centralized post.
Note: This is a wiki post and others can contribute directly to it.
- Add the code to code blocks
- Add code to most appropriate section (add as needed)
- Any information is helpful!
Request Options
LDAP URL
LDAP URL includes the target scoped OU path for the additional query params. Best practice is to make this as specific as possible to speed the query up and limit the scope of returned objects. This string needs to be HTML Encoded if you have special characters or spaces.
Example of the highest level LDAP URL is:
ldap://<ADServer>.com:389/dc=domain,dc=com
Example of a more specific LDAP URL with HTML Encoding:
ldap://<ADServer>.com:389/ou=Test%20-%20Hyphen,ou=Users,ou=Environment,dc=domain,dc=com
Credentials
Credential can be entered locally on the Option List directly, or, you can consume a credential object within Morpheus so there is a centralized location for User/Password updates.
The user needs to have permissions to whatever OU you are searching and is typically referred to as a Bind User
. Essentially Read Only access is the requirement.
LDAP Query
LDAP Query allows for globally available additional queries that are required to further filter the list returned. Morpheus allows for the optional <%=phrase%>
variable to allow modifying the query as the user types to create an even more dynamic filter.
Translation Script
Like the Translation Script on other Option Lists, this allows a user to take the data returned and convert it into a useable list of Name:Value
pairs. I’ve found that with LDAP it’s often best to have an If Statement
for the name (and possibly the value) as there can be inconsistencies on available additional attributes within AD.
The lower portion of the code is simply a sort on the results to ensure an alphabetical array.
for(var x=0;x < data.length ; x++) {
var row = data[x];
var a = {};
if(row.displayName != null) {
a['name'] = row.displayName;
} else {
a['name'] = row.sAMAccountName;
}
a['value'] = row.sAMAccountName;
results.push(a);
}
results.sort(function(a, b) {
if (a.name < b.name) {
return -1;
}
if (a.name > b.name) {
return 1;
}
return 0;
});
Queries
Departments
-
List current user Department
(&(objectClass=user)(cn=<%=user.username%>*))
-
Translation
if(input.user != null) {
for(var x=0;x < data.length ; x++) {
var attrib = "departmentNumber"
var row = data[x];
var a = {};
if(row.sAMAccountName === input.user.username) {
if(row[attrib] != null) {
a['name'] = row[attrib];
} else {
a['name'] = "No Department";
}
if(row[attrib] != null) {
a['value'] = row[attrib];
} else {
a['value'] = null;
}
results.push(a);
}}}
Groups
-
List all Groups
(&(objectClass=group)(cn=*))
or
(&(objectClass=group)(cn=<%=phrase%>*))
-
Translation
for(var x=0;x < data.length ; x++) {
var row = data[x];
var a = {};
if(row.displayName != null) {
a['name'] = row.displayName;
} else {
a['name'] = row.name;
}
a['value'] = row.sAMAccountName;
results.push(a);
}
results.sort(function(a, b) {
if (a.name < b.name) {
return -1;
}
if (a.name > b.name) {
return 1;
}
return 0;
});
Manager
-
List Manager for current user
(&(objectClass=user)(cn=*))
or
(&(objectClass=user)(cn=<%=phrase%>*))
-
Translation
if(input.user != null) {
for(var x=0;x < data.length ; x++) {
var row = data[x];
var a = {};
if(row.sAMAccountName === input.user.username) {
if(row.manager != null) {
a['name'] = row.manager;
} else {
a['name'] = "No Manager";
}
if(row.manager != null) {
a['value'] = row.manager;
} else {
a['value'] = null;
}
results.push(a);
}}}
Users
-
List all Users
(&(objectClass=user)(cn=*))
or
(&(objectClass=user)(cn=<%=phrase%>*))
-
Translation
for(var x=0;x < data.length ; x++) {
var row = data[x];
var a = {};
if(row.displayName != null) {
a['name'] = row.displayName;
} else {
a['name'] = row.sAMAccountName;
}
a['value'] = row.sAMAccountName;
results.push(a);
}
results.sort(function(a, b) {
if (a.name < b.name) {
return -1;
}
if (a.name > b.name) {
return 1;
}
return 0;
});