Currently, the manager attribute is mapped in an AD Query object under required attributes, however, that returns the distinguished name for the user's manager.
I have a piece of custom code to trim/format that and turn it into just firstname(space)lastname, but one of our applications is looking for sAMAccountName.
Is there any way to query AD a second time (probably without the custom formatting, since we have some users with the same first/last names) so that it will return the manager's username and put that into a custom session variable?
I'm open to custom TCL code that can be placed in the VPE flow, or if it's possible to do with an iRule i'm happy with that as well.
ok so say i'm logging in, the original AD query pulls my "manager" attribute, and returns the distinguished name "CN=John Smith,OU=something,OU=something, etc.", how do i then use another AD query as you're saying, to pull John Smiths' samaccountname?
ok yes but that is requiring to query the sAMAccountname of the person logging in. I need the sAMAccountname of the person that I report to. Unless i'm missing something here?
Ok I think I didn't understand your issue, but now I hope I do.
When you perform an AD query it returns attributes of the user (either the user that is performing the query or what you are using for the search filter)
In what attribute(s) is the name of the manager stored? And can these attributes is some way be re-used to query for the sAMAccountname of the manager?
The name of the manager is stored in the "manager" attribute in AD, and yes that is precisely my question, whether or not the information stored in the manager attribute of the user performing the query can be re-used in a secondary query and then placed back into a custom session variable?
