cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Is it possible to do a secondary query in VPE?

Khyler
Altostratus
Altostratus

Currently, the manager attribute is mapped in an AD Query object under required attributes, however, that returns the distinguished name for the user's manager.

 

I have a piece of custom code to trim/format that and turn it into just firstname(space)lastname, but one of our applications is looking for sAMAccountName.

 

Is there any way to query AD a second time (probably without the custom formatting, since we have some users with the same first/last names) so that it will return the manager's username and put that into a custom session variable?

 

I'm open to custom TCL code that can be placed in the VPE flow, or if it's possible to do with an iRule i'm happy with that as well.

 

Any help would be greatly appreciated.

6 REPLIES 6

Hi,

 

You can perform the AD query as many times as you like. Also with and without custom formatting.

Just add the extra AD query agent in your policy in the correct place.

 

Cheers,

 

Kees

ok so say i'm logging in, the original AD query pulls my "manager" attribute, and returns the distinguished name "CN=John Smith,OU=something,OU=something, etc.", how do i then use another AD query as you're saying, to pull John Smiths' samaccountname?

You could do this in the first query. Add the sAMAccountname in the required attributes (see screenshot).

 

0691T00000BTetDQAT.png

ok yes but that is requiring to query the sAMAccountname of the person logging in. I need the sAMAccountname of the person that I report to. Unless i'm missing something here?

Hi,

 

Ok I think I didn't understand your issue, but now I hope I do.

When you perform an AD query it returns attributes of the user (either the user that is performing the query or what you are using for the search filter)

 

In what attribute(s) is the name of the manager stored? And can these attributes is some way be re-used to query for the sAMAccountname of the manager?

 

Cheers,

 

Kees

Hello!

 

The name of the manager is stored in the "manager" attribute in AD, and yes that is precisely my question, whether or not the information stored in the manager attribute of the user performing the query can be re-used in a secondary query and then placed back into a custom session variable?

 

Thanks!