Is there a way to retrieve a user's DN without needing the Administrator role?

minman0615 · 2024-12-04T20:01:26+00:00

There was an error rendering this rich post.

I have an AW 23.4 enviornment. I have a Lifecycle that has a Human Activity that is assigned to an "Indvidual" using a property that stores the user's DN value. This value is retrieved by a BPM that runs before the human task, in the BPM there is an AW LDAP web service endpoint that is called and the BPM works IF the user has the "Administrator" role assigned. I confirmed with OpenText engineering that the "GetAuthenticatedUsers" web service call requires the Administrator role to execute. This is a problem because these users will not have the Administrator role set. Is there another AW web service that can be called to get the user's DN by providing the user's username value from the "ReadIdentity" or their First Name and Last Name without having to have administrator role to execute the web service?

This is the format that the Human Activity in the lifecycle is expecting:

cn=SVC_AppWorksTest@domain.com,cn=organizational users,o=AccountsPayable,cn=cordys,cn=defaultInst,o=domain.com

Find more posts tagged with

BPM

AppWorks Platform

API

SOAP

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

All comments

Shanti Vardhan

Hi minman0615,

If you have a username and if you want to get a DN from this, you do not need any services.

The following message map solves the purpose

concat("cn=",bpm:Message/bpm:Element/text(), substring(instance:instanceProperties/instance:startedBy/text(),pos(instance:instanceProperties/instance:startedBy/text(), ',')))

Explanation

instance:instanceProperties/instance:startedBy/text() contains the user DN with which BPM is executed. The value will be like this 'cn=sysadmin,cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=opentext.net'.
Here if we can able to replace cn=system with cn=desiredusername, I believe it addresses your requirement.
So, first we find the position of ',' (that is after user name) :
Expression: pos(instance:instanceProperties/instance:startedBy/text(), ',')
result: '12' (the index of comma)
Next we make get the substring after ',' including ',' using
Expression: substring(instance:instanceProperties/instance:startedBy/text(),pos(instance:instanceProperties/instance:startedBy/text(), ','))
result: ',cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=opentext.net'
Now we prefix "cn=" and dynamicUserName using
Expression: concat("cn=",bpm:Message/bpm:Element/text(), substring(instance:instanceProperties/instance:startedBy/text(),pos(instance:instanceProperties/instance:startedBy/text(), ',')))
So this will be evaluated as concat("cn=","DesiredUserName",substring("cn=sysadmin,cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=opentext.net,12)) resulting into
"cn=DesiredUserName,cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=opentext.net"
Where bpm:Message/bpm:Element/text() in this example contains username. This expression can be replaced with the desired expression from Identity or any other webservice where user name will be present

Let us know the if you could achieve this

AppWorks Tips

You can call the "GetUserDetails" LDAP service; when you remove the DN input element you get the current user details including the DN for the current user.

Read this post at "AppWorks Tips" where I use "FindUserByName" to conquer a similar struggle in a BPM.

//Antal