Question

Active Directory Integarion with LDAP - How to fetch manager attribute to map organization hierarchy

0

I'm having trouble importing the organizational hierarchy from our Active Directory into our Mendix app. We've successfully integrated Mendix with our local Active Directory using the LDAP module. Our settings are: LDAP Type: "Import users from AD" Map Users to: "Administration.Account" In our Mendix app, we've created roles (Director, Manager, User) that match the corresponding groups in our Active Directory. We've also mapped these AD groups to Mendix roles during the synchronization process. Now we're trying to import the organizational hierarchy. Each user in our Active Directory has a "manager" attribute that points to their supervisor. To achieve this in Mendix: We've created a self-relation (1-* ) in the Administration.Account entity. At the LDAP "User Import Mapping" page, under the "Custom Attribute Mapping" section, I'm trying to map the user-manager relation However, I'm facing two issues: The LDAP "manager" attribute isn't visible in the available attribute list. The Administration.Account/Account_Manager relation isn't visible in the "User Attribute" setting. Could you please provide guidance on accessing the LDAP "manager" attribute to set the organizational hierarchy in Mendix?

asked 2025-01-08

Tolga Ozden

1 answers

Tolga Ozden · Answer 1 · 2025-01-09

I have solved it indirectly.

In the LDAP module there is a microflow called: IVK_TestImportRun

This microflow uses a java action called "Ldap.TestImportAllObjectsAndAttributes" to create list of "TestEntity" and list of "TestAttribute" for LDAP users. There is a relation of 2 entities as follows:

TestEntity (1) --- (*) TestAttribute

I created a microflow to initiate IVK_TestImportRun then iterate over List of TestEntity and for each TestEntity iterate over TestAttribute to find the manager attribute. I found that LDAP manager attribute is a distinguisedName pointing to another LDAP user. When the manager attribute is found, I stored sAMAccountName, distinguishedName and manager distinguishedName of LDAP accounts on a non persistent entity for each LDAP user. Then iterate over this list of non persistent entity to search Administration.Account entities with sAMAccountName and when found, queried for another account with Manager's sAMAccountName. Then I set the Administration.Account self referencing relation to point the manager account.