Find User activity not returning email field from AD

asked on July 21, 2016 • Show version history

I am using the Find User activity to return the email for an Active Directory user but the email token is being set blank.

I have verified that the user has an email specified under Active Directory User and Computers.

Another user had this problem last year and was never able to resolve it, he ended up using LDAP instead.

What is preventing the non-LDAP method from working? How does it authenticate with the AD server in the first place since the services all run as Local Service?

I should also add that we use Forms without LDAP and Forms pulls AD user emails just fine but from another server. Not sure what the difference is in how the two products make the request.

0 0

replied on July 21, 2016

When you say he used LDAP, do you mean a separate Active Directory trustee directory was created using the LDAP tab in the Trustee Directory Manager and this was used instead of the default repository trustee directory?

if that's the case, this is expected behavior. Repository trustee directories only have access to the user's information in the repository and the user's attributes. The Laserfiche Server does not query Active Directory for any of the user's extra properties. Attributes can be added for the email for Workflow to read, but populating them with values is a manual process, not a sync of Active Directory data. When repository trustee directories are used, Workflow does not know which Active Directory the user belongs to, so it does not attempt to query for any properties.

If data is needed form Active Directory, then a LDAP trustee directory has to be used so WF will query it directly.

0 0

View 2 previous replies

replied on July 21, 2016

Oh man that sucks. I am making requests for AD user emails from the Forms product without any authentication. I should just forward all email requests to the Forms server.

Why isn't Workflow allowed to use the same method as Forms? I feel like there is already too many links in the chain to sending an email, adding an LDAP authentication user just makes the chain even longer.

0 0

replied on July 22, 2016

Forms does exactly the same thing. You set the domain in the configuration page and it uses that as its trustee provider when looking up email addresses.

0 0

replied on July 22, 2016

Ok I must be misunderstanding. Entering the domain controller address is not a problem. I just don't want to use LDAP, because it requires authentication. Forms does not require any authentication. The service runs as Local System and we never enter any domain credentials in.

In the workflow Trustee Directory Manager I only see an option to configure LDAP which requires authentication.

0 0

SELECTED ANSWER

replied on July 22, 2016

It's the same in Workflow. "Windows authentication" uses the service account.

0 0

replied on July 22, 2016

Ok perfect, that's what I needed. Usually all the wizards that ask for Windows Authentication require the service run as a Windows User.

I did run into a strange issue though, in forms when passing the user if you enter the username it doesn't find them. You must enter domain\username. In workflow if you enter domain\username it doesn't find them and you must enter only the username. Seems they work opposite of each other.

0 0

Question

Question

Find User activity not returning email field from AD

Answer

Replies

Sign in to reply to this post.