Aegis Ldap Adapter Example Workflow #1 – Automating User Profile Picture Updates

Martin Cotter

By: Martin Cotter

February 12, 2014 11:01 am

Reads: 230

Comments:0

Rating:5.0

This article looks at automating a mundane IT task with the help of the LDAP Adapter for Aegis – Updating User Profile Pictures!

User profile pictures are stored in an LDAP attribute in a binary format, so this is also a good example of how complex data handling can be done in a really simple way.  So lets automate it!

The LDAP adapter is available here

This is a simple process example of what we want to automate.  No two implementations are ever the same so think about how you may want to automate this and work out how!

The Basic Steps:

  1. User logons onto IT Portal, Clicks a Link which brings up a formatted email – User just needs to add their photo and hit Send.
  2. Aegis receives the email and triggers a workflow.
  3. Aegis looks up user details in LDAP Directory.
  4. Save the attachment file from the email.
  5. Check the File properties to ensure is correct format i.e. JPG and not above certain size.
  6. Send Request to users manager to approve of photo change.
  7. Update the users photo!
  8. Cleanup as required.

 

As always have a flowchart of what you intend to automate so you don’t end up with logic problems in the workflow: (click to enlarge)

aa2

 

So to be clear – there are 2 manual operations here, everything else is automatic, and the manual tasks should be pain free.

1.  The user needs to request the picture change.

2.  The users manager needs to approve the change.

 

So the Automation!

1.  User logons onto IT Portal, Clicks a Link which brings up a formatted email – User just needs to add their photo and hit Send.

This is the step which will trigger the Aegis workflow.  Using formatted emails is handy as everyone is used to email, and a trigger can be easily created for the expected email format.

An example simple piece of HTML to generate a formatted email is :

<p>
Change Profile Photo Request:
<a href=”mailto:support@sigea.moc?Subject=Change%20Profile%20Photo%20Request&Body=Please%20attach%20your%20updated%20profile%20picture.” target=”_top”>
Request!</a>
</p>

 

The address in the mailto should be a mailbox which Aegis monitors.

 

2.  Aegis receives the email and triggers a workflow.

This is where Aegis will start.  We just need to have a trigger which matches the email format :

aa3

 

This just does a simple match on the subject field, and the preformatted email makes sure its always correct.

 

3.  Aegis looks up user details in LDAP Directory.

For this workflow we want 3 pieces of information about the user.   The users manager (for approval), the existing photo (if any), the users Display Name (for correspondence).

The email itself creates an event in Aegis which triggers the workitem.  This event will have the email senders email address or other attribute, depending on the email server.  In my case I get the users email address, so I can find the user in the directory using the mail attribute as a search filter.

You may have noticed I haven’t actually mentioned which Directory I am communicating with here.   It really doesn’t matter, the attribute names may vary slightly, but other than that it makes no difference.  I will be using Active Directory, as that is what my email client connects to!

So this step is the first interaction using LDAP.  We use the Object Query LDAP Adapter activity to find the user.

aa4

 

Notice that the filter is dynamic – it will run against the users email address at runtime.  This activity returns the users Distinguished Name (DN).

If we find the user above, getting the user details step is really trivial – we just request 3 attributes.  In Active Directory the users photo is stored in the thumbnailPhoto attribute, in eDirectory and OpenLDAP it is in the jpegPhoto attribute.  I am also wanting the manager and displayname attributes of the user.

This is what that looks like at runtime:

aa5

 

The current picture is a lot of HEX data.  We need to save this to a file using this activity to WRITE the HEX to file.

We will use the READ version later.

 

4.  Save the attachment file from the email.

In this step we just use the ‘Extract and Save Email attachment‘ activity to save the file attachment of the email to disk.

 

5.  Check the File properties to ensure is correct format i.e. JPG and not above certain size.

I used the activity here to get file properties : https://www.netiq.com/communities/cool-solutions/cool_tools/aegis-depot-activity-file-details/

It outputs the file extension and size in bytes which we need in order to verify the file is not too large.  First though I use the ‘Find Files‘ activity to find a JPG file (from the attachment), and then test it if it exists.

Additionally I ran a powershell script on the file to check the height and width dimensions of the file.  This is optional though, don’t worry about it!

Scripts can have a great part to play in workflows, and when I use them I like to have the output as simple as possible and have the script do any error handling rather than leave a lot of decision making to the workflow. This script will either return RESULT:SUCCESS or RESULT:FAILURE + MESSAGE, making it simple to make next decision in workflow.    The File path, and dimensions are dynamic in my implementation.

[bool]$result = $true
$failureMessage = “”

$local:ErrorActionPreference = “SilentlyContinue”
$local:WarningPreference =”SilentlyContinue”

try
{
add-type -AssemblyName System.Drawing
$file = Get-Item “C:\inetpub\wwwroot\images\231721897\mjc1.JPG”
$img = [System.Drawing.Image]::FromFile($file)
if ($img.Width -gt 300 -or $img.Height -gt 300) {$script:result=$false; $failureMessage=”Dimensions Exceed Limit”}

}
catch [Exception]
{
$script:result=$false;
$failureMessage = $_.Exception.Message
}
finally
{
IF (!$script:result)
{
WRITE-HOST “RESULT:FAILURE”
$failureMessage
}
ELSE
{
WRITE-HOST “RESULT:SUCCESS”
}
}

 

6. Send Request to users manager to approve of photo change.

We found the Managers DN in step 3, so we can just repeat tactic to get that users mail address again from LDAP.  Then we email them asking them to approve the change.  There are loads of ways this could be implemented, but I decided to use pure Aegis and present the data in an Aegis Input form as its really simple.  So my mail to the manager has a link to the AegisInputForm webpage and the user is presented with the Input Form.   This is all just HTML by the way – all I do is have the users original and new pictures in a file location which is available via HTTP.

aa6

 

 

The Approve and Deny buttons decide where the workflow goes next.

 

7.  Update the users photo!

Ok so its time to perform the update!  Now we READ the file with ‘Read Binary file’ activity which again produces some lovely HEX at output.

Then use the Modify Object LDAP adapter activity to modify the thumbnailPhoto attribute:

aa8

 

Nice!  Now just email the user telling them the result be it a success or a failure for any reason (user not found, file too large etc.)

 

8.  Cleanup as Required

Its always best practice to clean up at the end of the workflow.  In this case I’m cleaning up temporary files and folders that were created during the workitem run – i.e. a temporary folder to hold pictures and the pictures themselves.

Finally – this as usual is just a demo – make sure you ask the ‘WHAT IF?’ questions and error handle appropriately.  What if for example the Manager doesn’t read the email – will the workitem run forever?  Best of luck!

 

workflow

 

 

 

 

VN:D [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
Aegis Ldap Adapter Example Workflow #1 – Automating User Profile Picture Updates, 5.0 out of 5 based on 1 rating

Tags: , , , , ,
Categories: Aegis, eDirectory, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment