In modern enterprise environments, integrating automation platforms with directory services is essential for ensuring accuracy, scalability, and a seamless user experience. One such powerful integration is the use of LDAP-based option lists in Morpheus.
This blog walks through what LDAP option lists are, how they work, and how we leverage them effectively in real-world use cases.
What are LDAP-Based Option Lists?
LDAP-based option lists allow Morpheus to dynamically fetch data from Active Directory and present it within catalog forms.
Instead of manually entering values, users can:
- Select existing users
- Choose groups
- Pick service accounts
This ensures that all inputs are valid, consistent, and aligned with Active Directory.
Why Use LDAP Option Lists?
1. Eliminate Manual Errors
Manual input can lead to typos or invalid entries. LDAP option lists ensure users select only valid objects.
2. Real-Time Data
Since data is fetched directly from Active Directory:
- New objects appear automatically
- Deleted objects are no longer shown
3. Improved User Experience
Users can search and select instead of typing, making the process faster and more intuitive.
Real-World Use Case
In enterprise environments, LDAP option lists are commonly integrated across multiple service catalogs and workflows such as:
- User creation
- User disable/delete operations
- Service account management
- Group assignments
For example, during user onboarding:
- Fields like username and email may be entered manually
- However, while assigning users to existing groups, manual input can lead to errors
- Users may also not be aware of the exact group names available in Active Directory
To address this, LDAP-based option lists can be implemented to dynamically fetch available groups directly from Active Directory. This allows users to search and select the required group from a predefined list instead of manually entering values.
Key Components of LDAP Option List Configuration in Morpheus
When configuring an LDAP-based Option List in Morpheus, understanding each component is critical to ensure secure, efficient, and user-friendly data retrieval from Active Directory. Below are the core elements involved in the configuration:
1. LDAP URL
The LDAP URL defines how Morpheus connects to your directory service (typically Active Directory). It specifies the protocol, domain controller, and port.
Format:
ldap://<domain-controller>:389
ldaps://<domain-controller>:636- LDAP (Port 389): Standard, non-encrypted connection
- LDAPS (Port 636): Secure connection using SSL/TLS (strongly recommended)
Using LDAPS ensures that credentials and query data are encrypted during transmission, which is essential for production environments and security compliance.
2. Base DN (Search Base)
The Base DN defines the starting point in the directory hierarchy for LDAP searches.
Example:
OU=Users,DC=example,DC=comInstead of searching the entire directory, specifying a targeted Base DN:
- Improves query performance
- Reduces unnecessary data retrieval
- Ensures only relevant objects are returned
This is especially important in large enterprise directories.
3. LDAP Filter
The LDAP filter determines which objects and attributes are retrieved from Active Directory.
Example:
(&(objectClass=user)(cn=<%=phrase%>*))Breakdown:
- objectClass=user → Limits results to user objects
- cn=<%=phrase%>* → Matches users whose common name starts with the input value
- <%=phrase%> → Dynamic placeholder replaced at runtime with user input
- * → Wildcard enabling partial matching
This configuration enables a search-as-you-type experience, where results dynamically update as the user types. It also improves performance by narrowing down results early in the query process.
4. Translation Script
The translation script is used to convert raw LDAP query results into a more meaningful and user-friendly display format within Morpheus.
Benefits:
- Enhances readability
- Provides additional context (e.g., email, username)
- Improves overall user experience in selection lists
Deep Dive: Translation Script Explained with a Real Example
To truly understand how a Translation Script works in Morpheus, let’s break down a real example and see how raw LDAP data is transformed step by step.
Sample Translation Script
for(var x=0; x < data.length; x++) {
var row = data[x];
var a = {};
if(row.cn != null) {
a['name'] = row.cn;
}
a['value'] = row.sAMAccountName;
results.push(a);
}What This Script Does
This script processes LDAP query results stored in the data array and converts each record into a format that Morpheus can display in an Option List.
At a high level, it:
- Iterates through all LDAP results
- Extracts required attributes
- Builds a structured object (name, value)
- Pushes the formatted result into the final results array
Step-by-Step Breakdown
1. Loop Through LDAP Results
for(var x=0; x < data.length; x++)- Iterates over each LDAP record returned from Active Directory
- data.length represents total number of matched users
2. Access Each Record
var row = data[x];- Each row contains LDAP attributes like:
- cn (Common Name / Full Name)
- sAMAccountName (Username)
3. Create a New Output Object
var a = {};- Initializes an empty object to store transformed data
- This will later become one dropdown entry
4. Set Display Name (Conditionally)
if(row.cn != null) {
a['name'] = row.cn;
}- Checks if cn exists (avoids null issues)
- Assigns it as the display value (name)
This ensures users see a readable name like: John Doe
5. Set Internal Value
a['value'] = row.sAMAccountName;- Assigns sAMAccountName as the actual value
- This is what Morpheus stores and uses internally
Example: jdoe
6. Add to Final Results
results.push(a);- Adds the transformed object to the results array
- This array is returned to Morpheus UI
Input vs Output Example
LDAP Input (Raw Data):
{
"cn": "John Doe",
"sAMAccountName": "jdoe"
}Output After Script:
{
"name": "John Doe",
"value": "jdoe"
}Benefits at a Glance
- Real-time integration with Active Directory
- Accurate and validated inputs
- Faster and easier user interaction
- Reduced operational errors
- Scalable and maintainable solution
Best Practices
- Use specific LDAP filters to limit results
- Define a targeted Base DN for better performance
- Use a read-only service account for Bind DN
- Avoid broad queries that return excessive data
- Use translation scripts for better display formatting
Conclusion
LDAP-based option lists play a crucial role in enhancing catalog usability and reliability in Morpheus. By replacing manual inputs with real-time, validated selections from Active Directory, organizations can significantly improve accuracy, efficiency, and user experience.
When implemented correctly, they act as a seamless bridge between automation workflows and enterprise directory services.
Bhavadharini Samiappan
Hewlett Packard Enterprise (PSD-GCC)
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
