Ayearon Inc is proud to announce the latest update of its Planbook for FootPrints 12 v1.3 under the Creative Commons Attribution 4.0 International (CC BY 4.0) license (summary and full license).
The Planbook is the product of years of experience helping customers plan, implement, and improve services and processes using automated workflow tools. The Planbook is designed for the following uses, related to the BMC FootPrints 12 software:
Plan for a new implementation.
Configuration and customization of the software.
Track status of the implementation.
Document the configuration and customization of the product in production.
One of the most critical of features in v11 missing from v12 is manager approvals. Fortunately, there is a workaround in Microsoft SQL Server that is sufficient for most Windows Active Directory environments.
This post will document how to implement this workaround. Later we will explore some of the limitations of the workaround. The implementation requires three major steps, each of which are described below.
Link an ADSI server to the FootPrints database server.
Create a view of the LDAP server in the FootPrints database.
Configure the FootPrints Address Book to use the new database view.
When complete, FootPrints 12 address book queries will be made against LDAP via the ADSI connector in SQL Server, which will also provide the Manager’s login ID in a format (sAMAccountName) that is usable to the FootPrints 12 approval engine.
Link the ADSI Server
The blog post How to: Use SQL Server to query Active Directory describes how to perform this step, with a modification. For brevity we will not repeat the details in that post. You will perform these configurations in the database server used by FootPrints 12.
Before attempting this process, you will need a service account in AD whose login ID and password are known to you. Please do not use your own login because that password will probably be changed every 60-90 days. Administrator privileges are not required for this function.
In the Security tab, in the options under “For the login not defined in the list above, connections will:” if you use the choice “Be made using login’s current security context” as per the article, FootPrints will display error messages during contact searches because the Apache Tomcat service used by FootPrints does not have an appropriate security context.
Please choose instead “Be made using this security context” and enter the domain, login ID, and password for the AD service account.
Below is a summary of the settings that will be used in the Linked Server.
Linked server: ADSI Server type: Other data source Provider: OLE DB Provider for Microsoft Directory Services Product name: Active Directory Services 2.5 Data source: adsdatasource Provider string: ADSDSOObject
Create a Database View
In the FootPrints database, generally fpscdb001, you will create a new view. You can paste the following query into the new view. Please note that the LDAP server name and domain names will need to be tailored to your environment. This view includes commonly used fields but additional fields may be required for your environment.
This query / view assumes the primary key of the address book is sAMAccountName (User ID). If you are using another field, such as email address, you will need to make appropriate changes to the upper select and join parameters.
SELECT usr.sAMAccountName, usr.givenName, usr.sn, usr.department, usr.mail, usr.displayName, usr.title, usr.telephoneNumber, usr.physicalDeliveryOfficeName, mgr.sAMAccountName as ManagerId, manager FROM OPENQUERY (ADSI, 'SELECT manager, distinguishedName, mail, sAMAccountName, displayName, sn, givenName, userPrincipalName, department, title, telephoneNumber, physicalDeliveryOfficeName FROM ''LDAP://ldap-server.domain.com/DC=domain,DC=com'' WHERE objectClass = ''Person'' AND displayName = ''*'' ') as usr LEFT OUTER JOIN OPENQUERY (ADSI, 'SELECT distinguishedName, sAMAccountName FROM ''LDAP://ldap-server.domain.com/DC=domain,DC=com'' WHERE objectClass = ''Person'' AND directReports = ''*'' ') as mgr ON usr.manager = mgr.distinguishedName
You can now save the new view. When you do save the view, SQL Server Management Studio will ask you for the name of the view. You should provide a descriptive name such as v_AddressBook_LDAP.
Below is an example where I broke the view queries into 2 views: v_ADSI_Managers and v_ADSI_Users. The Users view will be used in the Address Book configuration (below) and depends on the Managers view.
SELECT samAccountName, userPrincipalName, givenName, sn, displayName, mail, distinguishedName
'SELECT manager, distinguishedName, mail, samAccountName, displayName, sn, givenName, userPrincipalName
WHERE objectClass = ''Person'' AND displayName = ''*'' AND directReports = ''*''
SELECT usr.sAMAccountName, usr.givenName, usr.sn, usr.department, usr.mail, usr.displayName, usr.title, usr.telephoneNumber, usr.physicalDeliveryOfficeName, usr.manager,
mgr.samAccountName AS managerid
'SELECT manager, distinguishedName, mail, sAMAccountName, displayName, sn, givenName, userPrincipalName, department, title, telephoneNumber, physicalDeliveryOfficeName
WHERE objectClass = ''Person'' AND displayName = ''*'' ')
AS usr LEFT OUTER JOIN
dbo.v_ADSI_Managers AS mgr ON usr.manager = mgr.distinguishedName
Configure the Address Book
After confirming in Microsoft SQL Server Management Studio that your view runs successfully, you can now configure your Address Book to use a Dynamic SQL source. For this you will require System Administrator access to FootPrints and a mixed-mode account in SQL Server.
Log in to FootPrints 12 as a System Administrator
Open the Administration console
In the Address Book container on the Main page of the Administration console, select Manage
Edit the appropriate Address Book. Generally, this is the address book that is linked to one or more Workspace container(s).
Edit the contact item named Contact
In the navigation bar on the left, select Fields.
Create a new field with the following values:
Singular Name: Field Manager ID
Field Type: Simple Text
In the bread crumb trail, navigate up one level to the Item:Contact
In the navigation bar on the left, select Forms.
Add the new Manager ID field to the Agent Web form
Save the form
In the bread crumb trail, navigate up one level to the Item:Contact
In the navigation bar on the left, select Address Book Options
Select the Dynamic SQL radio button and then Configure External Source. You will be taken to the configuration screen like the one below.
Enter values for:
Server Address: The name or FQDN of the SQL Server that stores the fpscdb001 database
Server Port: 1433 (default value, unless it was changed by your DBA)
Database Type: Sql Server
Server User ID: User ID for the mixed-mode account in SQL Server
Server Password: Obtained from your DBA
In Table or View select the view you created earlier (for example dbo.v_AddressBook_LDAP)
For each field under FootPrints Address Book, select the corresponding attribute. The attributes were chosen when you created the view.
In the bread crumb trail navigate to the top level of the container
Select Save and Publish
Configure the Workspace Item
Having configured the Address Book with a field Manager ID that maps to the ManagerID attribute in the v_AddressBook_LDAP view, you will now need to configure an identically named field, Manager ID, in the workspace-type record definition, and link the field to the Link Control.
Repeat “Configure the Address Book” steps 1 through 7.1 for the Workspace record definition that requires the approval manager configuration.
On the Agent Web form select the Ticket/Contact link control (see below).
In the Control Properties (left) select the Configure button (see below)
Select Linked Fields
Under Available Fields select the new Manager ID field
Select the right arrow to move the field to Selected Fields
In the Workflow Process you can now configure an approval state to use the Manager ID as a dynamic approver.
Navigate to Workflow Processes
Edit the appropriate workflow process
Select the appropriate Approval State
Under Approvers select Add/Remove
Under the Dynamic tab select the Manager ID field
Select Assign Approvers
The performance of address book searches using this method appears to be equivalent to queries directly against LDAP. However, there are a few caveats and limitations.
The method does not support approvals by all managers of all linked contacts. Only the most recently linked contact is supported, because the most recently linked contact is the one that populated the Manager ID field in the workspace record.
The Manager ID field must at least be on the agent form and be editable at least by the agent. There is currently no way for this field to be read-only.
By default this method supports only 1,000 records in the query. If the query to Active Directory returns more than 1,000 records, it will be truncated. There may be a method to override this in Active Directory, however.
The query above is restricted to a single OU search in Active Directory. The UNION query command will be required to to perform simultaneous searches against multiple organizational units.
In this post I describe how to configure two-click approvals or rejections in FootPrints 12. For the end-user approver, the two clicks consist of:
One click on the ballot in order to generate an email
One click on the email send button
This post will focus most specifically on the steps needed to generate the two-click links, and assumes a general familiarity with FootPrints 12 administration, the Email Templates functionality, and with configuring approval processes in a Workflow Process.
As a workspace container administrator, open the container in the Administration console, and select the Email Templates tab. Create a new template, or editing your existing ballot template.
If you are creating a new template, enter the Name of the template and select the Item Type that will use this template.
Now we want add an image file on which we will link approval actions. On the toolbar select the Image button.
FootPrints 12 will present an image properties panel.
On the (default) Upload tab select Choose File, choose the appropriate image file from your computer (you may download and use the images below), and select Send it to the Server. The Image Info tab will be automatically selected. Now select the Link tab and enter the following text in the URL field.
mailto:email@example.com?Subject=Approval Ticket= [TICKET_NUMBER] ItemType= [ITEM TYPE ID] WS= [WORKSPACE ID]&body=Vote=Approve
You will need to adjust firstname.lastname@example.org with an inbound email address used by your FootPrints installation.
Click OK when done.
Insert a white space (such as a space character) immediately after the image. Repeat the above steps in order to generate a rejection link, exchanging the URL with the following. Once again, you will need to replace the email address with your own.
mailto:email@example.com?Subject=Rejection Ticket= [TICKET_NUMBER] ItemType= [ITEM TYPE ID] WS= [WORKSPACE ID]&body=Vote=Reject
Your email template may now look something like this:
Now add any verbiage that may be appropriate for your approvers. You can now Save your template and use this template in any approval processes in your Workflow Process. Afterwards make sure you save and publish your configuration.
When the approval process is triggered with an appropriate email notification, your approver will receive an email that may look like this.
When the approver selects the Approve button, a new email will be generated that may look like this.
The approver may now send the email.
I generated these royalty-free images using Graphic for Mac. They may be useful to you.
One of my customers has gone live recently, and I am working on another at the moment. The feedback is generally positive, with most people preferring the user interface to FP11. In the course of these implementation, I have probably found every bug in the product.
As a result I have earned a few scars and have learned several lessons that will help.
Publish early, publish often.
Save, save, save.
Test, test, test: create tickets, edit tickets, etc. Use a browser and login ID separate from the administration console.
Export your configurations frequently: several times per day during active development; once before and after periodic updates.
Be very deliberate about what you are doing and how you did it. Try to perform administration operations the same way once you discover a “groove” that works.
Repeat all the above when touching the process workflows. These are especially fragile.
Keep a test environment separate from production. If you are just learning and testing, don’t do it in the environment that is (or will become) production. You can usually build it in production much faster the second time.
If you experience a bug, and you can do so repeatedly, document and submit it to support. I didn’t realize before that product management wasn’t aware of many bugs that I had deemed too obvious to report.
Most importantly I recommend patience, healthy amounts of focus and determination, and some tolerance for the unexpected.
In my experiences with BMC product management and support teams, they are very responsive to feedback and very actively working to improve the product. They have “turned the corner” on the real-world issues we are facing and are observing us closely. I am very encouraged with the product overall and with the pace at which bugs are now being addressed.
In addition the support and development teams are prioritizing showstoppers that prevent you from going live in the near future. If you are almost complete and ready to cut over into production, you can get fairly fast turnaround time from support the escalation teams should any late bugs arise.
The FootPrints 12 platform is now “ready for prime time” but not yet for all existing customers of FP11. The difference is in the maturity and rigidity of the process. Organizations who need predictability and adherence to existing process should stay on FootPrints 11 until the 12 platform matures a bit longer.
My name is Greggory Tucker. Ayearon Inc is the legal vehicle through which I do contracting for BMC FootPrints Service Core v11 and v121.
In this post I want to explain briefly who are my customers and partners.
Companies who have recently purchased BMC FootPrints Service Core and BMC Client Manager (BCM, formerly Asset Core). I can deliver flexible, cost-effective solutions for new implementations.
Companies who have existing implementations who need day-to-day Workspace maintenance, improvements or changes in advanced workflow, new workflow or processes, and product upgrades. I also work with full or part-time FootPrints administrators to augment services and provide training.
BMC Partners to augment resourcing and capabilities for their customers.
Non-partner consulting organizations who have targeted opportunities at the companies described above.
Organizations in North America. Ayearon, Inc is an S-type corporation registered in Nevada, USA. All services are quoted and invoiced in US Dollars.
Contact me at firstname.lastname@example.org if you feel I can help you or one of your customers.
1Ayearon Inc is not an official partner of BMC Software. All products are the copyright and trademark of BMC Software.
I recently spent a couple hours for a client figuring out how to push a shortcut (icon and URL) to the Desktop folders of Windows machines using FootPrints Asset Core 11.1. The documentation was surprisingly poor, and I jumped through a number of unexpected hurdles. I have written up how to do it, at the link below. Enjoy.
FootPrints Asset Core is a trademark of BMC Software. Ayearon Inc does not claim ownership of FootPrints or the screenshots provided herein. Ayearon Inc is not responsible for losses incurred during the use of this information.