Summary
This article is deep dive into MCommunity data and different ways to access it. MCommunity is the University of Michigan's public directory, providing information about people and groups. The directory information is often necessary for day-to-day research study management, day-to-day business operations at centers & institutes, and for automation.
The examples provided are meant for internal use by U-M developers and power users, but the code is made public to make it easier to find and because most of the information contained in MCommunity is already public. As a public university of the the State of Michigan, information about who works here and in what capacity is a matter of public record.
Introduction to MCommunity
What is MCommunity?
MCommunity is primarily a directory of people and groups. It includes basic information such as user name ("UniqName"), full name, job title, and department, as well as information about user-created groups ("MCommunity Groups"). MCommunity Groups may contain direct members (U-M staff), other groups, or external users. Some information can be made public or private by each user, so it is not always shown publicly (e.g. profile picture, office phone number, email, group members).
Accessing MCommunity Information
The information in MCommunity is gathered from multiple sources. Generally speaking, the same information can be found publicly through:
In addition, internal applications can also access the directory information - sometimes in more detail - using:
- The MCommunity API
- U-M's public LDAP server (authenticated access)
- APIs for systems that load every LDAP user, such as TDX
- Automation tools such as TDX iPaaS and Microsoft Power Automate
A Note on Privacy
Although email addresses are not always shown in MCommunity, it is understood that they are a matter of public record regardless of the user's privacy setting because they are used on the Internet for email communication, and because they always contain the user's UniqName, which is public. Moreover, e-mail addresses for both users and groups and always available through LDAP without authentication.
Programmatic Access
Access Methods and Tools
This is a short list of the different ways in which MCommunity information can be accessed programmatically, with an emphasis on automation.
Creating direct web links
- This method can be used for generating links to specific person or group pages.
- Recommended for SharePoint calculated columns, SharePoint column or list view customization (JSON), Excel formulas, Tableau dashboard links, Power BI dashboard links, etc.
- Link to a specific person:
https://mcommunity.umich.edu/person/UniqName
- Link to a specific group:
https://mcommunity.umich.edu/group/GroupName
- GroupName is the email for the group without the @umich.edu part
- If the group was created with spaces, it must be URL-encoded (for example, by replacing spaces with
%20)
- Examples:
- efdc-mobiletech
- "MDEN - MTC" should be entered as MDEN%20-%20MTC
- Search for people:
https://mcommunity.umich.edu/?value=UniqName&base=people
- Search for groups:
https://mcommunity.umich.edu/?value=GroupName&base=group
Web-scraping the MCommunity website for profile picture URLs
- This method is slow, and thus only recommended for getting profile picture links for a short list of people
- Profiles without a picture or who made the picture private will show the default user image:
https://mcommunity.umich.edu/assets/default-picture.jpg
- Picture links can be found in the <img> element, under the <div> element with
id="photo" and/or class="profile-photo"
- Microsoft Power Query (through Excel or Power BI Desktop)
- Simply connect to the website as an online data source, and follow the steps to parse the tables or images
- Microsoft Power Automate
- Use the HTTP connector and the HTTP Request action to load each individual page and download the HTML as you loop through a list of users
- Note that RegEx is not available for free in PowerAutomate, so you will need to use text functions or xpath functions to parse the HTML
- Include some random delays inside the loop to avoid rate limiting
- Note that the HTTP connector may or may not be marked as premium for your specific license. If it is premium, you will not be able to use it
- Microsoft Power Automate Desktop
- Use the HTTP Request or Webpage actions, then follow the same steps as the online version
- TDX iPaaS
- Use the HTTP Request connection to load each individual page and download the HTML as you loop through a list of users
- Include some random delays inside the loop to avoid hitting CDN, web firewall, and rate limiting
- Use the JavaScript or PowerShell actions to parse the data. Both provide RegEx, and both can load external libraries to parse HTML.
- Note that the document DOM is not available in JavaScript inside iPaaS.
- Avoid the built-in RegEx actions as they can be buggy when parsing XML or HTML
- PowerShell scripts
- Use the Invoke-WebRequest and Get-Unique cmdlets
- Linux Bash or MS-DOS Batch scripts
- Use cURL or wget to download each page (inside a loop)
- Use any of the available RegEx commands to parse the HTML and extract the image URL
Syncing MCommunity Groups
If you need a solution for PowerAutomate that can utilize free connectors to keep groups in sync with SharePoint lists or groups:
If you need to sync MCommunity groups with other systems, consider:
- Microsoft PowerAutomate
- Use the with the HTTP Request connector (requires MCommunity API)
- TDX iPaaS
- Use the HTTP connector + MCommunity API (if you only need to read from MCommunity)
- Or use the HTTP connector + MCommunity TDX API (if you also need to write to MCommunity)
- Custom scripts (Python, Lua, Bash, PowerShell, Batch, etc.)
- This would require a server that can host the scripts and run them on a schedule. Refer to the LDAP documentation from ITS IAM.
To sync MCommunity groups with each other (to keep the members the same), the best method available is by using TDX iPaaS with the MCommunity PROD API connection. In order to write to MCommunity/LDAP, you will need to request an application account from ITS IAM with write access.
Accessing via LDAP
MCommunity can be accessed via LDAP at ldap.umich.edu. Read-only access to public information is available to anyone on the Internet. Write access must be performed via the MCommunity API or LDAP tools using an application account with write access (you will need to request an application account from ITS IAM with write access).
- To explore the structure and data, use any LDAP browser app and the following settings:
- Departments are not available with LDAP anonymous access, only via authenticated access
- Attributes available (data dictionary): https://documentation.its.umich.edu/node/374
- Groups can be founder under
ou=Groups,ou=User Groups and can be filtered by name with cn=GroupName
- Users can be found under
ou=People and can be filtered by name with uid=UniqName
- Examples:
- Get details for Gabriel Mongefranco by matching either UniqName or display name:
ldap://ldap.umich.edu:389/ou=People,dc=umich,dc=edu???(%7C(uid=mongefrg)(cn=Gabriel%20Mongefranco))
- Get details and members of the EFDC Mobile Technologies Core group, either by group name or by group display name:
ldap://ldap.umich.edu:389/ou=User%20Groups,ou=Groups,dc=umich,dc=edu???(%7C(cn=efdc-mobiletech)(cn=EFDC%20Mobile%20Technologies%20Core))
There are may options for accessing LDAP programmatically, such as:
Examples for Common Scenarios
Coming soon!
Get Person Details
Get Profile Picture
Get MCommunity Group Details
Get MCommunity Group Members
Get Department Details
Get Department Members
Notes
Resources
About the Author
 |
Gabriel Mongefranco is a Mobile Data Architect at the University of Michigan Eisenberg Family Depression Center. Gabriel has over a decade of experience in data analytics, dashboard design, automation, back end software development, database design, middleware and API architecture, and technical writing.
| |
|