When I try to update an Active Directory attribute with this code:
dn = (
"CN=user_ldap,OU=dept_name,OU=Application,"
"OU=Service Accounts,OU=Domain Users,DC=company-corp,DC=global"
)
# define the server
server = ldap3.Server(
"ldaps.company-corp.global", get_info=ldap3.ALL, port=636, use_ssl=True
)
# define the connection
conn = ldap3.Connection(server, dn, psw, auto_bind=True)
conn.start_tls()
userID = "jdoe"
# perform the Modify operation
conn.modify(
f"CN={userID},OU=managed,OU=Domain Users,DC=company-corp,DC=global",
{"displayName": [(ldap3.MODIFY_REPLACE, ["Doe, John D"])]},
)
print(conn.result)
I get the following error:
{'result': 32, 'description': 'noSuchObject', 'dn': 'OU=Managed,OU=Domain Users,DC=company-corp,DC=global', 'message': "0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=Managed,OU=Domain Users,DC=ssnc-corp,DC=global'\n\x00", 'referrals': None, 'type': 'modifyResponse'}
Please advise.
Thanks in advance.
The NO_OBJECT error generally means an object with the specified DN (in this case cn=jdoe,ou=managed,ou=domain users,dc=company-corp,dc=global) cannot be found. It's possible to get the error when the service account doesn't have rights to read the record or when the fully qualified DN is incorrect.
To eliminate an incorrect fully qualified DN, you could try searching for an object (like do a search for sAMAccountName=LogonIDGoesHere) and retrieving the DN value.
To eliminate access, you can check an account's effective permissions to an object using Active Directory Users & Computers. On the "Security" tab, click "Advanced". In the advanced security settings window, click on the "Effective Access" tab. Click the 'select a user' link to select your service account then click "View effective access" to see if something like 'read all properties' or 'read general information' are allowed.
Related
I perform the following query in Microsoft Graph:
var results = await SPLists["<my-list-name>"]
.Items
.Request()
.Expand("fields")
.GetAsync();
It gets the list items of a list I have in SharePoint. One of the columns in that list is of type "Person or Group". In the response from Microsoft Graph, it returns that column data like this (for example):
{
"LookupId": 335,
"LookupValue": "John Doe"
}
How do I take advantage of this data? How do I get the full profile of person with ID 355 using the Microsoft Graph? I need the email address of the person returned. How do I get that using the Microsoft Graph SDK?
The Look Id 335 is the Id in the SharePoint Hidden List named "User Information List", you can get the list guid using the request:
https://graph.microsoft.com/v1.0/sites/site-id/lists?$filter=DisplayName eq 'User Information List'
Then use the list guid in the endpoint below to get the detail email address:
https://graph.microsoft.com/v1.0/sites/site-id/lists/UserInformationListId/items/335
Here is a similiar thread for your reference:
How to get user from User field LookupId
I am using Active Admin in my multi tenant app. I also use Searchkick which has a custom tenant specific index in each model:
class Budget < ApplicationRecord
multi_tenant :company
searchkick inheritance: true,index_name: -> { [MultiTenant.current_tenant.tenant_name, model_name.plural, Rails.env].join('_') }
end
The issue is that in AA this logic fails because on the tenant is set. I want to be able to set this in AA when updating a record.
For example I would update http://localhost:4000/admin/budgets/dt2kqvgm where dt2kqvgm is the Friendly ID of the record. So I want to call something like:
MultiTenant.current_tenant = Budget.friendly.find(params['budget']['company_id'])
when I create / update a record etc.
Currently I get:
undefined method `tenant_name' for nil:NilClass
because in my application controller the tenant is set based on the user authentication to scope the current company etc. In AA I want/ need to set this based on the params which it seems you can't access from the AA controller logic. My params look like this in AA:
{"utf8"=>"✓", "_method"=>"patch", "authenticity_token"=>"PrhNGnPvV1Qfb5RCwTVv4Wwz9tjf9SFy2VWDcyJXoFLytM8y5ZAyF7h8I7xa+fy01E9Fc/v2CvR52I4/LKOLHQ==", "budget"=>{"company_id"=>"9", "name"=>"qweqwe", "description"=>"qweqwe", "notes"=>"qwee", "flag_active"=>"1", "slug"=>"dt2kqvgm", "title"=>"qweqwe"}, "commit"=>"Update Budget", "controller"=>"admin/budgets", "action"=>"update", "id"=>"dt2kqvgm"}
I don't know if this is the best way to do this but it works. I am know it needs tweaks but it's a start - you needs to:
set an around_action filter
add permitted_params
around_action :set_tenant, only: :update
controller do
def set_tenant
MultiTenant.with(Company.find(resource.company_id)) do
yield
end
end
def permitted_params
params.permit location: %[ company_id ]
end
end
It would seem this is required for each controller. Perhaps there is a way to add this as a default AA filter?
I also added the filter to just the update action.
I have created a new usergroup and have given permission to read,write,delete Types and attributes. Here I observe I am not able to access Facet Search configuration through backoffice with that user. I dont want to assign 'admingroup' to the user. Is there any type or attribute to which I can assign access to that user such that user can run indexing.
Below is impex I have used to assign role :-
$START_USERRIGHTS;;;;;;;;;
Type;UID;MemberOfGroups;Password;Target;read;change;create;remove;change_perm
UserGroup;nextAdmintGroup;;;;;;;;
;;;;Consignment;+;-;-;-;-
;;;;ConsignmentEntry;+;-;-;-;-
;;;;ConsignmentStatus;+;-;-;-;-
;;;;PackagingInfo;+;-;-;-;-
;;;;Principal;+;-;-;-;-
;;;;User;+;+;+;-;-
;;;;Customer;+;+;+;-;-
;;;;CustomerType;+;+;+;-;-
;;;;Employee;+;+;+;-;-
;;;;Customer.customerID;+;-;-;-;-;
;;;;Customer.uid;+;-;-;-;-;
;;;;EmployeeBenefit;+;-;-;-;-
;;;;RewardPoints;+;+;+;-;-
;;;;Cronjob;+;+;+;-
;;;;Job;+;-;-;-
;;;;CartEntry;+;+;+;-
;;;;Cart;+;+;+;-
;;;;Order;+;-;-;-
;;;;Referral;+;+;+;-
;;;;UserBirthday;+;+;+;-
;;;;Customer.managementHold;+;+;+;-
;;;;SavedValues;+;-;-;-
;;;;SavedValueEntry;+;-;-;-
;;;;Customer.defaultPaymentInfo;+;-;-;-
;;;;AbstractOrder;+;-;-;-;-
;;;;AbstractOrderProcessingStep;+;-;-;-;-
;;;;OrderEntry;+;-;-;-;-
;;;;OrderStatus;+;-;-;-;-
;;;;AbstractOrderEntry;+;-;-;-;-
;;;;AbstractOrderEntry.Product;+;-;-;-;-
;;;;OrderModificationRecord;+;-;-;-;-
;;;;OrderEntryModificationRecordEntry;+;-;-;-;-
;;;;OrderCancelRecordEntry;+;-;-;-;-
;;;;OrderEntryCancelRecordEntry;+;-;-;-;-
;;;;OrderHistoryEntry;+;-;-;-;-
;;;;PaymentMode;+;;;
;;;;PaymentInfo;+;-;-;-
;;;;Format;+;;;
;;;;Agreement;+;+;+;+
;;;;Title;+;;;
;;;;Company;+;+;+;+
;;;;UserGroup;+;;;
;;;;Discount;+;;;
;;;;Order;+;-;-;-
;;;;Cart;+;-;-;-
;;;;Address;+;+;+;-;-
;;;;Country;+;+;-;-;-
;;;;Region;+;+;-;-;-
;;;;ZoneDeliveryModeValue;+;+;-;-;-
;;;;DeliveryMode;+;+;-;-;-
# Access Rights for Products & Catalog;;;;;;;;;
;;;;ItemSyncTimestamp;+;;;
;;;;SyncItemJob;+;;;
;;;;Type;+;;;
;;;;Product;+;+;+;-;-;
;;;;Category;+;+;+;-;-;
;;;;variantType;+;+;+;-;-;
;;;;Catalog;+;;;
;;;;CatalogVersion;+;+;+;-;-;
;;;;ClassificationAttributeUnit;+;;;
;;;;Media;+;+;+;-;-;
;;;;MediaContainer;+;+;+;-;-;
;;;;MediaFormat;+;+;+;-;-;
;;;;MediaFolder;+;+;+;-;-;
;;;;Vendor;+;+;+;-;-;
;;;;StockLevel;+;+;+;-;-;
;;;;Tax;+;+;+;-;-;
;;;;TaxRow;+;+;+;+-;-;
;;;;PriceRow;+;+;+;-;-;
;;;;ProductFeature;+;+;+;-;-;
;;;;ProductReference;+;+;+;-;-;
;;;;Warehouse;+;+;+;-;-;
;;;;ProductTaxCode;+;+;+;-;-;
;;;;ProductOrderLimit;+;+;+;-;-;
;;;;PromotionSourceRule;+;+;+;-;-;
;;;;PromotionSourceRuleTemplate;+;+;+;-;;
;;;;PromotionGroup;+;+;+;-;;
;;;;AbstractCoupon;+;+;+;-;;
;;;;CouponRedemption;+;;;;;
;;;;CodeGenerationConfiguration;+;;;;;
;;;;BTGConfig;+;+;+;-;;
;;;;Voucher;+;+;+;-;;
;;;;RuleGroup;+;-;-;-;-;
;;;;RuleStatus;+;-;-;-;-;
;;;;Campaign;+;-;-;-;-;
;;;;AbstractComponentContainer;+;+;+;+;+;
;;;;AbstractComponentContainer.itemtype;+;-;-;-;-;
;;;;AbstractCMSComponent;+;+;+;+;+;
;;;;AbstractCMSComponent.itemtype;;-;-;-;-;
;;;;AbstractCMSAction;+;+;+;+;+;
;;;;AbstractCMSAction.itemtype;;-;-;-;-;
;;;;SimpleCMSAction;+;+;+;+;+;
;;;;PickUpInStoreAction;+;+;+;+;+;
;;;;AddToCartAction;+;+;+;+;+;
;;;;ShareOnSocialNetworkAction;+;+;+;+;+;
;;;;AbstractPage;+;+;+;+;+;
;;;;AbstractPage.itemtype;;-;-;-;-;
;;;;AbstractRestriction;+;+;+;+;+;
;;;;AbstractRestriction.itemtype;;-;-;-;-;
;;;;BaseStore;+;-;-;-;-
;;;;BaseSite;+;-;-;-;-
;;;;CMSItem;+;+;+;+;+;
;;;;CMSItem.itemtype;;-;;;;
;;;;CMSRelation;+;+;+;+;+;
;;;;CMSCatalogRestriction;;;+;+;+;
;;;;CMSCategoryRestriction;;;+;+;+;
;;;;CMSProductRestriction;;;+;+;+;
;;;;CatalogPage;-;-;-;-;-;
;;;;CategoryPage;;;+;+;+;
;;;;ContentCatalog;+;+;+;-;-;
;;;;ContentPage;;;+;+;+;
;;;;ContentSlot;+;+;+;+;+;
;;;;ContentSlotForPage;+;+;+;+;+;
;;;;ContentSlotForTemplate;+;+;+;+;+;
;;;;ContentSlotName;+;+;+;+;+;
;;;;ElementsForContainer;+;+;+;+;+;
;;;;ElementsForSlot;+;+;+;+;+;
;;;;CMSImageComponent;;;+;+;+;
;;;;BannerComponent;;;+;+;+;
;;;;CMSLinkComponent;;;+;+;+;
;;;;Media;+;+;+;+;+;
;;;;CockpitUIScriptConfigMedia;-;-;-;-;-;
;;;;MediaContainer;+;+;+;+;+;
;;;;MediaContext;+;+;+;+;+;
;;;;MediaFormat;+;+;+;+;+;
;;;;MediaFormatMapping;+;+;+;+;+;
;;;;PageRestrictions;+;+;+;+;+;
;;;;PageTemplate;+;+;+;+;+;
;;;;CMSParagraphComponent;;;+;+;+;
;;;;ProductPage;;;+;+;+;
;;;;SimpleCMSComponent;;;+;+;+;
;;;;CatalogsForCMSSite;+;+;+;+;+;
;;;;AvailableSlotsForTemplate;+;+;+;+;+;
;;;;RestrictionsForPages;+;+;+;+;+;
;;;;CatalogsForRestriction;+;+;+;+;+;
;;;;CategoriesForRestriction;+;+;+;+;+;
;;;;ProductsForRestriction;+;+;+;+;+;
;;;;UsersForRestriction;+;+;+;+;+;
;;;;UserGroupsForRestriction;+;+;+;+;+;
;;;;PreviewDataToCatalogVersion;+;+;+;+;+;
;;;;PreviewData;+;+;+;+;+;
;;;;CMSSite;+;+;+;-;-;
;;;;MiniCartComponent;+;+;+;+;+;
;;;;CategoryFeatureComponent;+;+;+;+;+;
;;;;ProductFeatureComponent;+;+;+;+;+;
;;;;ProductVariantSelectorComponent;+;+;+;+;+;
;;;;ProductAddToCartComponent;+;+;+;+;+;
;;;;ProductReferencesComponent;+;+;+;+;+;
;;;;SimpleSuggestionComponent;+;+;+;+;+;
;;;;PurchasedCategorySuggestionComponent;+;+;+;+;+;
;;;;CartSuggestionComponent;+;+;+;+;+;
;;;;SearchBoxComponent;+;+;+;+;+;
;;;;CMSMediaParagraphComponent;+;+;+;+;+;
;;;;CMSUiExperienceRestriction;+;+;+;+;+;
;;;;CMSActionRestriction;+;+;+;+;+;
;;;;AccountNavigationComponent;+;+;+;+;+;
;;;;AccountNavigationCollectionComponent;+;+;+;+;+;
;;;;JspIncludeComponent;+;+;+;+;+;
;;;;AccountBookmarkComponent;+;+;+;+;+;
;;;;Usb2cNavigationBarComponent;+;+;+;+;+;
;;;;CDPPersonalizedContentComponent;+;+;+;+;+;
$END_USERRIGHTS;;;;;
After some research I was able to fix this. Added below line in impex code mentioned in question
;;;;SolrFacetSearchConfig;+;+;+;-;-;
I imported a java-agent into an iNotes application using DXLImporter. The agent seems to be signed using my User Id. When imported into the host application, I am receiving the fowllowing error in domino designer:
Could not open the editor: Error - Document is not signed..
I tried to configure the agents before exporting them as DXL. I also configured my DXLImporter like this:
dip.ReplaceDBProperties = False
'Don't import any documents
dip.DocumentImportOption = DXLIMPORTOPTION_IGNORE
dip.ReplicaRequiredForReplaceOrUpdate = False
'Use ACL of host DB
dip.ACLImportOption = DXLIMPORTOPTION_IGNORE
dip.DesignImportOption = DXLIMPORTOPTION_REPLACE_ELSE_CREATE
I would like to ignore my signature or to programmatically sign the stuff with the User Id of the host application if this is possible.
You can easily use the sign method of NotesDatabase- Class to sign the whole database, or just some specific elements or even one specific element. Check out this link for the designer help for is method.
Here is an excerpt of the linked site:
Call notesDatabase.Sign( [ documentType% ] [ , existingSigsOnly ] [ , nameStr$] [ , nameStrIsNoteID ] )
Parameters
documentType%
Integer. Optional. One of the following constants.
DBSIGN_DOC_ACL (64) signs the ACL
DBSIGN_DOC_AGENT (512) signs all agents
DBSIGN_DOC_ALL (32767) (default) signs all elements except data documents' active content
DBSIGN_DOC_DATA (1) signs all data documents' active content (hotspots)
DBSIGN_DOC_FORM (4) signs all forms
DBSIGN_DOC_HELP (256) signs the "About Database" and "Using Database" documents
DBSIGN_DOC_ICON (16) signs the icon
DBSIGN_DOC_REPLFORMULA (2048) signs the replication formula
DBSIGN_DOC_SHAREDFIELD (1024) signs all shared fields
DBSIGN_DOC_VIEW (8) signs all views
existingSigsOnly
Boolean. Optional.
True to sign only elements with existing signatures.
False (default) to sign all elements.
nameStr
String. Optional. Programmatic name or note ID of a single design element. If this parameter is not specified, all design elements of type parameter 1 are signed.
nameStrIsNoteID
Boolean. Optional.
True if parameter 3 represents a note ID.
False (default) if parameter 3 represents a programmatic name.
For your example it would be something like:
call db.sign(DBSIGN_DOC_AGENT, False, "NameOfYourAgent", False)
How do I query for all trac tickets related to a user. i.e. all tickets for which the tickets were once assigned, assigned now, created , etc etc
Create custom queries to the ticket_change table. Some SQL required. For assigned once/now, look for rows where field='owner', newvalue column contains the user name the ticket was assigned to. For created tickets, just query by reporter in the ticket table.
Example:
SELECT p.value AS __color__,
id AS ticket, summary, component, version, milestone,
t.type AS type, priority, t.time AS created,
changetime AS _changetime, description AS _description,
reporter AS _reporter
FROM ticket t, enum p, ticket_change c
WHERE p.name = t.priority AND p.type = 'priority'
AND c.field = 'owner'
AND c.newvalue = '$USER'
AND c.ticket = t.id
ORDER BY p.value, milestone, t.type, t.time
You can express this with a TraqQuery expression. E.g. if you want the columns id, summary and status to show up and query all the tickets for the currently logged in user ($USER) then use the following query.
query:?col=id
&
col=summary
&
col=status
&
owner=$USER
However this query assumes that the owner hasn't been the same during the lifetime of a ticket (since ownership can be changed).
If you want a specific user then replace $USER with the actual username. Also if you're using the Agilo plugin you can easily create new queries on the fly via the web-UI. This is done by looking at a report and adding filters to the report.