I have a single forest and single domain AD scenario and I configured AD Connect with sAMAccountName as sourceanchor.
As far as I understood you cannot change sourceanchor attribute without destroying all the objects.
Did I miss anything here? I really wants to be able to change usernames and email addresses in the future, any suggestion?
Destroy and recreate all objects could be an option is there any tool/script to automate things in these cases?
Thanks,
Alessandro
The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object. You could use objectGUID as the SourceAnchor. The objectGUID attribute is the unique identifier of a user. You also can read DOC to select a good sourceAnchor attribute.
If you have a single forest on-premises, then the attribute you should
use is objectGUID. This is also the attribute used when you use
express settings in Azure AD Connect and also the attribute used by
DirSync.
For more details for syncing attribute process, you can read this.
Related
Currently I only find documentation that allows me to change my email / username / phone number, but nothing talks about adding a user attribute as an authentication entity for the login.
Write the new identifier to signInNames.whatever, exactly like the “change identifier” samples work. They just overwrite an existing value, if one didn’t exist, it just gets created automatically.
You can’t add an identifier to /any/ attribute, it has to go into signInNames attribute, as that is uniquely constrained.
I have an organization role in Liferay and in this organization role are users. I want to get this users now. Furthermore I want to specify the organization name of the role.
So is there something like
xxxServiceUtil.getUsersByOrganizationRoleName(String myOrganizationRoleName);
Thank you in advance.
One principle throughout Liferay's API is: If you look for a User, then you go through UserLocalService. That's your first hint on where to look.
Since Liferay 7.0, you should not use the *Util classes any more, but just obtain a #Reference to the service directly.
Looking at the service, you'll notice that it has a getRoleUsers method. However, I can't tell you if this also takes Organization-scoped roles or only portal/instance scoped ones. In case it doesn't reveal what you like, you might need to go through getOrganizationUsers and filter on from there, or start with a DynamicQuery, which you can also find within the same service (following the principle that opened this answer)
According to my requirement in Liferay, I have created custom fields for roles and assigned it to a user. My goal is to call the JSONWS API and get these custom fields using NodeJS. I am not able to decide which API I should call.
This Url is having APIs: http://www.liferay.com/api/jsonws
I will appreciate for any kind of help.
Regards
AFAIK there is no options to access the expando value via exposed webserveices.
Probably what you can do is that, create a custom portlet, add a dummy entity in the service builder and in that expose a method for web service. In that method call the role API and expando API , and return the result you want.
Custom Fields are called "Expando" in the API and are modeled like virtual tables. The functionality that's exposed through webservices is ExpandoColumn and ExpandoValue. Probably the best way to figure out the parameters to give is to look at the matching database tables. Careful: You should only ever read the database and not be tempted to write to it.
I hate giving the advice to go to the database, but this is probably the quickest - at least for my explanation :)
Finally, I got a genuine solution without hitting database directly. JSONWS is having api :
/portal.expandovalue/get-data
Which helped me to get attributes assigned to a particular role.
The above API needs 5 parameters to be passed.
companyId: whaterver the companyId assigned for your liferay.
className: It depends upon, we created attribute for role or user
com.liferay.portal.model.Role or com.liferay.portal.model.User
tableName: CUSTOM_FIELDS
columnName: It is the same name you given for attribute
classPK: It is nothing but your role or user ID for which you have created Attribute.
In case you are getting "java.lang.NullPointerException" when using #user3771220 solution, try com.liferay.portal.kernel.model.User
I would like to find out all of the user which are associated in some roles. I have seen the UserLocalService that provides the method to find the users in a particular role. But I want a method to which I can pass an array of roleIds and it shall return me the list of users in those roles.
One way is to write custom SQL, but I would like to get it done by using the API only.
Is that possible with Liferay API??
Call the API multiple times? Create a new service that does this for you so that you only have a single call to (your) API?
I know, this is probably not the answer that you expected. Note that roles in Liferay can be scoped globally (to the whole portal, called 'regular') or to an individual site or organization. Thus just giving a roleId would limit you to the global roles (as the others would require the site's or organization's groupId).
Stepping back and looking at what you want to achieve, my first guess is that you have some semantics in being associated with a specific role - kind of like... a usergroup? A role is designed to give permissions to users, while a usergroup is designed to group users. UserLocalService also has getUserGroupUsers - this also only takes a single usergroup id, but at least it's a single (global) scope by definition and not ambiguous like roles.
The Liferay Security and Permissions docs define a Resource as:
A generic term for any object represented in the portal. Examples of
resources include portlets (e.g. Message Boards, Calendar, etc.), Java
classes (e.g. Message Board Topics, Calendar Events, etc.), and files
(e.g. documents, images, etc.)
As described in another SO post, I'm considering trying to use Liferay's permission system in another application (not a portlet).
In my use case, Liferay resources would be defined for domain objects in my application. When a new domain object is created in my application, I would add a corresponding new resource in Liferay (presumably by using the JSON-WS API).
The docs also state:
The name parameter is the fully qualified Java class name for the
resource object being added. The primKey parameter is the primary key
of the resource object.
Am I undertanding correctly that the 'name parameter' just has to match a<model-name> I've previously defined in a <model-resource>?
And the 'primKey parameter' doesn't have to match any particular object in the Portal database? It could be a primary key of an object in my external database?
So, can a Liferay permissions resource represent an object outside of portal? Am I on the right track?
How you describe it, it should work. Basically the liferay-resource-action definition does it all for you.
But 'name parameter' is not string. Its PK from CLASSNAME_ table, which contains all class names defined in liferay. Here you have to add a line which holds the full qualified java class name.
The 'primarKey' parameter is usually a primary key of some entity form liferay. So maybe you can keep the concept and set you entity pk in the field.