SharePoint On Prem. 2013. Currently the people picker is configured to see users in DomainA, DomainB and DomainC.
That was OK, but now users in DomainA have been added to DomainC as part of an integration activity. The people picker now shows duplicates for users in A and C. I do not want to hide all users in Domain C. I only want to hide those users in Domain C who are already in A.
I added a custom attribute to a test user in Domain C and mapped it to "someattribute" in the user profile service. I populated the custom attribute for my test user with the text "sometext"
I then configured people picker using LDAP query thus:
stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(&(objectCategory=user)(!someattribute=sometext))" -url http://mywebapp
Unfortunately instead of hiding the user in Domain C with the custom attribute set, this always shows the user in Domain C and hides the duplicate user in Domain A instead.
Any help from the experts here appreciated. If there is a better way than doing it like this, let me know.
Zero responses? OK for anyone else looking for an answer to this, I could not get the custom attribute approach to work. I think this is because the attribute only exists in Domain C, not the others and this led to unpredictable results.
I didn't want to start creating new attributes in the other two domains, so instead I had a group created in Domain C and added some users to it that have accounts in both Domains A and C.
I then configured the people picker to filter on the group like this:
(&(objectCategory=user)(!memberOf=CN=groupmigrated,OU=X,OU=Groups,DC=DomainC,DC=com))
The breakthrough for me was using dsquery to get the CN/OU path of the new group.
Hope this helps someone.
Related
I am new to Liferay. Now I need to create the flow chart which has the Liferay table work flow in following scenarios,
1) What are the list of table will reflect/update if we create the site admin?
2) What are the list of table will reflect/update if we create the site?
I tried by opening database tables and noticed that USER_, CONTACT_ will reflect, But I need list of all the related tables which will reflect when we create the site and siteadmin? I am using Liferay 6.2 version.
Thanks in advance.
When you want to know the internals of any system it is always best to check the relevant source-code. So in this case you can check the source-code for those classes which are used for CRUD operations on User and Site.
1) What are the list of table will reflect/update if we create the site admin?
Site-administrator is a Role, which can be applied to a User created in Liferay.
So if you want all the tables that are created from User-creation till User is assigned the Site-administrator role for a particular site, there here are some which I can recollect:
User_ (Obvious)
Contact_ (not so obvious :-) )
Group_ (Users are also created as a record in this table since Users have public and private pages)
Address (if you add an address)
Phone (if you add a Phone)
Users_Roles (Power user role is assigned by default)
UserGroupRole (user and site-role relationship, Site-administrator is a Site-role)
Users_Groups (user and site relationship)
For others you should refer the source-code for UserLocalServiceImpl, RoleLocalServiceImpl and GroupLocalServiceImpl, check the relevant methods prefixed add, update etc.
The corresponding service.xml for these module would reveal the database tables being used.
2) What are the list of table will reflect/update if we create the site?
Sites are nothing but Groups in Liferay. So its obvious Group_ table is playing a big role.
Other tables also depend upon what configuration you are doing while creating a Site.
Then there would be other tables like Layout when you start creating pages for a Site.
I would strongly encourage to go ahead and explore the source code for the classes and you would understand the flow - when and what tables are affected.
Here is some convention which might help you traverse the source-code, almost every *LocalServiceImpl is associated with a *Model like UserLocalServiceImpl with UserModel and almost every *Model has a corresponding database table with the same name.
Also the name of the functionality would in most cases hints at what service classes are being used to connect to database, like adding a User would hint at using UserLocalServiceImpl.
Hope I have understood your question and have been able to give some proper direction.
If you want to know this because you also want to write to these tables: Don't go there! You should purely use the API to change the data that Liferay stores. Otherwise you will run into disasters some time in the future - promised.
For just getting the SQL commands that Liferay actually uses, configure portal-ext.properties and change this default value:
hibernate.show_sql=false
Then go to "Server Administration/Log Levels" and add a new category "org.hibernate.SQL", configure it to the level DEBUG. Then the results show up in the logs. Note that this log configuration is transient and will be reverted on next server start. If you want the setting to be persistent, you'll need to go into Liferay's log4j configuration files.
Remember: You don't want to write to the tables ever. Promise!
I'm trying to implement permission levels in SharePoint hosted app. I've created a custom list "Permissions" where I'm adding different users with their roles.
I have created a page List.aspx where I'm showing my custom list "Products" as a list view web part. Page List.aspx checks the user's role against "Permissions" list, and page can show or hide content in regards to this role. The problem is, when user tries to navigate to "Lists/Products/Allitems.aspx" or "Lists/Permissions/Allitems.aspx" he can see the list items.
All code check is done in JavaScript and I know there is a security risk, but this will work for my users. I just need to find a way to inject custom JavaScript code to Allitems.aspx, and to check if user has permissions to see it or not.
Everything here is done on App web and there's nothing that I use on host web.
I've found a workaround for this. Basically what I did is that I just hide the list view from direct access. To achieve this, open the Schema.xml of the list and replace "JSLink":
from
<JSLink>clienttemplates.js</JSLink>
to
<JSLink>~site/Scripts/OverrideListView.js</JSLink>
Now, create a new file Scripts/OverrideListView.js and add following code to it:
document.write("<style>body {display:none; };</style>");
Try now to access Lists/Permissions/Allitems.aspx directly. You will get a blank page.
This is basically idea how to insert custom JS code into list view. You could add additional code for checking current user's permissions on site level and in regards to it to unhide this view, or even to redirect him to the homepage if he does not have right role or permissions.
I have a simple requirement where a user can input some details using a form.I have created a List and using sharepoint designer generated a customized new entry form which can submit data into list.There are two types of users one end user and second admin.
The problem is ,I have to give permission to the list for end users so that they can fill entry and submit request.This permission allow end end user to jump main site and they able to see list data and other site details.
Is there any way which I can create a group which has only access to that entry (request from) page and not able to browse any other urls
I want to use coding level solution if it is possible with in built functionality.
The new customized form is inbuilt functionality.
Please help .
Thanks
Ritu
you can specific permissions on the list, without giving permissions to the whole site. This way you can even give permissions to only add items. All that could be done using the browser alone
What I am tring to do is, when people comes to that page:
http://server:26521/MY_Portal/service/default.aspx
I want them to be redirected to that page
http://server:26521/default.aspx
Depending on their User name Or User Group.
Thanks for helps.
I can think of two ways to do this:
If you're using ISA Server or a similiar product in front of Sharepoint, you can configure it to do this. So those users who you want redirected will never access the first page.
Alternatively, you could write a webpart, which analyzes who the user is, and does some sort of redirection, either in .net or in javascript to the page you want.
I have a project where I need to add users to a SharePoint portal, but when I add them, I also need to set addition parameters inside a separate database.
I want to add a custom administration screen where the administration can set these values when they add the user rather than forcing them to first add the user then go to a separate interface page where they set the values.
Does anyone know of any good articles that will explain how to accomplish this?
Thanks.
It would be easier to create a custom asp.net form that would get all the information required about the user.
the submit could then add the information to the database that is needed and use the object model to add the users.
SPRoleAssignment MyRoleAssign = new SPRoleAssignment(”domain/alias”, “email address”, “User Name”, “Description”);
SPRoleDefinition MyRoleDef = newSubWeb.RoleDefinitions["Contribute"];
MyRoleAssign.RoleDefinitionBindings.Add(MyRoleDef);
site.RoleAssignments.Add(MyRoleAssign);
Code from farhanfaiz.wordpress.com here
Otherwise the SharePoint webservices may do.
Examples here