I'm currently facing to a dn based search problem.
I work on a client LDAP so I can't modify the structure and I have a readOnly full access.
In this LDAP the users a grouped by permission.
Let's imagine 4 permissions with follow uid :
uid=APP1#Admin#feature,ou=permission,ou=client,ou=fr
uid=APP1#User#other feature,ou=permission,ou=client,ou=fr
uid=APP2#Admin,ou=permission,ou=client,ou=fr
uid=APP3#Admin,ou=permission,ou=client,ou=fr
APP1, APP2 and APP3 are three diferents applications
Now imagine 3 users :
First
uid=jdoe,ou=user,ou=client,ou=fr
dnPermission=uid=APP2#Admin,ou=permission,ou=client,ou=fr
dnPermission=uid=APP1#User#other feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP3#Admin,ou=permission,ou=client,ou=fr
Second
uid=jdupont,ou=user,ou=client,ou=fr
dnPermission=uid=APP1#Admin#feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP2#Admin,ou=permission,ou=client,ou=fr
Third
uid=mhari,ou=user,ou=client,ou=fr
dnPermission=uid=APP2#Admin#feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP3#Admin,ou=permission,ou=client,ou=fr
Each application can have many permissions and the list of permission is not stable in the time.
My aim is to get all user having permission on APP1 with a single query.
I can't get all users and filter after because the LDAP has 24K+ users and my application concern only 75 users.
My first idea was to handle dn like string and user follow query :
(&(objectclass=people)(dnPermission=uid=APP1*))
or
(&(objectclass=people)(dnPermission=APP1*))
but both return me 0 results.
Is possible ?
How ?
NB1 : people is a subclass of standard Person class with no technical account
NB2 : dnPermission is a DN link, not a full text attribute.
My guess is that there is no such things as an objectClass 'People'.
The standard object class for people in LDAP is 'Person' and its subclasses 'organizationalPerson' and 'inetOrgPerson'
Related
I have a use-case of retrieving content that is created by a particular user. Whenever I try GETng it, I am getting all the data created by different user.
Scenario 1:
I have an admin user. I created a content type of stock-list with name and description field.
I created 5 rows of data as per stock-list content type.
Scenario 2:
I have another user say testA.
I have created 4 rows of stock-list content by logging in as testA.
Now I wanted to retrieve stock list created by userA. Supposing I have a public endpoint for getting GET /stock-lists, how can I GET that ?
Currently when I am firing GET /stock-lists, I am getting all the data created by admin and testA user combined.
Can anyone help ?
does the stock list have a relationship with a user.if not make a relationship of one user having many stocks then you can make a query by finding all the stocks with a specific user.
I'm adding security around some buttons in an app I built long ago. The way I implemented this security feature is that I created a a role in the database's ACL. I do a check in the button's hide-when formula and expose the button if the role is there. That role is assigned to a security group in the Domino Directory. That security group contains a collection of other groups. These 2ndary groups contain people's names. Those names are retrieved from a Postgres database -- I have a LotusScript agent that pulls the names from that database. The problem I'm seeing is that even tho a name is in the 2ndary group, Notes doesn't recognize it. Here's an example. This user are in these groups:
however, he should also be in all of these:
How can I debug where the problem is?
thanks
clem
I think the problem is that for one group in particular, there are 2 copies of the group document. I didn't see that b/c in the main group view it doesn't show up. But when I was in the process of assigning a child group to a parent group, I can see the duplicate listed. I suspect this is the source of the problem. Will confirm.
thanks
clem
Make sure the members of the 2ndary groups contain names in fully qualified format that matches the first entry of their FullName in the person document. EG "John Smith" should be "CN=John Smith/O=LabWare" or something like that.
You can see what groups and roles the system recognizes a user in by double clicking on the security icon on the status bar in the Notes Client (bottom 3rd from the right) after you have opened the database.
I am using load runner 9.5. I am facing a problem during Dyanmic data handling. Scenario is given below-
I have Library management application. Login-> Select book(data display based on User credential) -->Purchage and Logout.
Ex: Guest user: 50 Books display to choose
Admin : All Books display choose
Normal user : 100 Bokks display choose
Please help me How to handle these type of dynamic data based on user role. Is there need to create different script with different role ?
Please follow the below steps -
Record the same flow with the same user credential 2 times (Replica of first script)
Compare the scripts using W diff
Find the values which are different like purchase order, timestamp and user session.
Correlate the values which are highlighted in yellow means value which is different in each script.
Have you had the benefit of training in LoadRunner and a mentor for your first year of work in this field?
Whats the difference between themeDisplay.getUser().getGroupId() and themeDisplay.getScopeGroupId()?
If I retrieve Layouts (pages) from it, would they have any different URL pattern like, /web-or-user/<user>/* or /web-or-user-or-group/<group>/*?
I mean am I right to say that every user has his own group or something?
As I understand it so far, it seems like User Foo has group UserFoo and group GroupFoo so you can retrieve pages personal to Foo or group of Foo ... Am I in the good way?
Every authenticated user can have their own private and public pages which would be the getUser().getGroupId().
Then there is also the Community that a user is currently viewing which is the Scope Group ID.
So yes you're right! :)
Using a group Id you can get the public or private pages of the user. while a scopeGroupId is related to the permission of your portlet(refer chapter security and permission in (http://www.liferay.com/documentation/liferay-portal/6.1/development/-/ai/security-and-permissio-4)
I have created a custom User profile template and object in the core database in Sitecore (as per the Security API Cookbook).
I can select this programmatically (as per the Security API Cookbook) so that my extranet users have an extended profile, that covers all the usual suspects (Address, phone, email format etc.)
However, where is this data stored? And how do I access it if I want to query the database to return a subset of users based on this profile data.
A typical requirement for an extranet member system is to extract a list of users to contact either in an email or a phone type campaign. Can this be done with the Sitecore membership system?
UPDATE>
I'm going to take a guess and say the profile data is stored in aspnet_Profile.PropertyValuesBinary .. which would make it nigh on impossible to query and not suited to my purpose. That is unfortunate. So to extend my question, if that is the case, is it possible to get Sitecore to store those values in the text field so they are searchable?
The standard Microsoft implementation of the SqlProfileProvider (which is used in Sitecore by default) stores the user profile information in the aspnet_Profile table. All the properties are serialized into the PropertyNames / PropertyValuesString columns. The PropertyValuesBinary is used to store the binary data (images). You can find more details if you look at the code of System.Web.Profile.SqlProfileProvider, SetPropertyValues method.
Next, all the custom properties you define in the user profile, are serialized to the SerializedData property of the Profile class, and it is again serialized to the PropertyNames / PropertyValuesString columns like any other property.
Also, couple of properties are stored in aspnet_Membership table (for some reason) - Email and Comment.
So, if you are going to query the users by Email, you can use FindUsersByEmail method of MembershipProvider. Otherwise, if you plan to filter by another property value, I suppose, you'll have to get all users and filter the obtained collection.
Hope this helps.
I faced this exact problem last week, didn't come up with a permanent solution, but to solve my particular issue, I wrote a little helper page and added it as a Sitecore application to be accessed from the CMS interface. All it did was query all users, and determine if they had any of like 5-6 profile properties assigned.
var userList = Sitecore.Security.Accounts.UserManager.GetUsers();
That is the relevant line to grab the users, it returns Sitecore.Common.IFilterable
So if you need to do something where you're grabbing profile info from all users, you cn do something like this:
foreach (Sitecore.Security.Accounts.User user in userList)
{
Sitecore.Security.UserProfile profile = user.Profile;
string whatever = profile["Whatever"];
//add whatever to a list or something
}
This worked out very well for my purposes, but I don't know how feasible it will be in your situation.