I'm trying to get all users of a specific user group. I'm doing this in java, I can connect to ldap and get results from different queries. However I've searched to find solution but as far as I can tell the LDAP of my workplace is structured differently than what seems normal.
dn of users:
ou=Users,O=MYCOMPANY.COM
dn of the user group:
cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM
For the user group, cn is the privilege level / group name (Admin) and the name of the application is in an organisational unit. With this structure, how would I query for all users in this specific group?
I tried:
NamingEnumeration<?> namingEnum = ctx.search("ou=Users,O=MYCOMPANY.COM", "(cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM)", searchControls);
However what attributes would need to be in search controls? I use uid which is the users login name.
I also tried whats outlined here:
(&(objectCategory=user)(memberOf=cn=Admin,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM))
Nothing works and with that, I mean I get 0 results but no error. How can I achieve this with the given organisation of ldap?
Groups have something called memberOf:
So try this:
search -s sub -b "DC=whatever,DC=mydomain,DC=com" "(&(objectCategory=user)(memberOf=CN=GROUP,DC=whatever,DC=mydomain,DC=com))"
you fill in whatever mydomain and GROUP above ^
What attributes would need to be in search controls?
The attributes listed in searchControls are the ones you want returned. The one containing the group members. Depending on what objectClass the group object is, it might be:
uniqueMember for groupOfUniqueNames
roleOccupant for organizationalRole
and so forth.
Related
I am developing an application that imports users and groups from Active Directory.
Base: CN = ivan ivanov, CN = Users, DC = perimetrix, DC = ru, Filter: (& (objectCategory = user) (objectClass = user) (userPrincipalName = *))
The Domain Users default group is not imported. However, if a user is in 2 or more groups on a domain controller, then the default group in which the user is composed is imported correctly.
If the user is only in the default group, then it is not imported.
How to import a default group?
The primary group is a bit different. It doesn't use the member attribute like normal group membership. The primaryGroupId attribute of the user contains the RID of the group (the RID is the last portion of the SID, after the last dash). In most cases, that is 513, the RID of the built-in Domain Users group.
You will have to show your code so we can see what you mean by "imported". It might be a quirk of the specific implementation you are using that isn't checking the primary group all the time.
I did write an article where I showed how to get a user's primary group. It's written in C#, but the principle is the same regardless of the language.
Sorry I am new to LDAP/AD service, I have a problem to make up an easy 3 or 4 level LDAP query for the server, assume the hierarchy is like this:
DN my.com.app (dc=my,dc=com,dc=app)
|_OU maingroup
|_OU subgroup
|_OU grandsongroup
I try to grab all the value defined in grandsongroupwith current log in user (assume username is worker), so here is my filter
filter = "(&(ou=grandsongroup,ou=subgroup,ou=maingroup)(sAMAccountName=worker"))";
but it returns nothing, what could go wrong?
The filter string doesn't define the depth of the search. That's done via another parameter. There are three possibilities:
current level only
current level plus one child level
entire subtree.
The DN you want to search from is specified in another parameter, not in the filter. So the filter string should be merely
(sAMAccountName=worker)
and the base DN for the search should be
ou=grandsongroup,ou=subgroup,ou=maingroup,dc=my,dc=com,dc=app
I configured a JPA store and see users and roles getting added correctly to the db when I call the related picketlink (2.7.1) API's
My questions is this: how does one get a list of all users that have a given role?
I tried doing this using the following RelationshipQuery
RelationshipQuery<Grant> rq = relationshipManager.createRelationshipQuery(Grant.class);
rq.setParameter(Grant.ROLE, role);
List<Grant> grants = rq.getResultList()
But the resulting grant list contains a single assignment grant, that refers to the last user in the database that has that role.
I checked the example queries in the documentation and tests but found nothing that does what I want. I know the project is no longer active but am hoping to find a solution to this.
Found out that role data wasn't imported correctly from the old db. Once I fixed that the above code worked as expected.
I am new at Sun Java System Messaging Server 6.3. I am managing my e-mail users and group via ldapbrowser version 2.8.2.
I want to exclude a particular user from people group.
I found the below string in people group's configuration:
memberURL: ldap:///o=domain.com,dc=domain,dc=com??sub?(&(Employeenumber=*)(InetUserStatus=active))
The definition of the 'People' group is:
Within ldap:///o=domain.com,dc=domain,dc=com, where the attribute Employeenumber is present (Employeenumber=*), and the attribute InetUserStatus has the value active (InetUserStatus=active).
So, if you want to exclude someone, you need and attribute to match, and the value to exclude and construct the LDAP search filter that matches this, and update the filter (&(Employeenumber=*)(InetUserStatus=active)) to correspond to this.
so, if they were Employeenumber 55, then you don't want them in the list, so the condition for this is !(Employeenumber=55), so you need to plug this into the selection condition as:
(&(&(Employeenumber=*)(InetUserStatus=active))(!(Employeenumber=55)))
If you wanted to filter a second user (e.g. Employeenumber 99 as well, then it becomes:
(&(&(&(Employeenumber=*)(InetUserStatus=active))(!(Employeenumber=55)))(!(Employeenumber=99)))
You can see how this will get very complicated very quickly.
I'm new to Liferay development in general, so feel free to point out if I'm going about stuff totally the wrong way.
I'm trying to get a DynamicQuery object of all users within a certain group (I'll use this object to further filter another query I'll do against the message board). The User interface seems to have a roleIds property that I might be able to use, since I already know the roleId I'm interested in. But I can't find the proper way to query if roleIds contains a certain value.
Any ideas on what I want to do?
PS: I would have the exact SQL query I could ask directly, but I'd rather use Liferay's own connection pool, without needing to do some weird ext project thingy.
You don't need a DynamicQuery. These are the methods you are looking for in the classes that Dirk points out:
long[] UserServiceUtil.getRoleUserIds(long roleId)
or
long[] UserLocalServiceUtil.getRoleUserIds(long roleId)
List<User> UserLocalServiceUtil.getRoleUsers(long roleId)
Remember that the methods in the classes XXXLocalServiceUtil are not checking the permissions of the current user.
EDIT: If you are looking for all users with a given role within a given community:
long companyId= _X_; //Perhaps CompanyThreadLocal.getCompanyId() if you don't have it anywhere else?
Role role=RoleLocalServiceUtil.getRole(companyId, "Example Role");
Group group=GroupLocalServiceUtil.getGroup(companyId, "Example Community");
List<UserGroupRole> userGroupRoles = UserGroupRoleLocalServiceUtil.
getUserGroupRolesByGroupAndRole(groupId, role.getRoleId());
for(UserGroupRole userGroupRole:userGroupRoles){
User oneUser=userGroupRole.getUser();
}
The easiest way to access liferays own objects is by using the XXXServiceUtil classes (e.g. RoleServiceUtil.getUserRoles(userId)). Thus you rarely have to deal with any SQL directly. Either the RoleServiceUtil or UserServiceUtil might have what you need.
The roles of an Organizations are stored in the table UserGroupRole, so if you want to get the owner of an Organization you must use the following code:
boolean isOrgOwner =
UserGroupRoleLocalServiceUtil.hasUserGroupRole(
usr.getUserId(),
this.currentOrganization.getGroupId(),
RoleConstants.ORGANIZATION_OWNER);
If you want to retrieve all the Organization Owners of an organization:
List<User> administrators = new LinkedList<>();
List<UserGroupRole> allOrganizationAdministrators =
UserGroupRoleLocalServiceUtil.getUserGroupRolesByGroupAndRole(
this.currentOrganization.getGroupId(), roleId);
for (UserGroupRole userGroupRoleTemp : allOrganizationAdministrators) {
administrators.add(userGroupRoleTemp.getUser());
}
Cheers!