I'm trying to sync my roles from my LDAP to keycloak. As i have objects in my Domain that share the name of my needed roles i can't use the cn as "Role Name LDAP Attribute". Instead i want to create groups with a prefix like keycloak-mygroup and omit said prefix in the keycloak roles.
If that isn't possible, i'd like to create these groups with a prefix and use another attribute of the group as a role name. The roles i want to sync, already exist in my keycloak instance.
If i try to use an attribute like description i get an error ("Violation of UNIQUE KEY constraint "UK_J3RWUVD56ONTGSUHOGM184WW2-2". A duplicate key cannot be inserted into the dbo.KEYCLOAK_ROLE object. The duplicate key value is (, default).") and if i use an attribute like distinguishedName (those roles don't exist) everything is created.
How can i use a different attribute than cn for my role names and have it sync?
I was able to solve this problem. The error happens if a group is missing the attribute used for the group name. Every group has to have the used attribute, otherwise the sync will fail for all groups.
Related
My customer has created roles with the names of the company's business divisions and sub-divisions. He wants to take the role the creating user is in, along with the next level up Role and populate that into two fields on the opportunity, to then use those two fields. (ROLE and SUB-ROLE) as Dashboard filters. Since the role is in the setup section and is also not a field on the user record, I'm assuming some type of Apex Trigger or Flow would be needed to take the role names of the creating user and then insert them?
They are new to Salesforce.. they have not tried anything yet.
I'm developing a web-api that manages a two level hierarchy objects:
Group -> SubGroup.
The group are added only by their names and it is a unique identifier for the group
The sub groups are added only by their names and the group name + sub group name is a unique identifier for the sub group.
The subgroup can "live" only in the context of its parent (the group).
Both the group and subgroup have unique ids in the system (besides the names).
The user should have an option to get a certain subgroup details and i'm uncertain if i should give him an endpoint that lets him access it directly.
I researched some threads by didn't get a good answer (1,2,3)
I have two options:
Option 1:
create an endpoint that lets the user to access subgroup only by specifying its name and its parent group name:
/groups/subgroups?groupName="x"&subGroupName="y"
Option 2:
create a "direct" access endpoint that lets the user access the subgroup directly without specifying the parent group name by using its internal id (In the subgroup creation return this id)
for example:
/subgroups?id="52regfd235fdsf325f" (the id of subgroup "y")
What is the best practice for this situation? is adding a "direct" access endpoint to a nested resource is fine or it should be avoided? what will be the case for a subgroup removal endpoint for example? should it be identified by the subgroup id or by its name?
In the general case, when we have H1->H2->H3->...Hn hierarchies. For trying to access the last resource in the chain, what will be a good rule of thumb here?
I am currently investigating using OrientDB to implement an authorisation system and I'm having some trouble with the edge arrow notation.
The graph has four different vertex types:
User
Group
Role
Resource
And four different edge types:
IN_GROUP
HAS_ROLE
CAN_ACCESS
INHERITS
And the structure is:
User -IN_GROUP-> Group
Group -HAS_ROLE-> Role
Role -CAN_ACCESS-> Resource
Role -INHERITS-> Role
A role may inherit other roles. This means that Role A may inherit Role B which may inherit Role C. I want to produce an Orient query that can say 'For a specific user, give me all of their roles, including any that they inherit'
Currently to get a roles inherited roles I'm doing this but it only retrieves the first level of inherited nodes:
match {class:User, where:(name='Sean')} -IN_GROUP-> {class:Group} -HAS_ROLE-> {} -INHERITS-> {class:Role, as:role} return role.name
What I'm trying to retrieve is the entire chain of nodes that this initial role inherits, can anyone help me with this please?
what you need here is a WHILE condition on the INHERITS relationship:
match
{class:User, where:(name='Sean')} -IN_GROUP->
{class:Group} -HAS_ROLE-> {} -INHERITS-> {class:Role, as:role, while:(true)}
return role.name
I have a collection users whose documents will belong to a company (and each company can have many users). Because I set a unique index on the company name, can I use the name as the foreign key inside the user document, or is it recommended to use the id instead?
If name is unique and is guaranteed to never change, then you can use it, no problem. Although there were cases in my practice when names turned out to be not-so-unique and not-so-immutable (damn requirement changes). So, just to be extra safe, use the id.
I've made a guestbook application using Google App Engine(GAE):python and the client is running on iPhone.
It has ability to write messages on the board with nickname.
The entity has 3 fileds:
nickname
date
message
And I'm about to make another feature that user can post reply(or comment) on a message.
But to do this, I think there should a 'primary key' to the guestbook entity, so I can put some information about the reply on a message.
With that three fields, I can't get just one message out of database.
I'm a newbie to database. Does database save some kind of index automatically? or is it has to be done by user?
And if it's done automatically by database itself(or not), how can I get just one entity with the key??
And I want to get some advise about how to make reply feature generally also. Thanks to read.
Every entity has a key. If you don't assign a key_name when you create the entity, part of the key is an automatically-assigned numeric ID. Properties other than long text fields are automatically indexed unless you specify otherwise.
To get an entity if you know the key, you simply do db.get(key). For the replies, you probably want to use a db.ReferenceProperty in the reply entity to point to the parent message; this will automatically create a backreference query in the message to get replies.
Each entity has a key, it contains information such as the kind of entity it is, it's namespace, parent entities, and the most importantly a unique identifier (optionally user specifiable).
You can get the key of an entity using the key method that all entities have.
message.key()
A key can be converted to and from a URL-safe string.
message_key = str(message.key())
message = Message.get(message_key)
If the key has a user-specified unique identifier (key name), you can access it like this
message.key().name()
Alternatively, if a key name was not specified, an id will be automatically assigned.
message.key().id()
To assign a key name to an entity, you must specify it when creating the entity, you are not able to add/remove or change the key name afterwards.
message = Message(key_name='someusefulstring', content='etc')
message.put()
You will then be able to fetch the message from the datastore using the key name
message = Message.get_by_key_name('someusefulstring')
Use the db.ReferenceProperty to store a reference to another entity (can be of any kind)
It's a good idea to use key name whenever possible, as fetching from the datastore is much faster using them, as it doesn't involve querying.