I should note, this user had existed in the past, left, and then came back to be reactivated.
I inherited this Redmine system in the interim, so I don't know all of tis details (read: quirks)
===
When attempting to create the user name.last#student.email.edu, Redmine fails the user add saying The email is already in use.
However a search of Redmine users shows no such user, and can find no such email.
When searching in Redmine for both MY username and my email - both come up, so I think I'm doing the search correctly.
Redmine users are validated against an Samba Active Directory domain (not locally).
The user account seems to be fine in Samba Active Directory.
One user can have multiple e-mail addresses, best way to resolve that situation is to either seek for that user via ruby console or with some SQL database query tool.
Console approach:
To activate ruby console, just on your Redmine server, navigate via terminal or cmd on windows to Redmine install folder and type rails console, you might need to add RAILS_ENV=production if required.
EmailAddress.find_by(address: "my#address.com")
Replace my#address.com with address you are looking for, or
That would return result like:
#<EmailAddress id: 3, user_id: 1, address: "my#address.com"...
Than in following query, you can get exact user id, by using user_id from previous query:
User.find_by(id:id_from_previous_query)
Just replace id_from_previous_query, with proper id, retruned in previous query.
Database approach:
E-mail addresses are located in email_addresses database table.
Below is sql code that you can run if you installed Redmine with MySql/MariaDb,
just replace %search% with email or part of email that you are searching for
select login,firstname,lastname,address from users left join email_addresses on users.id=email_addresses.user_id where email_addresses.address like '%search%'
I have also created feature proposal, based upon your inquiry here: https://www.redmine.org/issues/31043
Related
For a client, we have to connect a WSO2IS 5.10.0 to an Active Directory.
For that we have created a secondary user Store with this configuration:
User store main configuration
User store optional configuration
User store advanced configuration
WSO2IS can connect to Active Directory as we can retrieve users and roles.
Before doing any claim mapping we have tried to edit and create user without any problems.
And then we have mapped some claims to retrieve more information from Active Directory.
And here come our problems:
We can't create a user in Active Directory
We can't update a user in Active Directory
This two problem gives us this error :
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C45,
comment: Error in attribute conversion operation, data 0, v1db1
Things that we have tried:
Check (and check a second and third time) that all our claims are mapped correctly (and they are)
Reset all claims to default mapping (on the state where we where able to create/update user)
Set User DN Pattern (as explained here)
Restart on a fresh instance of WSO2IS 5.10.0
But all things that we have tried are not helping and we are stuck.
Any help would be hugely appreciated. Thank you for any suggestions.
As asked, this is the AD attribut we have mapped :
sn
givenName
cn
displayName
name
description
mail
sAMAccountName
userPrincipalName
accountExpires
pwdLastSet
userAccountControl
scriptPath
homePhone
mobile
facsimileTelephoneNumber
title
department
company
Here the issue is LDAP_NO_SUCH_ATTRIBUTE returned from the AD.
We don't know which attribute is missing on AD side.
From the existing DEBUG logs of the server, probably you wouldn't be able to log all the attributes that WSO2 is going to update. Therefore, you have to choose an alternative option.
Manual check - Even though there are only few attributes configured (and verified) by you, there are other claims with default attribute mappings. Please check all the mapped attributes that are there in the http://wso2.org/claim dialect.
Remote debug - Remote DEBUG the server to check what are the attributes WSO2 is trying to write in to. (Smaller subset than previous approach) Then verify if those exist.
To do this remote debugging you can check out the Kernel source code from here.
To find out the correct tag to checkout, you can find the kernel version of your identity server version from this release matrix.
Once you clone and checkout the correct tag, you can use IntelliJ Idea or a capable IDE to remote debug the server as explained in the this blog.
Though it's hard to point an exact line of code, you can put DEBUG points to ActiveDirectoryUserStoreManager.doAddUser() and ActiveDirectoryUserStoreManager.doSetUserClaimValue() methods and start from there.
P.S. You can also check if the carbon log's stack trace contains any clue of the failing attribute or the respective claim, so that you can check validate it.
In a self-hosted C1-CMS (formerly Composite C1), how can I reset or recover the password? Can the password be viewed or reset somewhere on the server?
(Composite C1 4.3, Build 4.3.5555.25838)
If you are using the default XML data store, the users and encrypted passwords are stored in: /App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
If you have another user with a password you know, you can replace the encrypted password string on the account you are trying to access, with the encrypted password from the account you know. Then login and change the password.
I received this answer from the official Orckestra support team (very helpful, although I am not a paying customer, thumbs up!):
You cannot recover the password, but if you have access to the files (or SQL Database, if you migrated data to SQL) you can reset the password:
This should work for sites running on XML data store (default):
Edit the file ~/App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
Locate the xml element for the user you want to reset the password for
Change the following two attributes to the shown values:
EncryptedPassword="hsfIeqkVA5yoMIwzYIx4fWny5GjwNwiM3wA5K+9qCug="
PasswordHashSalt="/zgEhlwBe6Vl0HHqMFPxafrtwqlRIGVS"
Save the file.
If your site is on SQL, locate the table Composite_Data_Types_IUser_Published and put the above shown values into the corresponding columns (EncryptedPassword and PasswordHashSalt).
You should now be able to log in using the password "123456" for the user you changed above. Once in the CMS Console, you can set a new password using the top Tools menu (top right user menu n V5 and later).
I recently had a scenario where neither of the suggested methods would work for me. I was able to remedy this by creating a c1 instance locally, creating a user with the same username and the desired password, and then overwriting the password salt and hash from the local site to the one you're locked out of.
I have an Azure Active Directory (AAD) set up in my Azure subscription associated with an email address of mine, which we'll call A.
Some time later, I updated my Microsoft Account to use a new email address B as the primary email address, with A being associated with it still so it can still be used and the two email addresses treated as being one.
In AAD there is one user, whose user Id is A which appears not to be able to be changed as it is greyed-out. Attempting to add B fails with the error: You cannot add yourself.
Is there a way I can force the user name of the AAD user to be B instead of A?
The reason I ask is because I am trying to setup an Azure Key Vault in my subscription as it appears to be failing because whether or not I sign in as A or B in Azure Powershell, I am always signed in as B. This then causes this error message, which I appear to be unable to work around:
New-AzureKeyVault : Cannot find the Active Directory object 'B' in tenant
'{Tenant Id}'. Please make sure that the user or application service principal you are
authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet
'get-AzureSubscription -current' is the current subscription's Azure Active directory.
Can you check that you are using the latest bits for Key Vault PowerShell?
I talked with some folks internally and we believe that an experience like this may be expected if you are using an older version of the PowerShell CMDLETs, but the lastest version should be update to date and not run into the issue you are having.
If you find that you still hit this issue after upgrading, we may have a bug on our side that we should fix.
In that case, my suggestion is for you to create a new Admin User. Then delete the old Admin Account (you may need to Transfer Onwership of your AAD Subscription to the new Admin), and then recreate your account, which will pull the lastest information from that user.
However, I only reccommend trying this after having updated the PowerShell bits.
Please let us know if either of these methods resolves your issues.
Thanks,
Shawn Tabrizi
I have some users that have had no problems at all in the past. All of a sudden they can't log in anymore. Nothing has changed in the OUs in Active Directory. All other users can log in, no problem. It's just these two. The only thing I can see is in the 'field_data_ldap_user_current_dn' table their 'ldap_user_current_dn_value' got set to null. I manually set this in the db back to the correct dn, but this didn't help. How can I get these users their access back?
Edit:
Whenever cron gets run these two users get their DNs nullified.
I don't know if there is another solution, but I had to delete the users account and assign their content to anonymous. Then they logged in using LDAP credentials and the account was created successfully. Then I just had to assign their content back to them.
We're using Active Directory to manage some of the accounts in our Sitecore instance. In the database the usernames are in the domain\username format (as you'd expect).
In Sitecore, I can do
var user = User.FromName(item["__Created by"], true)
and I get back a user object, but I can't seem to get the Guid associated with the user in the aspnet_Users table.
Other than using AD, we're not doing anything funny with the membership provider.
Edit: I probably should have stated: I've got the ProviderUserKey but it's not the UserId from the aspnet_Users table as it would be if this were using the membership provider that comes with Sitecore, it's very different (it's of type System.Security.Principal.IdentityReference.SecurityIdentifier if anyone is interested)
This is not possible without directly querying the database. You could write an extension method that queries the database for the User, but I would recommend not using a database field that is intentionally hidden/abstracted by the API. If you provide more info on why you wanted to get the UserId, we might be able to help you find some alternatives.