I want find users from active directory where Objectsid = "x-xxx-xxxxxx-xxxxxxx-11060"
My search filter is :
(&(objectClass=user)(objectCategory=person)(Objectsid=*11060))
but no users are returned.
What is problem with my filter?
When I completely write Objectsid the user information return.
Even when change code to
(&(objectClass=user)(objectCategory=person)(Objectsid=*))
that should return all users, but no user are returned
LDAP is case-sensitive, and the proper spelling of that attribute you're trying to use is objectSid (not Objectsid) - so try this filter:
(&(objectClass=user)(objectCategory=person)(objectSid=*))
Related
ENVIRONMENT:
Keycloack 3.2
Saml2.0
SITUATION:
I need to add user attributes value dynamically.
TASK:
I need name attribute for my user, which can fill dynamically from First Name and Last Name fields, which as I found in keycloack can be fullName property.
NOTE: Instead of fullName it can be firstName + lastName field in my case as well.
ACTION:
I added user property with name fullName under my Clients -> myCLient -> Mappers,
then added under my user Users -> myUser -> Attributes, attribute key name and attribute value ${fullName}.
RESULT:
As a result I got ${fullName} as a value instead of dynamic value from my predefined user property.
QUESTIONS:
Is it possible to do this kind of things what I need ?
If it's possible then, what are wrong in my steps here?
For users like me who looking for a solution of this problem with newest version of Keycloak, in keycloak 18.0 you can create a Mapper with the type Javascript Mapper with this code: user.getFirstName() + ' ' + user.getLastName().
As a solution, I found that under client in keylock we have builtin user properties.
Example X500 givenName, X500 surname can be added and can get in BE side as a part of SAML assertion attributes.
There is another solution if the user federation are LDAP or Active Directory
On the user federation you can use the full-name-ldap-mapper.
By default it uses cn, but you can change that.
Next in your client you would add a saml mapper.
{
"name": "fullName",
"protocol": "saml",
"protocolMapper": "saml-user-attribute-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "Unspecified",
"user.attribute": "full name",
"friendly.name": "Full name",
"attribute.name": "displayName"
}
}
Remember the attribute.name is the property that the SP would use.
Also the nameformat has to be discussed with the SP.
I need to get users from Active Directory.
According to many places include MSDN
https://msdn.microsoft.com/en-us/library/ms677643%28v=vs.85%29.aspx
the correct query is this (&(objectClass=user)(objectCategory=person)).
Unfortunately, I was not able to create the query using Unboundid filters.
I have created the following filters:
Filter categoryFilter = Filter.createEqualityFilter("objectCategory","Person");
Filter objectFilter = Filter.createEqualityFilter("objectClass","user");
Filter searchFilter = Filter.createANDFilter(objectFilter, categoryFilter);
It does not return results.
When I looked into objectCategory of LDAP object I have found that it looks like the following:
CN=Person,CN=Schema,CN=Configuration,DC=…,DC=com
Therefore I have changed categoryFilter to the following:
Filter categoryFilter = Filter.createSubstringFilter("objectCategory", null, new String[]{"Person"}, null);
Unfortunately, I still do not get results.
Then I used the categoryFilter with the full objectCategory name:
Filter categoryFilter = Filter.createEqualityFilter("objectCategory","CN=Person,CN=Schema,CN=Configuration,DC=…,DC=com");
Only in the last case I get results.
How to make the filter more generic?
How to obtain the full objectCategory name from Active Directory?
I need to obtain CN=Person,CN=Schema,CN=Configuration,DC=…,DC=com for any Active Directory while I know that the objectCategory is Person.
Do you know other way to create filters for the query (&(objectClass=user)(objectCategory=person))?
Solution
(not mine therefore do not want to put in the answer)
I have created filter using the following string (sAMAccountType=805306368) and it works perfect:
Filter searchFilter = Filter.create("(sAMAccountType=805306368)");
Source: http://ldapwiki.com/wiki/Active%20Directory%20User%20Related%20Searches#section-Active+Directory+User+Related+Searches-AllUsers
I'm working in PL/SQL and searching LDAP ( with A.D defining the schema) for all locations. Right now I can apply a simple search and find all users. Each user has the address information via the following properties:
'physicalDeliveryOfficeName';
'streetAddress';
'l';--city
'st';--state
'postalCode';--zip code
However, I would like to search for all the locations separate from the search done for people. Is it possible to search Active directory to just find the locations(with out looking up each person) ? If so what would the search filter look like ? I tried objectClass=Physical-Location,DC=example,DC=com and didn't find any locations (beyond the schema) . I'm not sure if that's because there's a security issue, or its not possible to look up locations in that way.
What you have listed are attributes in AD. You can return attributes in searches and search for specific values but you'll always return the objects the attributes are attached to (in this case users). You're a little light on the details of how you're searching so I'll take a stab.
You can load just the location attributes you're looking for, be it State, City, etc.
var domain = "mydomain.com";
var dn = "CN=Users,DC=mydomain,DC=com";
var ldapSearchFilter = "(objectClass=user)";
var connection = new LdapConnection(domain);
var attributeList = new string[] { "physicalDeliveryOfficeName", "l", "st"};
try
{
var searchRequest =
new SearchRequest(dn, ldapSearchFilter,
SearchScope.OneLevel,
attributeList);
var searchResponse =
(SearchResponse)connection.SendRequest(searchRequest);
var locationList = (from SearchResultEntry entry in searchResponse.Entries
select entry.Attributes["physicalDeliveryOfficeName"][0].ToString())
.Distinct().ToList();
catch (Exception ex)
{
//Handle errors
}
One thing to keep in mind with this example. If the attributes aren't populated in AD, the WriteLine will throw an error when trying to read the attribute. If you are using some other search type (DirectorySearcher maybe) you should still be able to load just the attributes you want to get back.
I want to write a request on the search result request webpart. My request should enables me to retrieve all documents that have the biggest number of likes. There is no variable for the number of likes proposed on the drop list while writing a request , that why I decided to set a refinableInt00 variable and give it the value : LikesCount but it doesn't work? it means that LikesCount doesn't exist as a variable on sharepoint so what is the variable on sharepoint that would enable me to have the number of likes?
You can get the number of likes using the listitem property "Number of Likes"
This is a code from a Sample console application
using (SPSite site=new SPSite("your site URL"))
{
using (SPWeb web=site.OpenWeb())
{
SPList list = web.Lists["Your List Name"];
foreach (SPListItem item in list.Items)
{
//Print the number of likes
Console.WriteLine(item["Number of Likes"].ToString());
}
}
}
I know this is old but I had the same question. The problem is the LikesCount property does not default to Sortable. To fix this:
-Open up Central Administration
-Go to Search Service Application
-Click on Search Schema
-Locate the "LikesCount" property and click edit
-Scroll down to Sortable and change to Yes
-Run a full crawl on your content source
Ratings for list must be enable.
List -> List settings -> Rating settings ->
Allow items in this list to be rated?
yes ? no
and
Which voting/rating experience you would like to enable for this list?
Likes ? Star Ratings
After that you can access likes by "Number of Likes" field name "LikesCount".
"Number of Ratings" field name "RatingCount"
Is there a way to derive a user's email given his user_id?
You can build a relationship between the email and the user_id,and then retrieve it as needed. If the user is logged in you can easily access both properties separately.
http://code.google.com/intl/en/appengine/docs/python/users/userclass.html
However the user_id is not a hashed version of the email that can be reconstructed using some kind of algorithm.
It seems like it's not possible to derive an email from a user id. If you want to go from user_id to email, you must store both when the user is logged in, and then, when the user is not logged in, do a lookup to convert. Eg.
class Email(db.model):
'''keyed by user_id'''
email=db.EmailProperty()
def save_user():
u=users.get_current_user()
k=db.Key.from_path('Email',u.user_id())
e=Email.get(k)
if not e:
Email(key=k, email=u.email()).put()
def get_email_from_user_id(id):
'''No way to derive email without a lookup.'''
k=db.Key.from_path('Email',id)
return Email.get(k).email # raises exception if email is not found