RSS feed of new entries in Active directory - active-directory

tldr: if details are changed or new accounts added in active directory we want to update an RSS feed.
Our organisation has a good deal of staff changes so it can be slightly crazy to keep track of who's in what role and new staff that have joined us.
I'm currently interested in setting up a feed which will show staff changes which I could then have show up on our intranet site (internal only so no privacy issues there). Something like: Jane Doe has started working for CompanyName in DepartmentName, here's a link to her staff profile [LINK]. Or Bill from accounting now works in building management.
Basically person x now works for us, or person y has changed roles.
We handle our login authentication with active directory (which I don't know heaps about), any time someone comes to work for us they get a login; when they change roles they would have their details changed in active directory.
What I want is an RSS feed which would have new items added to it dynamically any time that a new user is added or a staffmember's details are changed on AD.
a particular item in the feed would look something like this
<item>
<title>[username] [now works here / has changed roles]</title>
<link>.../staff.aspx?uid=[username]</link>
<description> follow the link to see their staff profile</description>
</item>
how can I get the feed xml file automatically updated when one of those changes is made in active directory?
Thanks for your time.

I would recommend setting up a service to poll for the changes that then writes them somewhere else for you to pick up and manipulate for your RSS feed.
Ryan Dunn has a great post discussing how to do this in .Net, specifically with Change Notifications. Personally, I'd recommend using DirSync as it's pretty easy to setup, but his post does a great job with pros/cons of each method.

This is quite a complicated question. Active Directory has a "last modified" attribute and a "created" attribute. So you could query the timestamp on created and then update an RSS file from that to get your new users. However, just because an AD entry has been modified doesn't mean the job title has changed, so you're going to have to cache the Active Directory somewhere locally, say into a database and then do a check against that to see if a job title has changed.
You'll need to write some LDAP queries (See here, for example: http://www.selfadsi.org/extended-ad/search-user-accounts.htm) to find all the accounts and then process them.
What language are you looking to use?

Related

Site guest user cannot run Get Record element

In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?
It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record

URL to open Access Web DB form at specific record

I would like to create an email workflow using an Access Web DB form to manage holiday requests. The user will create a request from the form, save it - which triggers the SendMail data macro, ideally with a link in it for the approver to click and go to the approval form filtered to the correct request ID.
Does anybody know:
a) If it is possible to load the form in the browser filtered at the specific record ID. I have tried appending ?ID=1 to the form URL and so on, without any joy so far.
https://mysharepointserver.com/sites/mywebapp/default.aspx?ID=1
b) If possible, what steps do I need to go through to get it working?
This is an Access 2010 web database hosted on a heavily bespoke Sharepoint platform. Any help appreciated.
I have worked it out, using:
?Page={ID}
However, the one caveat with this is that if you delete a record then the page number refers to the records position in the table, not specifically the ID. If you can ensure that records are never deleted from the table it will remain aligned with Page number and ID number.
Its a bit of a pain, but if anyone finds a way of referencing ID directly that would be the ideal solution.
You can also use something along the lines of:
http://...sp_site_path.../default.aspx#Type=Form&Path=NavForm.Subform&Name=ActualForm&DataMode=Edit&Where=%3DID%3D1000
I believe the key part here is...
&Where=%3DID%3D1000
...which in this case refers to the database field [ID] and record 1000, ie:
[ID]=1000
The rest of the URL is refers to a specfic form within your site, however is you only have one, it is potentially not important for your purpose, and you would be able to get by with something like:
http://...sp_site_path.../default.aspx#Where=%3DID%3D1000
Since all my sites use navigation pages, I haven't tested this out

Access VisualForce Page without salesforce account

I'd like to create visualforce page that inserts a record into salesforce account object. However, I expect some of the page users won't have salesforce accounts. Can they still access it? If not, what are the alternatives that can be used to visualforce page in this case? (Please don't consider Web to Lead Forms).
Thanks,
Yes, it's possible. Go read about Salesforce Sites. For a start:
http://wiki.developerforce.com/page/Websites
http://wiki.developerforce.com/page/An_Introduction_to_Force.com_Sites
(of course it's also possible to write that page in say Java/.NET/PHP and use integration via SOAP or REST to talk to Salesforce... but these 2 main links will keep the whole solution within SF so no need to need to learn new language, have extra maintenance effort etc)
Sites are VF pages that expose a bit of your company's data without need to log in. You can use them to input data too, just remember that in theory anybody could learn the link and spam you (not too different from web2lead, inbound email handlers etc). You specify security in a way similar to Profiles, the records will have "Created By = {site name} Guest User".
I don't think there's anything out of the box to restrict visibility, they're open to whole world. So if you would want something similar to login IP ranges (so only sales reps from your office's network can enter data) - you might have to write some logic in the controller.

Suggestions for creating a multi-blog site in CakePHP with ACL 'memberships'

I've been diving into CakePHP this year and I'm loving it! However, I've just run across a problem that I'm not sure how to handle. My database design is this--
USER can belong to one or more WEBSITE
A WEBSITE can have many USER
So I have a many-to-many relationship which is tracked in MEMBERSHIP
MEMBERSHIP also tracks what group_id the USER has for that WEBSITE.
For example, if user1 joins website3 as an administrator and website5 as a editor, then the MEMBERSHIP table has an entry reflecting both those roles.
Basically my problem is Cake's ACL. In the above-mentioned model, user1's group_id would change depending on which WEBSITE he's selected after logging in. (And he could subsequently change to even more websites within the dashboard by changing the group_id again and again). Cake's ACL appears to only handle 'user belongs to one group' period.
Can I trick the ACL by giving it the group_id from the session every time its changed and then reload the AROs? Would it make more sense to scrap ACL and create my own permissions module?
Any suggestions or ideas to point me in the right direction would be GREATLY appreciated!
i think it will be the best way to create your own permission module.
the reasons are quite simple:
you can modify/extend it in any way YOU want
you will not break any cakePHP specifications

Patterns for replicating user data from one software to another

I have a website that I've integrated with a popular forum software (phpBB).
I have it setup so users that login to the main site automatically are logged in to the forum software as well. I do this by authenticating through the forum's API at the very same time.
When someone registers for the site, an entry goes in to the main site database and an entry goes in to the forum user database (using the forum API).
The primary id of the forum user table is stored in a column in the main site user DB. This is saved at the time of registration: the registration process first creates a forum user, then passes back the ID in to the query that creates the user in the main site.
When a user logs in, if they authenticate with the main site, that ID is pulled and passed in to the forum login API to login the correct person.
However, a weird thing seems to happen randomly: one in every 30 or 40 people that registers ends up with a forum user id that is not their own in the main site user table. I know how to look for these problems and fix them on case by case basis and have scripts in place to do so, but that seems like more of a bandaid, not a fix.
Is this a common problem when linking data like this, or does this seem like something more specific with the software? Because of the randomness of this issue its been hard to debug.
I would suspect Session Management. Are you intentionally or unintentionally reusing session ids?
I've done something similar with vbulletin, by directly using the forum's mysql database to autheticate the main site, and other sites (they're all on the same machine)...
In your case, I would add the site-specific fields that are not in phpBB database in the site's db, and link it to phpbb by user_id... It could be one form on the main sites that inserts into the two databases (some in the main site db, others in phpBB db - with some more privileges fields), I'd use my own non-standard captcha like generating a distorted image "what is x+y" with x and y as random numbers and + may be replaced by other operations, or an image of "type the word ORANGE", or "type your username again"
I would disable the default phpBB registration... there are so many bots that know how to use it...
This would guarantee you have one source for the info, and you fill all the info at once.

Resources