everyone. I installed Swift 1.7.4 , and I want to add a new user to Swift, How could I do it? I find that in 1.4.8 version, somebody had said that I should install the swauth first and I notice that the Swift api also said that choose one authrize way, so I must install a authorization service first? I also find that there is a tempauth middleware in the proxy-server.conf file, could I use this to add user and how?
Yes. You can choose from swauth or tempauth. The most difference of these two auth systems is where they store user information.
Swauth stores user/password information in swift cluster itself. It uses a special container and store every user's information in it. Swauth provides a set of commands for user management such as swauth-add-user, swauth-prep, etc.
In tempauth, it stores user information in proxy-server.conf, so it is very easy to use.
In your proxy-server.conf, enable tempauth in pipeline and put user information in tempauth section. For example,
[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin
user_hi_hihi = testing
Then you will have two users. One is admin:admin whose password is admin. The other is hi:hihi whose password is testing.
Related
I can successfully create an update on projects but it seems that I cannot overwrite the thread creator by ownerID.
URL sample:
https://workfronturl/attask/api/note?updates={"noteText":"test","noteObjCode":"PROJ","objID"="projectid", "ownerID":"ownerIDxxxxafda"}&method=POST
Can the ownerID be forced to another user?
If I understand correctly, you want to make an update on behalf of a user. We do this all the time as we have a system that translates updates from another system to Workfront. If this does solve your problem, please be sure to write to Workfront and tell them that they need to leave this functionality in the API in the future. I have confirmed with them that this wasn't supposed to work this way.
So, with regards to solving the problem, you need to do the following:
Login as the user who you want to make an update on behalf of. You can do this without having the users password if you have an API key. Just run the login command as you normally would, but instead of passing in a password, send the username and apiKey.
This will return a sessionID. Use the session ID to authenticate when making your update.
If your system is caching credentials, don't forget to log out or all future updates, changes, whatever, will try to use that session ID.
If you are using Python, we built a function into the workfrontapi_plus (only Python3.x) python library to support exactly this called make_update_as_user. As a note, I haven't managed to publish the documentation for this yet, but the doc strings are there and fully filled out with instructions.
By taking reference from this post and I am successful in authenticating the user. But this post does not authenticate new users that are not present in alfresco. I have also explored SSOAuthenticationFilter.java to find how alfresco creates user when external authentication subsystem is used but not able figure out how the creation of user takes place in the mentioned subsystem. It would be great if anyone could provide the way to create and authenticate user that are not present in alfresco.
Which version of Alfresco do you use ?
Recent version provide a similar function, please take a look to : http://docs.alfresco.com/community/concepts/auth-basics.html
The only thing you need to need is define the header name in your global properties files.
About the new user creation, in Alfresco behaviour it's based on the synchronization.syncWhenMissingPeopleLogIn properties : http://docs.alfresco.com/community/concepts/sync-props.html
When an unknown user try to loggin Alfresco will trigger a synchronization.
Y.
I have a requirement where, users (with company username and password) should be available in CQ. We have configured LDAP to authenticate the user on the CQ instance based on his company username and password. But, currently, what is happening is, by default, that user is not present in the list of users we see in CQ. Only after he logs in to CQ instance for the first time, his user profile is getting added to the list of users. Is there a way to create/import all the list of users that we have in the company into CQ without asking them to login??? Basically, I should be able to see all the list of users that we have in the company without asking them to login to the CQ instance. Which means, we should be able to import them.
Or, is the scenario above is invalid, since users are being added as and when we login to the CQ instance. I am a bit unclear about this scenario, so any help is appreciated
CQ provides different ways to achieve this,
Manual synchronization of users using felix console.
Using CURL
Creating JMX client that uses LDAP MBean
I am putting the first way to achieve this, you may refer to the link for the detailed answer:
Manual synchronization of users using felix console.
Open the felix jmx console and log in as admin at http://:/system/console/jmx
Click on domain com.adobe.granite.ldap and it displays list of
attributes and operations that can be performed.
Click on operations and pops up with small window to supply parameter
(if required). Ex:- syncUser operation, supply the DN of the single
user (cn=user001,ou=users,dc=day,dc=com) to be synchronized
Click Invoke to transfer appropriate details from the ldap directory
server to CRX.
After referring so many forums, I am able to authenticate and sync active directory users to alfresco. The problem is we have more than 25,000 users and rite now we are planning to open alfresco only for selected users. Whenever someone search people they will be finding all the 25,000 users who are not even using alfresco. My It team is not willing to create seperate group for these selected members. Is it possible to sync only users who are logged in.
I am using alfresco 4.2e Binary Installation. Windows 7 64 bit.
The most easiest way would be to distinct users to sync via LDAP query.
You could find this link useful.
This scenario should do it:
enable ldap authentication
configure the authenication chain to include Alfresco and LDAP. This will ensure to try to authenticat against both systems. e.g.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
disable sync
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false
If you start Alfresco the very first time there is no user in Alfresco. Depending on your strategy how to control the user creatioin you could ether:
create user manual
If you're running on linux the easiest way would be to use the alfresco-shell-tools otherwise you could use the csv-import feature in the user admin. The trick is to use the same username so Alfresco will try to authenticat against both systems before it fails.
create user on first login
Another way is to enable implicit user creation on first login. This isn't my recommendation since you will get trouble later because the user has no email address configured / no user info is synced. (This way is not tested - if this doesn't work you may define a sync query which doesn't return users to enable sync)
synchronization.autoCreatePeopleOnLogin=true
you will get the auto-creation of people who were successfully authenticated but weren't brought in by the sync
you need to add/change this line also on ldap-authentication.properties :
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.synchronization.autoCreatePeopleOnLogin=false
synchronization.syncOnStartup=false
synchronization.syncWhenMissingPeopleLogIn=false
and add on alfresco-global.properties :
create.missing.people=false
Could anyone please provide me with guidance on whether it's possible to use aspNetActiveDirectoryProvider for Authentication and aspsqlProfile Provider to store user specific details?
I'm not quiet getting my head around on how do I get userID that's required for aspnet_profile table if I were to switch to Active Direcory.
Also, is it possible to change password from aspnet admin page if active directory is used?
Regards,
Changing password is possible with AD provider: see ActiveDirectoryMembershipProvider.ChangePassword method.
ASP.NET profile generally associates profile with user name. Typically, user name value will be same as the user identity value used by authentication system. So in active directory case, it would be user's domain qualified login-name (in form of <domain>/<login>) - see this link for more info: http://msdn.microsoft.com/en-us/library/ewfkf772.aspx
You may also create a custom profile provider if you need more control at database schema side - sample is already available from microsoft and you can use that as base, check these links:
http://msdn.microsoft.com/en-us/magazine/cc163457.aspx
http://www.asp.net/downloads/sandbox/table-profile-provider-samples