How to return all users within nested groups? - ldap

I'm attempting to return all users contained in a top level AD group. Let's assume the following:
App_Role (top level AD group)
This group contains both users, and other nested AD groups:
Joe | Bob | Role1 | Role2
The nested AD group Role1 contains users:
Jim | Tim
The nested AD Group Role2 contains users:
Jon | Ron
Is there a way to return all users from the top level group App_Role, while also searching through the nested groups? Ultimately, the search filter should return:
Joe | Bob | Jim | Tim | Jon | Ron
I've tried playing with
(&(objectClass=Group)(|(cn=*)
(memberOf:1.2.840.113556.1.4.1941:.....)
but can't seem to return all users within the nested groups.

This filter will return all the users in the nested groups:
(memberOf:1.2.840.113556.1.4.1941:=CN=App_Role,OU=Groups,DC=YOURDOMAIN,DC=NET)
You must use the Fully Distinguished Name of the group.
Remember, that these LDAP_MATCHING_RULE_IN_CHAIN type searches may fail if there are too many nested groups of the search for some other reason takes a long time to perform.

Related

Using Flatten to select where var1 (non-repeated) = “abc” from a bigquery table which contains multiple nested variables?

I'm fairly new to BigQuery (3rd day of using it with no training), I'm just trying to get my head around nested fields etc.
I've looked at the following resources and used the personsdata example on the google bigquery docs link
https://cloud.google.com/bigquery/docs/data
https://chartio.com/resources/tutorials/how-to-flatten-data-using-google-bigquerys-legacy-vs-standard-sql/
I'd like to run the below query:
select *
from [dataset.tableid]
where fullname = 'John Doe'
If I run this, I get the following error:
Error: Cannot output multiple independently repeated fields at the same time. Found children_age and citiesLived_place
From reading the above articles this isn't possible because you need to flatten the results, which from what I can understand just duplicates all the none repeated variables i.e.
Fullname | age | gender | Children.name | children.age
John Doe | 22 | Male | John | 5
John Doe | 22 | Male | Jane | 7
One of the above articles suggests that you can still use the where statements by using the flatten function in bigquery:
select fullname,
age,
gender,
citiesLived.place
FROM (FLATTEN([dataset.tableId], children))
WHERE
(citiesLived.yearLived > 1995) AND
(children.age > 3)
GROUP BY fullName, age, gender, citiesLived.place
If I change this to:
select *
FROM (FLATTEN([dataset.tableId], children))
WHERE fullname = 'John Doe'
Then this works fine and gives me what I need however if I change to this:
select *
FROM (FLATTEN([dataset.tableId], citieslived))
WHERE fullname = 'John Doe'
Then I get the following error:
Error: Cannot output multiple independently repeated fields at the same time. Found children_age and citiesLived_yearsLived
Can someone explain why this will work flattening based on "Children" but not "CitiesLived" and how to know what variables to use within flatten with more complex datasets with multiple nested variables?
Thank you in advance
Can someone explain why this will work flattening based on "Children" but not "CitiesLived"
Check schema of this table again
Schema
-----------------------------------
|- kind: STRING
|- fullName: STRING (required)
|- age: INTEGER
|- gender: STRING
+- phoneNumber: RECORD
| |- areaCode: INTEGER
| |- number: INTEGER
+- children: RECORD (repeated)
| |- name: STRING
| |- gender: STRING
| |- age: INTEGER
+- citiesLived: RECORD (repeated)
| |- place: STRING
| +- yearsLived: INTEGER (repeated)
As you can see - when you flatten children repeated record – the only repeated record that is left for output is citiesLived and even though it has inside it yet another repeated field – yearsLived – they are not independent – thus BigQuery Legacy SQL can output result
Now, when you flatten by citiesLived – what you get in result are two repeated fileds - children and yearsLived. Those two are independent - thus BigQuery Legacy SQL cannot output such result.
how to know what variables to use within flatten with more complex datasets with multiple nested variables?
To make it work - you should add yet another flattening with (for example) yearsLived filed. Something like below
FROM (FLATTEN(FLATTEN([dataset.tableId], citieslived), yearsLived))
Adding all those multiple FLATTENs can become cumbersome so using BigQuery Standard SQL is really the way to go!
See Migrating from Legacy SQL to BigQuery Standard SQL
If you run this query:
SELECT
*
FROM
(FLATTEN((FLATTEN(([project_id:dataset_id.table]), citiesLived.yearsLived)), citiesLived))
It will flatten as expected.
When using the Legacy SQL, BQ tries to flatten automatically the results for you.
What I have noticed though is that if you try to flatten repeated fields that have other repeated fields inside then sometimes you might run into these errors (notice that the fields citiesLived and citiesLived.yearsLived are both repeated).
So one way to solve that is by forcing the flatten operation on all repeated fields you want to work with (in the example I showed you I first flattened the yearsLived and then citiesLived) and not relying on the automatic flattening operation that the Legacy SQL offers.
But what I strongly recommend and encourage you to do is to learn the Standard SQL version for BQ as Elliot suggested in his comment. It might have a steeper learning curve at first but it will totally pay off in the long run (and you won't have the risk of eventually having to migrate all your legacy queries to standard as we had to do in our company)

Querying Shared Drive Permissions Hierarchy with Conditons in PowerBI

My Original Data Structure Looks like this:
ID SecurityGroups_CLEAN EDIT_Drive.1 EDIT_Drive.2 READ_Drive.1 READ_Drive.2 DENY_Drive.1 DENY_Drive.2 DENY_Drive.3 Fullname_CLEAN
15 HighStaff L Drive null null null null null null Smith, John
17 Foreign_National null null null null L Drive M Drive Q Drive Smith, John
23 Domain Users U Drive 2 null L Drive Q Drive null null null Smith, John
After some transforming, filtering, pivoting, deleting columns etc... I've managed to get it to look like this....
Fullname_CLEAN Drive Count Permissions
Smith, John L Drive 3 DENY_Drive.1
Smith, John L Drive 3 EDIT_Drive.1
Smith, John L Drive 3 READ_Drive.1
Smith, John M Drive 1 DENY_Drive.2
Smith, John Q Drive 2 DENY_Drive.3
Smith, John Q Drive 2 READ_Drive.2
Smith, John U Drive 2 1 EDIT_Drive.1
Basically, I need to apply the following logic to summarize a users drive level permissions.
If a user belongs to a security group that has Deny permissions on a drive then regardless if another user group gives them Read or Edit permissions on this same drive their permission level is Deny.
If a user belongs to a security group that has Edit permissions on a drive then regardless of another user group gives them Read permissions on the same drive their permission level is Edit.
If a user belongs to a security group that has Read permissions on a drive then their Permission level is Read.
For a Final Output of:
Fullname_CLEAN Drive Permissions
Smith, John L Drive Deny
Smith, John M Drive Deny
Smith, John Q Drive Deny
Smith, John U Drive 2 Edit
Now, I realize that because of my sort and pure-ABC-coincidence I could just take the "min of an aggregated column" after grouping name and drive letter because Deny comes before Edit which comes before Read and this would mirror my conditions. However, I was hoping to learn the "right" way to do it.
Personally for this scenario I would leave it to ABC sort as there are fixed set of inputs and they already sort as required.
If you are imagining a different scenario or different inputs, then I would Add a Custom/Calculated Column with an "if ... then ... else if ..." statement that returns numeric equivalents, e.g.
= if [Permissions] = "Deny" then 0 else if [Permissions] = "Edit" then 1 else if [Permissions] = "Read" then 2 else 999

How “filter” a input select with table data in cakephp

I have a doubt with Cakephp 3 querys/filters.
I have a database with tables: Groups, Users, Posts and Relations.
Groups contains : id and name
Users contains : id, name and group_id
Relations contains : id, user_id, group_id
Posts contains : id, title, message, user_id, group_id
So, when a user gonna add a post, I need to make a "filter" which display in field " group_id " ONLY groups that is registered to him in relations.
-
Well, to explain I made a example:
Groups:
id | name
1 - SEO
2 - P1
3 - P2
4 - P3
Users:
id | name | group_id
1 - John - 1 (SEO)
2 - Mariah - 2 (P1)
3 - Peter - 3 (P2)
Relations:
id | user_id | group_id
1 - 1 (John) - 2 (P1)
2 - 1 (John) - 3 (P2)
That is, table relations is saying: John can make posts for groups P1 and P2.
My problem is right here.
In " VIEW ADD POST", how I filter the results of input select 'groups' for display only groups is registered for the logged user.
And other, I need to make a Validator also, right?
PS: Sorry for my english, I'm learning.
It is like that you are asking about passing the logged in user to the model layer, If I am right then you just need to read and use Footprint plugin.
Footprint: CakePHP plugin to allow passing currently logged in user to model layer
When this plugin is loaded and configured for postsTable, then you will simply modify the posts query with beforeFind event using the passed logged in user.

How to make a blank database for every registered user in ASP MVC4?

How to make a blank database for every registered user or it is already implemented in ASP MVC4? Will they have different databases? For example, in an application, which stores contacts, I would like, that different users could create their own contact list.
And if I have ContactsController, which I want only registered users to be edited, should I write something like that?
[Authorize]
public class ContactsController : Controller
EDIT
O thanks Bhushan, I didn't know that User ID will store different data.In Contact table I have ContactId, which is associated with a contact data and it has a primary key, should I add for example UserId in the same Contact table to associate it with registered user ID? And should UserId have primary key?
If I understand your question properly:
different users could create their own contact list
Above task doesn't require a separate database, You can associate Contacts with Users by adding a field ContactOwner or similar name in the Contact table which will store a User ID.
So your contacts table can look like following: (TABLE NAME: CONTACTS)
|ContactID | ContactType | ContactName | ContactOwner |
|0123456789 | MOBILE | Mr. ABC | USER1 |
|email#email.com | EMAIL | Mr. ABC | USER1 |
|0123456789 | MOBILE | Mr. PQR | USER1 |
|0123456789 | MOBILE | Mr. XYZ | USER1 |
|0123456789 | MOBILE | Mr. LMN | USER2 |
|0123456789 | MOBILE | Mr. AAA | USER3 |
So as you can see the sample table above you can identify which ContactID belongs to which User? Or which are the contacts created by which User?
In this case you have to make ContactOwner primary key(Composite key) with other primary key(s), to make sure that one contact can be Owned/Created by multiple Users.
Update 1
To get contacts created by specific user you can write a query like:
Select * from CONTACTS where ContactOwner = 'USER1'
Above query will give you the contacts which are Created/Owned by USER1, and not the ones created by other users. so your result will contain the following records using above query:
|ContactID | ContactType | ContactName | ContactOwner |
|0123456789 | MOBILE | Mr. ABC | USER1 |
|email#email.com | EMAIL | Mr. ABC | USER1 |
|0123456789 | MOBILE | Mr. PQR | USER1 |
|0123456789 | MOBILE | Mr. XYZ | USER1 |
Update 2
Your query will be a dynamic one in which ContactOwner will be the USER who is logged in. This and This might help you to write dynamic query (prepared statement)[Note: since I am a Java developer so I don't know the suitable syntax in C# for writing the dynamic query.]
If you want to have an empty DB for each user, just add as part of the registration process creating new database. you can easily do that with SQL statements (CRATE DATABASE, followed by CREATE TABLE and other create statements to create your schema). you can also use SMO do duplicate existing template databse. you can also create it using entity framework database-first (with few tweaks, like modifying your connection string). BUT, all those options are not recommended for your scenario.
If you want to give each user his contact list, just add to the "Contacts" table "OwnerUserID" column, or something like that, that will have FK relationship to your users table, and will include the user which this row belongs to. In your queries, just filter by this and show each user his own contact list.
This way it'll be much easier for you to manage things and add/modify things in the future. also, working with multiple databases like you asked in your questions will give you a lot of pain, with almost no benefits (in most scenarios).
Best of luck.
FYI, in e.g. SQL Server 2012, the maximum number of databases is 32,767.
Please don't make a new database for every user, it defies basic logic and the point of having relational databases in the first place. Use tables and foreign keys and whatnot.

JPA - how check relations before commit?

Let say that I have complicated user management system. In this scenario User can be in relation with Group(s) and Groups can be in relation with Role(s). Additionally Groups can contains other Groups.
I have assumption that in "account management" case, current user can't lost role which allow do "account management" process. I wonder how will be the best way to implement that use case.
Lets try consider simple scenario:
E.g. in below hierarchy user is connected with our role by groups G3 and G5.
---USER---
| |
G1 G3----
| | |
G2 G5 G6
|
REQUIRED_ROLE
During G3 group edition someone try change G3 group members e.g. to G7 (for simplification wihout roles)
---USER---
| |
G1 G3----
| | |
G2 G7 G6
commit that change will remove "account management" role from user hiererchy and user will not be able to editing accounts.
My only idea is to read all groups and roles into memory and try change manually all dependencies to check if role will be still assigned after commit. But that solution can be source of potential bugs in future and is not elegant.
Does anyone have idea how it can be solved in elegant way?
Because this is a non-trivial use case you can't use regular integrity constraints. You will have to do a pre-commit trigger to scan the hierarchy and determine the the user has the required permission. If not, throw an exception.

Resources