View Full Version: Which Ms Adam Object?

LawsonTalk > LSF 9.0 (NEW!!) > Which Ms Adam Object?



Title: Which Ms Adam Object?


georgegraham - March 25, 2008 02:37 PM (GMT)
I can't seem to find where the list of security groups is stored in ADAM. I can see the object container called Groups, which has entries for all of our security groups, and I can see the resources (users). In addition, I see the xref objects for the services (SSOP, EMPLOYEE, etc...).

But what I can't find is where the attribute is stored that keeps the list of groups that a resource has assigned. I see the allowed attribute defined for the resource (zzlwsnattrGroup), but I think I'm expecting to find a comma delimited list of values of the groups defined for the user. I know its there somewhere because it does work in the Security Adminstrator, but I need to be able to do an LDAP query for verification purposes and I can't find where this is stored.

Would anyone know where this is?

Milo - March 28, 2008 07:20 PM (GMT)
I'll attempt to answer your question. You are actually almost there!

You are attempting to see "where the attribute is stored that keeps the list of groups that a resource has assigned" You say, "I'm expecting to find a comma delimited list of values of the groups defined for the user"

Well, it works ALMOST like that. You can find what you are looking for via an LDIF dump. Dump the entire Resources tree. There's one entry per RMID.

Here's a sample LDIF dump of my own Resources tree entry. You are right that you will find "the allowed attribute defined for the resource (zzlwsnattrGroup)" but what you probably missed is that this Groups attribute repeats for every group assigned to the user. One per group assignment. (Yes it makes no sense, but it works.) See below, I bolded the section for Groups. Oh, and BTW, it's exactly the same way for Roles, too. (I use a VBA script to parse out the entire set of data into a .CSV file.)

dn: CN=mtsukrof,OU=resources,O=lwsnrmdata,CN=lwsn,DC=edison
objectClass: top
objectClass: zzlwsnobjlwsnRMResource
objectClass: zzlwsnobjPeople
objectClass: lwsnrmbootRMTopStruct
cn: mtsukrof
distinguishedName: CN=mtsukrof,OU=resources,O=lwsnrmdata,CN=lwsn,DC=edison
instanceType: 4
whenCreated: 20070308194830.0Z
whenChanged: 20080213192455.0Z
uSNCreated: 14149
uSNChanged: 347252
name: mtsukrof
objectGUID:: guftBNgqv0ax5dz1DbqHEw==
objectCategory: CN=lwsnrmbootRMTopStruct,CN=Schema,CN=Configuration,CN={9C5778EA
-2B8C-459C-BC33-C8BB40A5B0ED}
zzlwsnattrAddins: ALLOW
zzlwsnattrEmail: mtsukroff at edisonschools dot com
zzlwsnattrFirstName: Milo
zzlwsnattrGroup: FirstGroup
zzlwsnattrGroup: SecondGroup
zzlwsnattrGroup: THIRD-GROUP
zzlwsnattrGroup: FOURTH-GROUP
zzlwsnattrGroup: YetAnotherGroup
zzlwsnattrGroup: ALL
zzlwsnattrGroup: basiclawson
zzlwsnattrLastName: Tsukroff
zzlwsnattrName: Milo Tsukroff
zzlwsnattrPortalAdmin: YES
zzlwsnattrPortalRole: default.xml
zzlwsnattrProductLine: PROD
zzlwsnattrRole: SuperAdminRole
zzlwsnattrRole: AnotherRole
zzlwsnattrRole: YetAnotherStinkinRole
zzlwsnattrWFUser: 1




Hosted for free by InvisionFree