Uploaded image for project: 'i2b2 Core Software'
  1. i2b2 Core Software
  2. CORE-416

User parameter precedence change (to allow defaults)

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.7.13
    • 1.7.13
    • PM Cell
    • None

    Description

      This change is meant to allowing user params to take precedence over hive params. Currently, it's the other way around.

      Particularly, if you have the situation where you have a large number of users who use an authentication method other than the default basic, but your service account (AGG_SERVICE_ACCOUNT) is using basic then you need to specify a user param for each of your users.

      With this change, you can set default authentication params in pm_hive_params for all users, and then set your service account specifically to be authentication_method = 'BASIC'. May seem like a small change, but it would be very welcome not to need to assign params for each new user at our institution.

      In the process of making this change, I re-organized basic authentication into its own package and removed some code duplication.

      Attachments

        Activity

          jklann Jeffrey Klann created issue -
          jklann Jeffrey Klann made changes -
          Field Original Value New Value
          Status New [ 10000 ] Open [ 1 ]
          jklann Jeffrey Klann made changes -
          Fix Version/s 1.7.13 [ 10902 ]
          jklann Jeffrey Klann made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          jklann Jeffrey Klann made changes -
          Assignee Jeffrey Klann [ jklann ]
          jklann Jeffrey Klann made changes -
          Comment [ Active Directory enables other methods of binding which are more flexible besides just using the distinguished name. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6a5891b8-928e-4b75-a4a5-0e3b77eaca52. This change is to enable binding the the User Principle Name form, which is very convenient when the distinguished names for users is not easily available (OU by department, etc.).

          "For AD DS, the name forms are tried in the order they are listed below. For AD LDS, the name forms are tried in the order below, except that forms marked "Only for AD DS" are not tried, and the User Principal Name (UPN) mapping (the second form below) is tried last.

          The name forms are:

          The DN of the object.

          The user principal name (UPN) of the object. The UPN of an object is either:

              A value of the userPrincipalName attribute of the object, or

              Only for AD DS: The value of the sAMAccountName attribute of the object, followed by a "@" sign, followed by either:

                  The DNS name of a domain in the same forest as the object, or

                  A value in the uPNSuffixes attribute of the Partitions container in the config NC replica." ]
          rm302 Reeta Metta added a comment -
          will not be tested
          rm302 Reeta Metta added a comment - will not be tested

          People

            jklann Jeffrey Klann
            jklann Jeffrey Klann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: