I want to make a control invisible for users of only 1 group. All users of other groups have the right to access this field.
I know how to do the opposite, that is to say, restrict access to the field to 1 group. But this way the list will be very long if I have to put all the groups. Is there a simple method, preferably with Odoo Studio?
Thanks in advance !
You can precede the group's external ID by !, for example:
groups="!website.group_multi_website"
The user_has_groups method (which is used to apply the groups) will return True if the current user is a member of one of the given groups not preceded by ! and is not member of any of the groups preceded by !
Related
My question is very similar to how to get groups of a user in ldap but I want to be able to search a group whose member has attribute foo with value bar
ie, from the previous question instead of doing (&(objectClass=groupOfNames)(member=cn=root,ou=django,dc=openldap))
I want to do something like
(&(objectClass=groupOfNames)(member=sn=bar))
but it seems only the full DN can be used for such query. Is there another way to find groups for user matching a pattern?
Since memberOf is available to you, you can search for the users instead of the groups:
(&(objectClass=person)(sn=bar))
(You might have to change the objectClass depending on what it is for users. I'm used to Active Directory, not OpenLDAP.)
Then you can read the memberOf attribute of the users you find.
Update: If you just want to find members of that group with that attribute then you can do it in one query by using memberOf in the query, and looking for the DN of the group:
(&(objectClass=person)(sn=bar)(memberOf=CN=MyGroup,DC=whatever))
New to LDAP. The way our LDAP is arranged is People and groups. The people have user information such as name, uid, and mail. The groups have group name and multiple member field which has value like cn=First Last,cn=people,dc=comic,dc=com, listing the People that are members of the group.
Currently starting with userid and password, doing two searches:
1) Get user by searching on People base domain on uid=value. Then from the user get the first and last name.
2) Search on Groups base domain based on member=cn=First Last,cn=People,dc=comic,dc=com and iterate over the list of group objects returned to the group name field.
Am just wondering is there way to do all this in one search or are two searches necessary?
Unfortunately you cannot do what would like in one operation.
Also, what you are doing will not always work. Instead of retrieving the users first and last name you should retrieve their distinguished name (dn attribute) and do your group search based on that. First and last names can be modified within LDAP and can happen due to marriage / divorce / etc.
It is possible, provided that you implement a Reverse Group Membership Maintenance Overlay.
To determine which groups an entry is a member of without performing extra searches, the memberOf overlay is exactly what you need.
The memberof overlay updates an attribute (by default memberOf)
whenever changes occur to the membership attribute (by default member)
of entries of the objectclass (by default groupOfNames) configured to
trigger updates. Thus, it provides maintenance of the list of groups
an entry is a member of, when usual maintenance of groups is done by
modifying the members on the group entry.
You may find this Server Fault post useful for a how to.
Once you have memberOf attribute ready to be used, you may have to run ldapmodify manually on each group entries, but just once, so that all members entries can be provisioned with the corresponding group dn in their respective memberOf attribute.
Finally, to perform a group membership search for a given user, you would just search for the user entry and iterate the memberOf attribute to get group dn's.
e. The issue i am facing is that i need to show a field to multiple user groups. I know how to show field to one group
<field name="received_qty" groups="base.test_group" string="Total Received Quantity"/>
but i want to show this field to multiple groups (suppose :'base.group1','base.group2') and then it should be hidden from all other groups which are not listed here
Using , operator we can give groups name in field as many as we want.
For example:
groups="base.test_group,base.test_group1,base.test_group2"
It's combination of module_name.xml_group_id. Field can be visible for those User who has group checked.
I am new to openLDAP.
When I create a new user (generic user), there is a field GID number.
Can somebody explain what this field means?
Does this number needs to be unique? I can select between my posixGroups.
I have the same posixgroups in each country (OU): users, admin, linux.
When I have the list of posixGroups in the GIDnumber, there I cannot see which group from which ou I need to select? How can I solve this?
When you select a posixsgroup for a new user. When I go to that selected group, how can I see that the new user is a member of that group?
Kr,
Joeri
With the gidNumber-attribute you can set the primary group of a user. That group will be used for instance when the user creates a file in a unix-like filesystem in that the file will belong to that group. And it doesn't need to be unique.
As you created the same group names under different subtrees there is no easy way to differentiate between those equally named groups. Easiest solution would be to rename those groups to include a hint to the subtree. But to be honest Personally I'd see whether it is necessary to have the same group in different subtrees and try to consilidate that to only three groups.
I'm trying to make an LDAP query, to get a list from all my groups/members. I can't figure out how can i do this. All my tries were unsuccesfull.
My "AD tree": mydomain.local/Mybusiness/Distribution Groups/ here are my groups
I tried with somethin' like this:
(objectCategory=user)
(memberOf=CN=Distribution Groups,OU=Mybusiness,DC=mydomain.local,DC=com)
I appreciate if somebody could help me to write an ldap query, which gives a list with my groups and the members of this groups.
The query should be:
(&(objectCategory=user)(memberOf=CN=Distribution Groups,OU=Mybusiness,DC=mydomain.local,DC=com))
You missed & and ()
Active Directory does not store the group membership on user objects. It only stores the Member list on the group. The tools show the group membership on user objects by doing queries for it.
How about:
(&(objectClass=group)(member=cn=my,ou=full,dc=domain))
(You forgot the (& ) bit in your example in the question as well).
The good way to get all the members from a group is to, make the DN of the group as the searchDN and pass the "member" as attribute to get in the search function. All of the members of the group can now be found by going through the attribute values returned by the search.
The filter can be made generic like (objectclass=*).