Login vs. User Name; Active Directory; Windows Security
Moderator: SourceGear
-
- Posts: 153
- Joined: Tue Jan 20, 2004 2:28 am
- Location: PDC, Copenhagen Denmark
- Contact:
Login vs. User Name; Active Directory; Windows Security
Each user both have a login and a user name.
It seems that the login is displayed all places (checked out by, history, etc).
But it seems more natural to display the user name these places. And only use the login for (well...) login.
We have chosen to use full name with underscores as login, so at the moment is not a big problem for us. It seems however that if we want to use the active directory facility, we will have to change logins to match the windows logins and retrospectively we will have to realize that they are chosen rather bad.
On the other hand, the active directory facility does not fulfill our wishes anyway. The problem is that you still have to supply the password, and if you want to run scripts you will even have write it somewhere in visible format.
The best solution would be if ordinary Windows Security could be used to establish the identity and rights of the user. I.e. if my Vault account could be tied to my Windows Account, such that when I am this Window user I am also that Vault user.
In this ideal solution it is of course not my Windows login that should be shown in history, status, etc. but my User Name.
It seems that the login is displayed all places (checked out by, history, etc).
But it seems more natural to display the user name these places. And only use the login for (well...) login.
We have chosen to use full name with underscores as login, so at the moment is not a big problem for us. It seems however that if we want to use the active directory facility, we will have to change logins to match the windows logins and retrospectively we will have to realize that they are chosen rather bad.
On the other hand, the active directory facility does not fulfill our wishes anyway. The problem is that you still have to supply the password, and if you want to run scripts you will even have write it somewhere in visible format.
The best solution would be if ordinary Windows Security could be used to establish the identity and rights of the user. I.e. if my Vault account could be tied to my Windows Account, such that when I am this Window user I am also that Vault user.
In this ideal solution it is of course not my Windows login that should be shown in history, status, etc. but my User Name.
Thomas Linder Puls
Visual Prolog www.visual-prolog.com
Visual Prolog www.visual-prolog.com
-
- Posts: 5
- Joined: Thu Oct 30, 2008 1:47 pm
Re: Login vs. User Name; Active Directory; Windows Security
I would like to second the request for using the user name not the login. Our group is in the same situation where we use Windows active directory logins which have been obfuscated to the point we have no way of knowing who they are without looking them up. Couple of ideas that our users have suggested include being able to right click on the login name and get details (i.e. user name) or being able to select whether the login name is displayed or the user name is displayed.
Re: Login vs. User Name; Active Directory; Windows Security
Thanks for the feedback. I've added your vote.
F: 13534
F: 13534
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support
Re: Login vs. User Name; Active Directory; Windows Security
I have a solution to list users from Vault (active or not) and then taking that result into a spreadsheet and running a macro to spin thru it hitting AD to get names, etc. It's not pretty but it does the trick especially when we term employees and they still exist in Vault which uses up a license which could be free'd up. I do this once a month. If interested, I could either post the solution here or email me privately. I'll let the mods decide as I don't want to violate anything.
-Tom
-Tom
Re: Login vs. User Name; Active Directory; Windows Security
So far I don't see anything wrong with the suggestion. Thanks for posting your idea.
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support
Re: Login vs. User Name; Active Directory; Windows Security
Here goes. Run this SQL to get a list of all "active" users in Vault using your favorite SQL tool.
Export/Save results as a CSV fle.
That's the easy part. Now you want to spin thru these ID's against your Active Directory store. Here's how I did it.
Import this csv file into Excel. Now save it as a .xls file. Hit Alt-F11 (brings up VB editor...it pains me too!)
Insert a new module by going up to menu and hitting Insert-->Module
Copy and past following code into the VB editor:
Run it and when done, hit Alt-Q and you should be back to your spreadsheet and if it worked, you should have some names in column B and a "Y" in column C to indicate a "termed" employee at least from an AD perspective.
Note: you have to have read permissions to AD in order for this to work.
HTH, Tom
Code: Select all
use sgvault
SELECT UPPER(login)
FROM tblusers
where active = 1
and CHARINDEX('admin', login) = 0
order by 1
That's the easy part. Now you want to spin thru these ID's against your Active Directory store. Here's how I did it.
Import this csv file into Excel. Now save it as a .xls file. Hit Alt-F11 (brings up VB editor...it pains me too!)
Insert a new module by going up to menu and hitting Insert-->Module
Copy and past following code into the VB editor:
Code: Select all
Sub GetUSerInfo()
Set adConnection = CreateObject("ADODB.Connection")
adConnection.Provider = "ADsDSOObject"
adConnection.Open ("Ads Provider")
Set rsUsers = CreateObject("ADODB.Recordset")
Set objRootDSE = GetObject("LDAP://RootDSE")
For intRow = 2 To Cells(65536, "A").End(xlUp).Row
strNTLogin = Cells(intRow, "A").Value
strFilter = "(&(objectCategory=user)(samAccountName=" & strNTLogin & "))"
strCmd = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & strFilter & ";adsPath;subTree"
Set rsUsers = adConnection.Execute(strCmd)
If rsUsers.EOF = False Then
rsUsers.MoveFirst
While Not rsUsers.EOF
Set objUser = GetObject(rsUsers("adsPath"))
On Error Resume Next
Cells(intRow, "B").Value = objUser.givenName & " " & objUser.sn
rsUsers.MoveNext
Wend
End If
rsUsers.Close
Next
For intRow = 2 To Cells(65536, "A").End(xlUp).Row
strNTLogin = Cells(intRow, "A").Value
strFilter = "(&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(samAccountName=" & strNTLogin & "))"
strCmd = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & strFilter & ";adsPath;subTree"
'create recordset containing all termed AD users
Set rsUsers = adConnection.Execute(strCmd)
If rsUsers.EOF = False Then
rsUsers.MoveFirst
While Not rsUsers.EOF
Set objUser = GetObject(rsUsers("adsPath"))
On Error Resume Next
Cells(intRow, "C").Value = "Y"
rsUsers.MoveNext
Wend
End If
rsUsers.Close
Next
adConnection.Close
End Sub
Note: you have to have read permissions to AD in order for this to work.
HTH, Tom
Re: Login vs. User Name; Active Directory; Windows Security
Thanks for the information.
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support
-
- Posts: 153
- Joined: Tue Jan 20, 2004 2:28 am
- Location: PDC, Copenhagen Denmark
- Contact:
Re: Login vs. User Name; Active Directory; Windows Security
What is the status on this?
Thomas Linder Puls
Visual Prolog www.visual-prolog.com
Visual Prolog www.visual-prolog.com
Re: Login vs. User Name; Active Directory; Windows Security
Feature request F:13534 is still open and has not yet been implemented.
Thanks,
Tonya
Thanks,
Tonya