Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic Folder / Active Directory (Python) - Folder inheritance #41

Open
FlorianHeigl opened this issue May 12, 2022 · 1 comment
Open

Dynamic Folder / Active Directory (Python) - Folder inheritance #41

FlorianHeigl opened this issue May 12, 2022 · 1 comment

Comments

@FlorianHeigl
Copy link

FlorianHeigl commented May 12, 2022
edited
Loading

There's a design issue with this script -
basically if you want to inherit credentials from the main folder of the document, you can not get that easily.
The reason is that this setting would need to be set on the implicitly created dynamic folders. You can put that setting on the top level but not on intermediate folders.

Adding it per host is easy, using the dynamic folder model docs

The following example presents a workaround referencing a credential by name.

def create_connection(object_type, terminal_connection_type, name, host, path):
	connection = {
		"Type": object_type,
		"Name": name,
		"ComputerName": host,
		"Properties": {
			"CredentialMode": 4,
			"CredentialName": "mycred/name"
		}
	}

The real goal would be reached with

  • CredentialMode: 1
  • CredentialFromParent: True
  • CredentialAutologon: True (optional)

It's not possible at the moment due to the fact that intermediate would need to also have that setting.
The best logic would be to adhere to the mode that is set in the dynamic folder settings itself and to propagate it down.
I don't know how to access that and my brain is already shutting off again trying to think about it
@lemonmojo
Copy link
Member

lemonmojo commented May 12, 2022
edited
Loading

Hi @FlorianHeigl!

First, you're mixing up rJSON properties with RoyalDocument properties. The documentation you referenced is for the RoyalDocument object model, not rJSON. You can inherit credentials from their parent folder very easily using rJSON's CredentialsFromParent property. Just set this to true and you're done, no other properties needed.

Regarding the specific problem you're facing: The way the script creates folders at the moment makes it impossible to set the folders to inherit credentials. But if you rewrite the script to create folders using the hard method™️ you can configure them to inherit the credentials from their parent folder with CredentialsFromParent, just like for connections.

Then, the only thing left to do is to ensure that the Dynamic Folder itself is configured with the correct credentials so that it can pass them through to the individual connections within.

Hope that helps!

cheers,
Felix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lemonmojo @FlorianHeigl