6 Replies Latest reply on Oct 23, 2009 5:25 PM by disabled_menno

    How do I find out the Account name of a user when Externally Authenticated

    allotrope

      Title

      How do I find out the Account name of a user when Externally Authenticated

      Your post

      I've successfully configured my server to authenticate externally (AD). How do I find out the Account name of a user when Externally Authenticated? According to the docs Get(Account Name) returns the name of the user when they are externally authenticated, what it fails to do is explain how to get the Account that the user belongs to. ie John Smith belongs to the Account Group "Accounting" which function do I use to return "Accounting" .

        • 1. Re: How do I find out the Account name of a user when Externally Authenticated
          Kundinger
            
           
          Hi "allotrope", 
           
           
          You can 'get' the name of the "currently authenticated user account name" and the "currently authenticated user's privilege set"...
           
          Use a calc field or calc script to 'return' the results of...
           
             - Get ( AccountName )
           
             - Get ( PrivilegeSetName ) 
           
          These two functions work with 'internal' "FileMaker" and "Externally Authenticated" accounts.
           
           
          FYI...
           
          All 'internal' "FileMaker" accounts are created and managed within each single FMP DB file.  All "Externally Authenticated" accounts are created and managed on an LDAP 'directory server' such as Apple's Open Directory or Microsoft's Active Directory servers.
           
          Privilege sets are created and managed within each single FMP DB file.  Each privilege set manages the type of capabilities the user of the privilege set will allow a them perform within a FMP DB file.
           
          Once 'internal' accounts are created, they MUST be assigned to a FileMaker "Privilege Set".  Once 'external' accounts are created, they MUST be assigned to a group on the directory system.  In turn, the FileMaker "Privilege Set" MUST use this group name. 
           
           
          Recommendations...
           
           - to prevent accidental changes to the design, structure and security of a FMP DB File, always utilize privilege sets
           - for security and logging purposes, always use one 'account' per individual user of a FMP DB file 
           - for security, always use passwords with user accounts 
           - for simplicity of managing numerous users, groups and privilege sets, utilize a 'directory system'
           - if utilizing Apple's Open Directory to manage users and groups, use the Workgroup Manager tool...
               - create a 'Workgroup'
               - assign the appropriate users to this Workgroup
               - WARNING...  the FMP Privilege Set's Group name MUST MATCH the Open Directory Workgroup "shortname" 
           - if utilizing Microsoft's Active Directory to manage users and groups, use the Active Directory Users & Computer tool...
               - create a 'Security Group'
               - assign the appropriate users to this Security Group
               - WARNING...  the FMP Privilege Set's Group name MUST MATCH the Active Directory Security Group "Full Name" 
           
           
           
          I hope this helps you and any other interested readers... Good Luck!!!

          Kundinger 
             

          • 2. Re: How do I find out the Account name of a user when Externally Authenticated
            allotrope
              

            Hi Kundinger,

             

            I had already came to same the conclusion, thanks for the reply none the less. Now to wrap my mind around figuring out the minutia of tweaking privilege sets.

            • 3. Re: How do I find out the Account name of a user when Externally Authenticated
              jyajj
                

              I need help on figuring out how to setup the Directory Service in Filemaker Server 9 to work with my companies LDAP system?

               

              I recived the Directory Entry Point and Server name from my I.S Dept but, I don't quite get how to actually use that in Filemaker?

               

              Does the I.S department have to add a special group to LDAP?

               

               

              I created an externally authenticated account and set the authentication order for it to be authenticated first....I'm not sure what I should name that account though and if that even matters!!!

               

              PLEASE HELPPPPPP!. First time with Filemaker

              • 4. Re: How do I find out the Account name of a user when Externally Authenticated
                  

                So far you have seen (a pretty good) explanation on how to use LDAP to authenticate user to be able to login to your FM databases. You still don't know how to find out which user has logged in. That info might be helpfull however when you generate letters and other stuff. Only using

                Get ( UserName )

                 

                will only give you the username that is entered in the Filemaker Preferences, but not the name of the user in the Active Directory / LDAP. If you use:

                 

                Get ( DesktopPath )

                 

                 will give you something like:

                 

                /C:/Documents and Settings/TheLDAPusername/Desktop/

                 in windows and in MacOSX you get something similar. From here it is easy to filter the username.

                 

                regards, Menno

                 

                 

                 

                • 5. Re: How do I find out the Account name of a user when Externally Authenticated
                  liuxing333
                     When I use FMP to access the database, get(DesktopPath) can display:

                  '/C:/Documents and Settings/TheLDAPusername/Desktop/',

                   

                  But when I use IE browser to access the database, get(DesktopPath) only display:

                  '/C:/Documents and Settings/Default User/Desktop/',

                   

                  but not the name of the user in the Active Directory / LDAP. What are the reasons? 

                   

                   

                  • 6. Re: How do I find out the Account name of a user when Externally Authenticated
                      

                    If the answer: 

                    '/C:/Documents and Settings/TheLDAPusername/Desktop/',

                     does not contain the username in the Ldap directory, you maybe work in a network with LDAP running somewhere but your computer is not member in the domain and LDAP is not used to authenticate you as user on your PC.

                     Also differences can occur when an account becomes "broken" the username may be represented as UserName.local or UserName.domainname or UserName.000.

                     

                    It all depends on how you have configured your PC, your server and your domain. With my answer I assumed that you had LDAP / Active Directory / a Windows-Domain which authenticates network-access as well as local computer access, which is useually the case in businesses, government, etc.