Skip to main content

Hi,

 

Trying to lock down a form so that only Domain Users can access it.

 

I have a Smartobject method on the AD User SMO, but the result is empty if i enter a userid in name.

 

I tried it from the Tester Tool, but if i set the Filter to Name = UserID, the result is blank.

If i take the filter out, it eventually displays all the users in the results, including the one i am wanting to filter on.

 

Obviously the Domain Users is huge, but that shouldn't prevent this from working, especially if i'm using a filter to speed up the process....

 This works ok with other groups where this user is a member, just not the Domain users group

 

Any ideas?

Hi,


 


I tried testing the AD User SMO on my own environment, but there's no issue with it when I specify the userid.


 


Instead of using the AD User, have you tried using the UMUser and UMGroup SMO? These SMOs will search on K2 identity cache instead of performing a direct query to your AD. If a user cannot be found in the cache, K2 should attempt a query to your AD, then populate that user into the identity cache. Its supposed to be faster this way, and gets around some of the restrictions that AD may impose. For exmaple, I have heard about users unable to search using the AD User SMO as their AD  starts blocking K2 the moment K2 starts sending a large number of queries.


Hi,

 

I've already tried the following with NO luck unfortunately:

 

URMUser SMO Find Group Users Method:

1) Set Groupname to domain users

2) labelname to the usual label

3) Filter = Name = Userid of the user

Execution time:  3 Minutes... to get an actual result with the user in it

 

UMUSER SMO Get Group Users Method:

1) Set Groupname to domain users

2) labelname to the usual label

3) Filter = Name = Userid of the user

Execution time:  3 Minutes... to get an actual result with the user in it

 

Surely if the UM SMO are cached data, why is it still taking this long

 

...And this is directly from the K2 Tester Tool

 

 

 

 


Hey Sharpharp1


 


I have attached a document that demonstrates creating a User SmO to return K2's cached group members - just as a reference.   There is also another way to return group members which involves creating a copy of the K2 Management Group SmartObject. 


 


This can be done through Designer by clicking on the Managment Group SmartObject and then clicking 'Save As'. (I have attached a screenshot.) The 'Save As' feature will allow you to create a duplicate Group SmO without the system bindings that would prevent it from being Packaged. After clicking 'Save As', you can change the name of the new SmO and select which category to save it to. 


 


I beleive the Group SmartObject (and new copy)  pull directly from the data source and not the K2 cache. This could cut down on the time it takes to return the group members. 


 


 Edited: Grammer


 



It could be possible to lock down the runtime site in IIS so that only Domain users can access it, I have not tried this but could be possible, the Kb below explains how to do this for Designer but can be applicable for Runtime site as well. This will however lock it down for all runtime forms


 


https://help.k2.com/kb001309


 


HTH


Vernon


 


K2 will not accept any liability for any issues arising from actions taken in respect of the information provided by any forum member


Hi,

 

Thanks KtoZ, i followed the steps to create the new SMO and run it with the tester tool.

In the Tester Tool i entered the Group name: domain users

labelname: usual label,

 

the execute:

 

It's a little faster, but still takes 78 seconds to resolve the name...


Hi,


 


The Domain Users will always slow especially with large domain. The other consideration is, it might not query the latest information from AD. I would avoid it. Perhaps, this blog (K2 Smartforms Runtime Authorization) might help, you can create a K2 role and add the internal K2 group, 'Everyone' group in it.


 


Reply