toolbox icon indicating copy to clipboard operation
toolbox copied to clipboard
verified publisher icon royalapplications

Dynamic Folder / Active Directory (Python) - Folder inheritance

Open FlorianHeigl opened this issue 3 years ago • 1 comments

There's a design issue with this script - basically if you want to inherit credentials from the main folder of the document, you can not get that easily. The reason is that this setting would need to be set on the implicitly created dynamic folders. You can put that setting on the top level but not on intermediate folders.

Adding it per host is easy, using the dynamic folder model docs

The following example presents a workaround referencing a credential by name.

def create_connection(object_type, terminal_connection_type, name, host, path):
	connection = {
		"Type": object_type,
		"Name": name,
		"ComputerName": host,
		"Properties": {
			"CredentialMode": 4,
			"CredentialName": "mycred/name"
		}
	}

The real goal would be reached with

  • CredentialMode: 1
  • CredentialFromParent: True
  • CredentialAutologon: True (optional)

It's not possible at the moment due to the fact that intermediate would need to also have that setting. The best logic would be to adhere to the mode that is set in the dynamic folder settings itself and to propagate it down. I don't know how to access that and my brain is already shutting off again trying to think about it

FlorianHeigl avatar May 12 '22 14:05 FlorianHeigl

Hi @FlorianHeigl!

First, you're mixing up rJSON properties with RoyalDocument properties. The documentation you referenced is for the RoyalDocument object model, not rJSON. You can inherit credentials from their parent folder very easily using rJSON's CredentialsFromParent property. Just set this to true and you're done, no other properties needed.

Regarding the specific problem you're facing: The way the script creates folders at the moment makes it impossible to set the folders to inherit credentials. But if you rewrite the script to create folders using the hard method™️ you can configure them to inherit the credentials from their parent folder with CredentialsFromParent, just like for connections.

Then, the only thing left to do is to ensure that the Dynamic Folder itself is configured with the correct credentials so that it can pass them through to the individual connections within.

Hope that helps!

cheers, Felix

lemonmojo avatar May 12 '22 15:05 lemonmojo