Jump to content

Add Active Directory Security Group API causes duplicates


Steve
 Share

Recommended Posts

Currently, there is only a single API available in relation to AD Security Groups, and it simply allows Add.

 

Currently, if you ask it to add a group, it does so, regardless of whether the group already exists, thus creating multiple entries in PasswordState.

 

Since there can be no valid reason for the same group (who's membership is managed externally) to exist in PasswordState multiple times, I would consider this an error and simply confusing to users.

 

Since there is no available API to query whether a group already exists, it makes it difficult to determine whether to add the group or not.

 

I can think of some possibilities:

-  Add a query to determine if a group exists

- add an "Ignore duplicates" flag to the Add method

- add a fail on duplicate flag to the Add method

 

Using a flag could allow the attempted add to do the ad sync it says it currently does , and thus could be used to notify PasswordState that the group has been changed and a refresh is needed.

 

Currently, an equivalent sync is only available via the Password Reset Portal, and not available if this component is not installed.

 

 

Link to comment
Share on other sites

Hi Steve,

 

We have no validation for this in the API, and this is by design - we naturally assume customers would not add the same Security Group in more than once, like many other calls in the API.

If you need any changes to the API, can we please ask you log a feature request for this.

Thanks very muchh.

Regards

Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...