Hi Simon, When EDG is configured to use LDAP, EDG delegates the user authentication to the servlet container (Tomcat), which further delegates it to LDAP. The case-insensitivity you describe is an unfortunate aspect of using LDAP, particularly Active Directory. Lately, more customers are using SSO (SAML) for authentication, which gets user information via Assertions from an Identity Provider (IDP), and does not rely on whatever the user types in.
It seems you have found the way to resolve the "duplicate" user via edits to <urn:x-evn-user-data> and change history graphs (.tch), however, as you correctly surmised, this way should only be used with great care. Removing a user is not a common operation, so we don't have a documented procedure. It also has cascading effects when the user to be removed has performed actions on graphs. You would have to edit the change history for every graph the user has touched. We typically use the SPARQL endpoint on the rare occasions where we have to do this internally. Please let us know if you require further assistance. Thanks, -Ken TopQuadrant Support On Mon, Feb 7, 2022 at 1:46 AM Simon Opper < simon.op...@surroundaustralia.com> wrote: > A small update. > > I've found that I can create an ontology that preloads (loads the content > directly not as an import) the <urn:x-evn-user-data> and in fact gives me > direct editing ability to perform CRUD on various aspects of data in the > <urn:x-evn-user-data> tch graph e.g. user names and saved sparql queries. > > So this in principle allows one to delete or update a user account. > > I found this because I have built an administration ontology for EDG > sparql queries and saved searches. > > The question is...... is this dicing with death and poking at things that > may have unintended consequences? > > In the case of saved searches, these appear to work fine and upon adding > them show in all stated graphs. > > However, as per another previous email I've posted about layouts, layouts > require some system registration of some kind. > > Will editing user triples have similar system registration issues ? > > I look forward to your advice. > > Many thanks > > Simon > > > > On Monday, February 7, 2022 at 11:57:39 AM UTC+11 Simon Opper wrote: > >> Hi folks >> >> How do you remove a user from a deployed EDG server instance? >> >> The documentation does not seem to cover this aspect ? >> >> We have had the case where when a user first logged in they used a >> leading capital in their username, however our LDAP authentication used a >> lowercase for their name. >> >> This difference was allowed by EDG. >> >> However next time the user logged in they created a second user login to >> EDG with a lowercase leading name. >> >> This inconsistency wasn't picked up for some time and a mixed use of >> capital vs non-capatial user name was used for governance on a wide range >> of graph assets. >> >> It appears that even after removing one version of username from asset >> governance attributions, that both are still being cached in the system >> triples. This can be seen upon inspecting the trig files in a backup zip. >> >> it is resulting in the governance regime not behaving. >> >> doing bulk permission addition/revocation or even new asset subject areas >> and organisations has not sorted out the conflict. >> >> Yet amongst this, we are simply not clear on how to remove a user from >> the system once a user has logged onto the server ? >> >> Can you please assist with some further documentation? >> >> I have tested approaches of removing the user from the system trig files >> from a backup file and re-deploying this in EDG studio with some success. >> But it seems a fraught and risky option. >> >> We hope however that removing a user would remove all governance and >> workflow data triples related to that user. Is this a possible fix ? >> >> Many thanks in advance >> >> Simon Opper >> >> Chief Data Scientist >> >> Connected Knowledge >> >> >> E simon...@surroundaustralia.com >> >> A Level 9, Nishi Building, 2 Phillip Law Street; NewActon Canberra 2601 >> >> surroundaustralia.com <https://surroundaustralia.com/> >> >> <http://linkedin.com/in/simon-opper-07363278> >> >> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "TopBraid Suite Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to topbraid-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/topbraid-users/ee3a4cea-6311-4bae-be43-5ec51cdddff6n%40googlegroups.com > <https://groups.google.com/d/msgid/topbraid-users/ee3a4cea-6311-4bae-be43-5ec51cdddff6n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TopBraid Suite Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to topbraid-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/topbraid-users/CACA_qpD%3DkRoGpeA-wkVcJAj8DNmAdV0jyrqxUEJ-94GiKQMAwQ%40mail.gmail.com.
