About Users, the new User Provider

About Users, the new User Provider

Hello all

I was doing some "playing around" with the new v6 (installed the Apps, doing tutorials, etc.) when I realized one thing, over the sudden I had nearly 300000 SU's used and 178 users created...

Then I was messing around with the Users eSpace trying to disable some users (which currently it's not possible from the eSpace itself), then went off to the database and set some users to IsActive = False

For my surprise the counter of Users of the system didn't get updated...Is this supposed to be like this? I'm pretty sure that in older versions of the platform when you disabled an user it stopped from being counted as a user (for licensing purposes). Did this change? 

Best regards,
Hi Pedro,

Some of the mechanics of user counting has changed in 6.0 and now you'll have to actually delete the users from the table (rather than just de-activate them) to make them not count against your license limits.

In the case of our Apps, which include numerous users as sample data, we advise people to review the bootstrap actions (i.e. the action that is associated with an When Published timer in espaces called <AppName>Sample) and remove any unecessary sample data creation sections before publishing it in production, so that you don't litter these environments.

Hope this helps,

In line with what Miguel said, there's also a "Delete User" Link in the edit page for each user.
Yes, I do know about the delete, that is hardly the point...

If you have a user that will not ever log back in the system, you can't simply delete it because of history...Thus the IsActive field...And that did work in previous platform versions, the question is why doesn't it work now?

Best regards,
Just a little thing while trying to delete a user in the User eSpace AFTER deleting all the apps from the server:

So if the delete of an eSpace is a operation that's not reversible, why there is still "junk" in the database that doesn't allow me to normally use the platform? 

Another thing: why there isn't an option to delete multiple users? Going through the list, clicking to show, then clicking to edit then clicking to delete each user seems very poor User Experience...

Starting to think that this new User Provider for v6 is the worst idea OS has had in a while...

Best regards,
I'm back again with some Users doubts, maybe anyone can help me out.

Regarding configuration:

The Users configuration allows 3 options to edit:
  • Active Directory,
  • Windows Integrated Authentication
  • Default Domain
Enterprise Manager (in previous platform versions) there were also 3 site properties
  • Ldap_Login
  • IntegratedAuthentication_Login
  • Ldap_Hostname
Are those properties "linked"? The first 2 clearly seem so, the last one it's not clear...

Regarding creation of users:

The User_Login action description says:
"The User_Login action has the following behavior:
1-if found local user with password,
1.1-login with local user;
2-if active directory is on
2.1-if Authentication.ValidateLogin(username,password) is ok
2.1.1-create or update user"

Can we assume that if there is no Password field present in the table for a specific user, that user will be validated against the AD? Or even AD users will have Password filled? In that case how can we differentiate them? In EM there was a field called AuthenticationMode (Site Default, LDAP or Internal) that would specify it...

Since there is a different approach to the count of users of the platform, I plan to only allow the login and consequent creation of users in the platform only if they have a specific role in the Active Directory. How can this be achieved? I've not seen anything that allows us to integrate with the AD for V6 so far.

Since Users is a system eSpace and we can't open/edit it it's not easy to get this questions answered and maybe they're really easy, but I also have not found any documentation for it anywhere...

Best regards,
Hi Pedro,

Some Enterprisemanager configuration help:
  • Ldap_Login - do you wan to use Ldap to validate username passwords
  • Ldap_Hostname - the ldap server you want to use when validating username passwords
  • IntegratedAuthentication_Login - enable integrated authentication in the login page
and User configuration help:
  • Active Directory - use the domain controller (configured in the windows server) to validate username and passwords
  • Default Domain - when validating usernames and passwords against the domain controller, assume this specific domain when not specified (avoid having to type MYDOMAIN\myusername when entering usernames)
  • Windows Integrated Authentication - enable integrated authentication as the default authentication mechanism

Active Directory users don't have the password filled locally to avoid beeing able to login locally without having to validate the password using active directory.
Active Directory users also have a DOMAIN\username as the username. There is no AuthenticationMode property for each user.

To limit the user creation for users with a specific role in the Active Directory you need to customize the users espace, please contact OutSystems support for instructions.
Hello Lúcio.

Thanks for the reply I will contact support to ask about the customization of the Users eSpace...

Best regards,