Is that possible to create session to Active Directory, but apart from domain, url and rootDn use also user and password?
Now I have:
ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn);
But I would like to have something like:
ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn, String adUsername, String adPassword);
Thank you.
Related
We have this PlainAuth function:
func PlainAuth(identity, username, password, host string) Auth
The documentation states the following:
PlainAuth returns an Auth that implements the PLAIN authentication
mechanism as defined in RFC 4616. The returned Auth uses the given
username and password to authenticate to host and act as identity.
Usually identity should be the empty string, to act as username.
For me, this is pretty confusing. What is actually the identity
and what acts as username?
What is really happening when we put an empty string as the first
parameter and what other options can we put there?
I have an active directory that looks a little like this:
gdcmpny.com
|__GoodCompany
|
|__NYC
| |__Users
|
|__SF
|__Users
When a user sends me his username+password, i cant know if he's under NYC/Users or SF/Users. Is there a way to compound a string like this:
CN=Users,OU=%s,OU=GoodCompany,DC=gdcmpny,DC=com
so the ldap request will look in both NYC/Users and SF/Users? Or do I have to specify the exact absolute path?I am using Go to send the request, with the package github.com/jtblin/go-ldap-client.Thanks!
Unfortunately not on Microsoft Active Directory.
There is a thing called ExtensibleMatch, but not supported on Microsoft Active Directory.
-jim
You do not need to use the fully qualified DN for LDAP binds against an Active Directory server. You can use sAMAccountName and userPrincipalName values to authenticate to AD LDAP... provided you've got a single tree in a single forest, these are formed by concatenating the user-provided logon ID with a string.
For the AD domain gdcmpny.com with legacy domain name GDCMPNY, the user with logon ID MyUserName has userPrincipalName MyUserName#gdcmpny.com and sAMAccountName of GDCMPNY\MyUserName regardless of where their ID resides within the directory structure.
In cases where you've got multiple domains within the forest and cannot simply know the proper string to add to the user ID, you can bind under a known system credential, search for the user-supplied logon ID, and return the fully qualified DN (FQDN) of the matching entry. Then use the FQDN with the user-supplied password to validate the user's credentials.
string formatting, like:
CN=Users,OU=%s,OU=Goenter code hereodCompany,DC=gdcmpny,DC=com
isn't supported, but I can simply don't specify the whole hierarchy in my request.This is what worked for me:
OU=GoodCompany,DC=gdcmpny,DC=com
I hope this is not a question dealing with passing a parameter in a URL.
I have a Put request. The following code adds a user named "Johndoe" in the server. It is NOT like name ?= 'JohnDoe' (not passed as a parameter)
uri = URI.parse('http://localhost:15672/api/users/JohnDoe/')
I would like to have the JohnDoe or any name passed from a function like,
def test_add_user(username,password)
uri = URI.parse('http://localhost:15672/api/users/**username**/')
The username in the URL is the username getting added as a user in the server. I suppose the username is not a URI parameter since the 'name' part looks like a resource to me. I tried the following code but in vain
uri.join('http://localhost:15672/api/users/',username)
Also I tried this
username = 'john/'
uri.join('http://localhost:15672/api/users/',username)
Any fixes or any alternative ideas as to how I can pass the name?
Regards
Karthik
It could be done by interpolation of username, like this:
uri = URI.parse("http://localhost:15672/api/users/#{username}")
I'm trying to figure out how to view a profile-page in codeigniter. I know how to create templates and so on in CodeIgniter, but I don't know which way to go to handle "translation from username to userid" in a secure manner. This is a profile that should be viewed when the user isn't logged in (public profile).
Code snippet from my profile-controller:
$username = uri_segment(3); //Here's the actual username is stored in the url
$profile = new Profile();
$this->user_id = $profile->getUserByUserName($username);
Above seems ok, right? But when a username contains spaces, the "username-link" gets from "Gustav Wiberg" to "gustav-wiberg" (space replaced by hyphens, and the username is lowercase).
The actual link could look something like this: http://www.domain.com/profile/gustav-wiberg
But if I check this link with uri_segment I get username "gustav-wiberg" and not "Gustav Wiberg" which is the REAL username I want to compare with (by getting the return value of $profile->getUserByUserName($username);.
Am I taking the wrong approach to this? Or is it ok approach based on each username must be unique.
I could just do a replacement from uri_segment "gustav-wiberg" by capitalizing each word and replacing hypens with space and then do my query to check id for that username?
Please give me any pointers...
Either you can put a check while creating the username that there should not be spaces i.e. User can create a URL friendly username.
Or as you mentioned, you can do a replacement from uri_segment. But thinking of different scenarios, this approach can create issues so it seems its better to create a url friendly username.
One more option is you can add one more field in DB along with the username, say "slug". Wherein you can convert the username to URL friendly name and store. And check for that name while retrieving.
I am sending email to user, in that email one link is there to redirect that user to rails application. I want that link to be in encrypted form with domain name for example:
https://www.domain_name.com?hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
when user click on this link, he should directly redirect to controller method we specified in that URL which is not visible.
Controller and methods given in URL may vary according to user.
So my question is how we can do this in rails.
If I encrypt controller name, method name and parameter we passed. How routes file come to know where to redirect this URL? How to decrypt this in routes file and redirect internally to decrypted URL?
Life will be easier if you can do a slight modification to your url, something like:
https://www.domain_name.com/enc/hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
Then you can create a route for that path to redirect where you want.
get '/enc/:encoded_path' => "controller#action"
This would give you access to params[:encoded_path], which would equal hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr in this case. From there, you could decode in the controller and then redirect however you want.
That's not the right approach. Here's what you can do instead:
Create a new controller action, say for instance, activate.
def activate
activation_token = params[:auth_token]
....
your logic to do whatever with this token
end
Create a corresponding route:
match '/activate' => 'your_awesome_controller#activate'
Now, when you email your users, I'm guessing you're sending some sort of activation token. If not, create two new fields in your users table:
activation_token:string
activated:boolean
Use some unique string generation algorithm to generate your activation_token and email it to your user:
yourdomain.com/activate?auth_token=user.activation_token