I have an active directory that looks a little like this:
gdcmpny.com
|__GoodCompany
|
|__NYC
| |__Users
|
|__SF
|__Users
When a user sends me his username+password, i cant know if he's under NYC/Users or SF/Users. Is there a way to compound a string like this:
CN=Users,OU=%s,OU=GoodCompany,DC=gdcmpny,DC=com
so the ldap request will look in both NYC/Users and SF/Users? Or do I have to specify the exact absolute path?I am using Go to send the request, with the package github.com/jtblin/go-ldap-client.Thanks!
Unfortunately not on Microsoft Active Directory.
There is a thing called ExtensibleMatch, but not supported on Microsoft Active Directory.
-jim
You do not need to use the fully qualified DN for LDAP binds against an Active Directory server. You can use sAMAccountName and userPrincipalName values to authenticate to AD LDAP... provided you've got a single tree in a single forest, these are formed by concatenating the user-provided logon ID with a string.
For the AD domain gdcmpny.com with legacy domain name GDCMPNY, the user with logon ID MyUserName has userPrincipalName MyUserName#gdcmpny.com and sAMAccountName of GDCMPNY\MyUserName regardless of where their ID resides within the directory structure.
In cases where you've got multiple domains within the forest and cannot simply know the proper string to add to the user ID, you can bind under a known system credential, search for the user-supplied logon ID, and return the fully qualified DN (FQDN) of the matching entry. Then use the FQDN with the user-supplied password to validate the user's credentials.
string formatting, like:
CN=Users,OU=%s,OU=Goenter code hereodCompany,DC=gdcmpny,DC=com
isn't supported, but I can simply don't specify the whole hierarchy in my request.This is what worked for me:
OU=GoodCompany,DC=gdcmpny,DC=com
Related
I need to call CreateProcessWithLogonW, for which I need to pass builtin account name (say Administrator). The problem is that builtin account names are localized. For example in French its "Administrateur" and when I pass "Administrator" to the function, it returns ERROR_LOGON_FAILURE.
In order to get a builtin account name, I can pass its SID to LookupAccountBySid. Pretty easy. The problem is that, according to this, the SID I need to pass is following:
S-1-5-21domain-500
How do I get the domain part?
I found this code, but in order to get current user's SID (from where I could get the domain part), it calls chain of functions including OpenProcessToken, GetTokenInformation, HeapAlloc, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority...
This would be rather insane for getting simple domain string. Is there a shorter way to do this?
This project is something like a social networking site built on codeigniter.
Here my default controller is MyController.php (which loads the login page)
and say my domain is aravind.com
In my application each user will have a unique id.
and what my requirement is, the particular page of the user should get opened when
the unique_id of the user is given immedetily after the domain name.
ie, aravind.com/123 should open the user page whose unique id is 123.
I know this can be acheived by placing a controller and a function in between the
domain and the unique_id, (like : aravind.com/Search_class/search_func/123).
But by doing so the url of the particular user becomes lengthy which is not acceptable.
So I require a logic to sort this issue.
Note:
I have other classes and folders in my controller package, SO the required soln should be
wise enough to diferentiate my classes and folders in the controller package with the UniqueID.
So for differentiating I can say like the classes and folder name will be of continuous String
Where UniqueID starts with an underscore (_).
The same thing is done in facebook, like if we type facebook.com/aravind.pillai.983, it will open my account,
where as if the url goes like facebook.com/settings it will open the settings page for
the user who have an active session.
Set route["404_override"] to one of your custom class (say Search.php).
So wheneven a user tries to enter with an invalid url it will be redirected to Search.php.
Here using $this->uri->segment(1) you will get the value of the first uri segment.
You can write a logic there to identify whether the user entered a valid unique_id or not.
Now you got the uri value in one class (Search.php).
You should use routing where you can set every routes you want. In APPPATH.'config/routes.php' file add this:
$route['(:any)'] = 'Search_class/search_func/$1';
You should read documentation about routing and check other examples.
Also, pay attention that application will always check for Search_class/search_func/$1 in first URI segment so you need to put this rule at the end of routes.php file. Before that rule you need to set other rules like:
$route['about'] = 'pages_c/show/about';
$route['contact'] = 'pages_c/show/contact';
// then after all declared routes, you can set wild card placeholder
$route['(:any)'] = 'Search_class/search_func/$1';
I'm trying to figure out how to view a profile-page in codeigniter. I know how to create templates and so on in CodeIgniter, but I don't know which way to go to handle "translation from username to userid" in a secure manner. This is a profile that should be viewed when the user isn't logged in (public profile).
Code snippet from my profile-controller:
$username = uri_segment(3); //Here's the actual username is stored in the url
$profile = new Profile();
$this->user_id = $profile->getUserByUserName($username);
Above seems ok, right? But when a username contains spaces, the "username-link" gets from "Gustav Wiberg" to "gustav-wiberg" (space replaced by hyphens, and the username is lowercase).
The actual link could look something like this: http://www.domain.com/profile/gustav-wiberg
But if I check this link with uri_segment I get username "gustav-wiberg" and not "Gustav Wiberg" which is the REAL username I want to compare with (by getting the return value of $profile->getUserByUserName($username);.
Am I taking the wrong approach to this? Or is it ok approach based on each username must be unique.
I could just do a replacement from uri_segment "gustav-wiberg" by capitalizing each word and replacing hypens with space and then do my query to check id for that username?
Please give me any pointers...
Either you can put a check while creating the username that there should not be spaces i.e. User can create a URL friendly username.
Or as you mentioned, you can do a replacement from uri_segment. But thinking of different scenarios, this approach can create issues so it seems its better to create a url friendly username.
One more option is you can add one more field in DB along with the username, say "slug". Wherein you can convert the username to URL friendly name and store. And check for that name while retrieving.
For example, I have a field that give user to type their domain, the user can type any domain on this, but I don't valid this domain is belong that user. Of course, I can generate a random number text file for user to upload, and when I get the random number text file, if it is match, I can just treat it as a valid domain holder. But, except from this method, is that anyway to do so? Thanks.
Options I have seen:
Have user Create a Text file in document root, check for it
Send Email to contacts listed in whois (Or other ROLE type accounts (postmaster, hostmaster, etc...), with token they need to
return
Have them create an 'A' record in their DNS that is unique and you can query for.
There really isn't any other way of telling if they have control over the domain. Using whois information isn't 100% accurate as people don't update it, or their info isn't registered to them, or is hidden behind something like domains by proxy. There is no standard information in DNS, that can tell you ownership. Since google uses the DNS method and the text file method (I think), you can probably safely assume that is a good way to verify it.
When working with the Blogger API the user ID is expected to be numeric. I found out my numeric ID by looking at the URL for my Blogger profile page. However, I want my users to be able to use their usual Blogger user name. So:
Is there a way to convert Blogger
user names to numeric user IDs?
Is there a way to pass in user names
instead of IDs to the Blogger API?
Thanks!
It depends on what you are trying to do, but in most use cases you don't need to explicitly know this information because the authToken will take care of resolving these issues for you if you use the default URLs with the API. But, in the interest of providing an answer in case you really do need to know this:
After the user authenticates, just request some information, like the list of blogs, and you'll be able to extract the ID number from your choice of several places in the response.
Not really, except that during login you use the username. Otherwise you need to use either default, assuming an active authToken, or the ID to reference a particular user's Blogger content.