Ldap query for Authentication based on AD security group - filter

I've seen a couple of posts here on this topic, but I can't manage to authenticate by users in a group. If I point the path to where a user is, authentication is successful. It's like it "cannot read" inside the group. I'm must be missing something.
my configs are:
$GLOBALS['ldapdsn'] = array(
// primary server MS AD Server
// port 636 is ldaps and port 389 is ldap
array(
'url' => '172.25.20.3',
'port' => '389',
'version' => '3',
'referral' => 'false',
'basedn' => 'CN=RedcapUsers,OU=RedCap,OU=Srv,DC=mydomain,DC=com',
'binddn' => 'CN=RedcapLdap,OU=RedCap,OU=Srv,DC=mydomain,DC=com',
'bindpw' => 'mypass',
'attributes' => array('sAMAccountName'),
'userattr' => 'sAMAccountName',
'userfilter' => '(objectClass=user)',
), //
RedcapUsers is the AD group.
Binding works fine.
I'm pretty new in code writing.

Filter the AD group ( See last line of code) and issue is resolved !
'url' => 'Active Directory ip',
'port' => '636',
'version' => '3',
'referral' => 'false',
'basedn' => 'OU=Users,DC=Ali,DC=local', // Must be exact OU where users are
'binddn' => 'CN=service_redcap,OU=Users,DC=Ali,DC=local', //-- User who give access to AD
'bindpw' => 'myPassword', // ---Password to above user
'attributes' => array('samAccountName'),
'userattr' => 'samAccountName',
'userfilter' => '(memberOf=CN=REDCAP_GROUP,DC=Ali,DC=local)' //-- Users in this group will loging to Redcap

Related

Cannot create payouts: this account has requirements that need to be collected. in Laravel connecting to Stripe

when want to connect to Stripe api to payout blance of my wallet to one customer account card, i faced this prblem.
acctually my laravel codes is:
**$card_obj = $stripe->tokens->create([
'card' => [
'number' => '4000051240000005',
'exp_month' => 8,
'exp_year' => 2023,
'cvc' => '314',
'currency' => 'cad',
],
]);
$account = $stripe->accounts->create([
'type' => 'express',
'country' => 'CA',
'capabilities' => [
'card_payments' => ['requested' => true],
'transfers' => ['requested' => true],
],
'external_account' => $card_obj->id,
]);
$payout = $stripe->payouts->create([
'amount' => 1,
'currency' => 'cad',
], [
'stripe_account' => $account->id,
]);**
and the error that response returned:
enter image description here
You cannot create a Stripe connect account and immediately start creating payouts for it. If you were to retrieve that Account through the API you'd probably see that it has a number of requirements (see api ref) that are still unfulfilled and payouts_enabled (see api ref) is false.
Connect account owners are expected to provide this missing information during the onboarding process (see https://stripe.com/docs/connect/express-accounts for how to implement an onboarding flow), and once payouts_enabled becomes true on the Account you should be able to generate payouts.

Using roles with jwt / zizaco/entrust

In my new Laravel 5.8 app I read next article to use roles with jwt extention :
https://scotch.io/tutorials/role-based-authentication-in-laravel-with-jwt
and in seed I add several roles, like :
\DB::table('roles')->insert(array (
0 =>
array (
'id' => 1,
'name' => 'Admin',
'display_name' => 'Admin',
'description' => 'Administrator. Can do all operations in system',
'created_at' => '2019-04-29 11:03:50',
),
1 =>
array (
'id' => 2,
'name' => 'Manager',
'display_name' => 'Manager. Can do all operations in frontend and CRUD for Hostels/CMS items in Backend',
'description' => 'Manager description...',
'created_at' => '2019-04-29 11:03:50',
),
2 =>
array (
'id' => 3,
'name' => 'Customer',
'display_name' => 'Customer. Can do all operations in frontend',
'description' => 'Customer description...',
'created_at' => '2019-04-29 11:03:50',
),
));
and I see assignRole method, when I need to assign some role to user.
What is unclear for me what for Permissions and “permission_role” data.
Do I need them for my simple app structure? If yes, please provide some examples...
Thanks!
We can't answer your question if you don't specify what your application needs to do. You can have roles without permissions or permissions without roles depending on your application. But if you want the provided tutorial to work you need them.
Permissions are specific actions of a role.
Example Permisson table data:
Permission-id: 1
Permission-name: 'Create Blog Post'
You can assign this permission to a role 'Admin' (Role-id: 1).
Your permission_role table contains the relationship between those two. So for the above example:
permission_role
'permission_id': 1, 'role_id': 1;
Which means that The admin role can 'Create Blog Post' in this case.

how to stop execution of ctp file in cakephp 2.x after validating the url

In my CakePHP application, I have applied Url validations so that admin can access only those actions which are defined for admin and same as with users.
In my application, "surveylist" is the action of admin and when any user directly access that action(surveylist), URL validations work(Unauthorized access msg is displayed).
But below that message ctp file of surveylist executes forcefully and show errors because I have validated URL through the try-catch block and it cannot get the set variables of action.
I want that ctp file should not execute if unauthorize error comes.
My code for surveylist is:-
public function surveylist($pg=null){
try{
if($this->checkPageAccess($this->params['controller'] . '/' . $this->params['action'])){
$this->Paginator->settings = array(
'Survey' => array(
'limit' => 5,
'order' => 'created desc',
'conditions'=>array('is_deleted'=> 0),
'page' => $pg
)
);
$numbers = $this->Paginator->paginate('Survey');
$this->set(compact('numbers'));
}else{
$this->Flash->set(__('Unauthorised access'));
}
}catch(Exception $e){
$this->Flash->set(__($e->getMessage()));
}
}
I don't want the ctp file of surveylist to execute if control comes to else.
Plz, help me out......
Thanx in advance...
I suppose you are using prefix to separate admin and users, if not please do that it is great way to handle and restrict methods.
After doing that you have to make condition to check which prefix(admin, user) is currently active and according that load Auth component and allow action in allow() method of Auth.
Example:
$this->loadComponent('Auth',[
/*'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],*/
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login',
'prefix' => false
],
'authError' => 'You are not authorized to access that location.',
]);
if ($this->request->params['prefix']=='admin') {
// Put actions you want to access to admin in allow method's array
$this->Auth->allow(array('add', 'edit', etc...));
} else if ($this->request->params['prefix']=='user') {
// Put actions you want to access to user in allow method's array
$this->Auth->allow(array('login', 'view', etc...));
}
This way you can restrict actions for particular role.
Hope this helps!

magento community forgot password not working

I have inherited a Magento Community site, at some point in it's history it was upgraded and it seems that one of the upgrades did not successfully run Forgot Password SQL scripts. The rp_token and rp_token_created_at attributes are missing from the eav_attribute table. So right now if you use the forgot password feature and enter in an email address that is in the system Magento throws an error and you get a blank page.
I tried adding these fields in manually but Magento must be doing some extra work behind the scene when adding attributes, so my question is how can I run the upgrade scripts to get this feature working?
The scripts that it looks like did not complete successfully are:
app\\code\\core\\Mage\\Customer\\sql\\customer_setup\\mysql4-upgrade-1.6.0.0-1.6.1.0.php
These attributes are not in the eav_attribute table.
// Add reset password link token attribute
$installer->addAttribute('customer', 'rp_token', array(
'type' => 'varchar',
'input' => 'hidden',
'visible' => false,
'required' => false
));
// Add reset password link token creation date attribute
$installer->addAttribute('customer', 'rp_token_created_at', array(
'type' => 'datetime',
'input' => 'date',
'validate_rules' => 'a:1:{s:16:\"input_validation\";s:4:\"date\";}',
'visible' => false,
'required' => false
));
app\\code\\core\\Mage\\Admin\\sql\\admin_setup\\upgrade-1.6.0.0-1.6.1.0.php
These are not in the admin_user table.
// Add reset password link token column
$installer->getConnection()->addColumn($installer->getTable('admin/user'), 'rp_token', array(
'type' => Varien_Db_Ddl_Table::TYPE_TEXT,
'length' => 256,
'nullable' => true,
'default' => null,
'comment' => 'Reset Password Link Token'
));
// Add reset password link token creation date column
$installer->getConnection()->addColumn($installer->getTable('admin/user'), 'rp_token_created_at', array(
'type' => Varien_Db_Ddl_Table::TYPE_TIMESTAMP,
'nullable' => true,
'default' => null,
'comment' => 'Reset Password Link Token Creation Date'
));'
My best guess is SMTP could have been deactivated. Do let me know if am wrong.

What is the Scope for using Google API Directory Services

I am already using a number of Google API services, such as Calendar and Google+ profiles, but using the Directory services is proving difficult.
Here is the scope I'm declaring in my local_config - everything has been working until I added the final line...
// Definition of service specific values like scopes, oauth token URLs, etc
'services' => array(
'analytics' => array('scope' => 'https://www.googleapis.com/auth/analytics.readonly'),
'calendar' => array(
'scope' => array(
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/calendar.readonly",
)
),
'books' => array('scope' => 'https://www.googleapis.com/auth/books'),
'latitude' => array(
'scope' => array(
'https://www.googleapis.com/auth/latitude.all.best',
'https://www.googleapis.com/auth/latitude.all.city',
)
),
'moderator' => array('scope' => 'https://www.googleapis.com/auth/moderator'),
'oauth2' => array(
'scope' => array(
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
)
),
'plus' => array('scope' => 'https://www.googleapis.com/auth/plus.login'),
'siteVerification' => array('scope' => 'https://www.googleapis.com/auth/siteverification'),
'tasks' => array('scope' => 'https://www.googleapis.com/auth/tasks'),
'urlshortener' => array('scope' => 'https://www.googleapis.com/auth/urlshortener'),
'directory' => array('scope' => 'https://www.googleapis.com/auth/admin')
I have tried a few different combos, but nothing seems to work - here is the error I'm getting...
Some requested scopes were invalid.
{valid=[https://www.googleapis.com/auth/tasks,
https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/userinfo.profile,
https://www.googleapis.com/auth/userinfo.email], invalid=[https://www.googleapis.com/auth/admin]}
I'm trying to pull Group listings at the moment, but I'll need other Admin sdk features later.
Thanks! Let me know if I need to add any more details.
Admin SDK scopes are listed at:
https://developers.google.com/admin-sdk/directory/v1/guides/authorizing

Resources