Develop Reference

How to use ActiveDirectory with Spring-Security LDAP

I'm trying to setup Spring Security for LDAP authentication on my Spring MVC application. I can't seem to get the simple/principal authentication to work with the LdapAuthenticationProvider, so I'm trying to use the ActiveDirectoryLdapAuthenticationProvider, which does it by default.
I get a NameNotFoundException with the detailMessage after the context is created (and I think LDAP bind has occurred), from this line (310 in ActiveDirectoryLdapAuthenticationProvider.java):
return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context,
searchControls, searchRoot, searchFilter,
new Object[] { bindPrincipal });
Error message:
[LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=my,DC=company,DC=com']
The search filter is looking for an object with class "user" with a userPrincipalName equal to the username I authenticated with, and concatenated with the domain name for my domain. For example, "me#my.company.com". The attribute with that value exists, as I can authenticate with JXplorer in this method, and subsequently perform that search to find my user object.
The configuration for my WebSecurityConfigurerAdapter subclass, where I wire in an AuthenticationManagerBuilder, is basically this:
#Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider provider =
new ActiveDirectoryLdapAuthenticationProvider("my.company.com", "LDAPS://ad.my.company.com:636/dc=my,dc=company,dc=com");
provider.setConvertSubErrorCodesToExceptions(true);
auth.authenticationProvider(provider);
}
What is causing the NameNotFoundException? Is this the proper way to configure ActiveDirectory Authentication?

Face palm. The URL of the LDAP server should not include the X.501 domain component part, at least in my directory's case. I guess that makes sense as the first constructor argument is the domain's name (in FQDN style). So the constructor arguments should then be...
new ActiveDirectoryLdapAuthenticationProvider("my.company.com", "ldaps://ad.my.company.com:636");
The error message hinted at this, as the bind completed, but the search failed. The exact error had " NO_OBJECT" as the reason, which was the clue that the search base was off. My originally configured search essentially added the search base (DCs) twice.

No signature of method: groovy.lang.MissingMethodException.makeKey()

I've installed titan-0.5.0-hadoop2 with hbase and elasticsearch support
I've loaded the graph with
g = TitanFactory.open('conf/titan-hbase-es.properties')
==>titangraph[hbase:[127.0.0.1]]
and a then I loaded the test application
GraphOfTheGodsFactory.load(g)
Now when I'm trying to create a new index key with:
g.makeKey('userId').dataType(String.class).indexed(Vertex.class).unique().make()
and I got this error:
No signature of method: groovy.lang.MissingMethodException.makeKey() is applicable for argument types: () values: []
Possible solutions: every(), any()
Display stack trace? [yN]
Can someone help me with this ?
when I want to see the indexed keys I see this
g.getIndexedKeys(Vertex.class)
==>reason
==>age
==>name
==>place

I'm not completely following what you are trying to do. It appears that you loaded Graph of the Gods to g and then you want to add userId as a new property to the schema. If that's right, then i think your syntax is wrong, given the Titan 0.5 API. The method for managing the schema is very different from previous versions. Changes to the schema are performed through the ManagementSystem interface which you can get an instance of through:
mgmt = g.getManagementSystem()
The syntax for adding a property then looks something like:
birthDate = mgmt.makePropertyKey('birthDate').dataType(Long.class).cardinality(Cardinality.SINGLE).make()
mgmt.commit()
Note that g.getIndexKeys(Class) is not the appropriate way to get schema information either. You should use the ManagementSystem for that too.
Please see the documentation here for more information.

Websphere JYTHON Scripting - Get Active Spec ID

Problem:
Attempting to use the JYTHON command below and I cannot retrieve the id of my active specification defined at a node-server level in Websphere. I believe its a syntax issue but I'm not sure what.
Code:
AdminConfig.getid('/Cell:mycell/Node:mynode/Server:myserver/J2CActivationSpec:myActiveSpecName/')
Problem Notes:
I do not get a invalid object error so I believe I have the syntax right but it just cannot find the resource even though it exists.
I am using the AdminConfig.getid() as a way to check if the resource already exists in order to do a modify or a create.
If I use the following code: AdminConfig.getid('/J2CActivationSpec:myActiveSpecName/') it will find it but not if I use a more specific path listed above.
Reference Material:
IBM Documentation

Containment paths are always a little tricky. In my (limited) experience, even if you can trace the path by AdminConfig.parents, you may not always be able to use getid.
Are you restricted to using getid? If not, here are some alternatives that will get you an ActivationSpec at the /Cell/Node/Server level:
Querying using AdminConfig.list
This approach will list the Activation Specifications at the specified scope (in our case, the server), and grab the one that has it's name attribute equal to 'myActiveSpecName'.
server = AdminConfig.getid('/Cell:mycell/Node:mynode/Server:myserver')
activationSpec = ''
for as in AdminConfig.list('J2CActivationSpec', server).splitlines():
if AdminConfig.showAttribute(as, 'name') == 'myActiveSpecName'
activationSpec = as
print 'found it :)'
Using Wildcards
This approah uses AdminConfig.list as well, but with a pattern to narrow down your list. If you know your activation spec's configuration begins with myActiveSpecName, then you can do the following:
activationSpec = AdminConfig.list('J2CActivationSpec', 'myActiveSpecName*')

The specified format name does not support the requested operation. For example, a direct queue format name cannot be deleted

I'm trying to send a message to a queue using a Message object and am getting the error
The specified format name does not support the requested operation. For example, a direct queue format name cannot be deleted.
Here is the code.
Order ord = new Order(new Guid(), "Smith & Smith");
Message orderMessage = new Message(ord);
orderMessage.UseEncryption = true;
orderMessage.EncryptionAlgorithm = EncryptionAlgorithm.Rc2;
orderMessage.Recoverable = true;
orderMessage.Priority = MessagePriority.VeryHigh;
orderMessage.TimeToBeReceived = TimeSpan.FromHours(1);
orderMessage.UseJournalQueue = true;
orderMessage.Body = "Test Encryption";
queue.Send(orderMessage, "Encrypted Order");
Any help with this is appreciated.
Tom

Did you ever solve this? I came across this problem myself and found out I needed to use (just like the error says) a different format name.
The strange thing was that if I set UseAuthentication property using the MQ certificate, then it worked. But if I also wanted to set UseEncryption, then it did not work.
You do not specify your queue/server setup/formats, but I suspect you're trying to send from one machine to another machine's public queue within the same domain, using DIRECT formatname? As the MQ Manager will use the domain AD to lookup the certificate and queue details, it raises an exception as the format name is invalid (not the same as specified in the AD). So instead of using the direct format, use the queue ID to define the formatname. I switched this:
"FormatName:Direct=TCP:111.222.1.22\your_public_queue"
with this:
"FormatName:PUBLIC=7EB2A53C-7593-462C-A568-5A0EFA26D91D"
Now it worked. You can find your queue ID by right-clicking your queue on the receiver machine and then go to Properties->General and see the value specified in field "ID".

I have found that getting the FormatName correct whether public or private in nature will save hours of work. It's incredibly important to understand the setup of each (Public requiring AD and private does not when access remotely). This is a great summary of FormatName.
https://blogs.msdn.microsoft.com/johnbreakwell/2009/02/26/difference-between-path-name-and-format-name-when-accessing-msmq-queues/

One note on this issue, if your queue format name starts this way: "FormatName:Direct=" then you will receive the error "The specified format name does not support the requested operation. For example, a direct queue format name cannot be deleted" if you try to access the queue's QueueName property. Use the queue's FormatName property instead.

net-snmp security name too long: what is the max length of security name

I am configuring net-snmp.
Below is my snmpd.conf:
#com2sec NAME SOURCE COMMUNITY
com2sec sec_localuser_localhost 127.0.0.1 localuser
com2sec sec_testuser_tests.sse.hin.hellomi.com 127.0.0.1 testuser
#group NAME MODEL SECURITY
group grp1 v2c sec_localuser_localhost
group testgroup v2c sec_testuser_tests.sse.hin.hellomi.com
#view NAME TYPE SUBTREE [MASK]
view all included .iso
view iso included .all
#access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
access grp1 "" any noauth exact all - all
access testgroup "" any noauth exact all all all
in the log of messages, I could find the following error:
snmpd.conf: line 6: Error: security name too long
So it means the hostname: tests.sse.hin.hellomi.com is too long
My question is: What is the maximum length for the security name? I tried from google, but I found nothing about the maximum length.
Anyway, I know I can test to find the maximum length, but I just wonder if there is any formal limit on the maximum length.
Thanks!

SECNAME is an internal security identifier it identify a SNMP communauty (you are using localuser it's generaly public or private) comming from a computer (127.0.0.1) so why do you want to map it to a computername.
If you absolutly want to know the limit length, Net-SNMP is open source, so you can grep the error message into the sources.

The limit is the same as an SnmpAdmingString, 32 characters.