What is equivalent LDAP attributes for Active Directory - windows

What is equivalent LDAP attributes for Active Directory
I am looking for password using Net::LDAP.
I dont know to how to set the user password using Net::LDAP

Here is a helpful article from Microsoft with some sample code that you might be able to adapt: https://support.microsoft.com/en-us/help/269190/how-to-change-a-windows-active-directory-and-lds-user-password-through
The essential attribute, it seems is: unicodePwd
(a.k.a. Unicode-Pwd
https://msdn.microsoft.com/en-us/library/ms680513(v=vs.85).aspx
)
Also note some cautions and advice from this answer: https://serverfault.com/questions/423345/changing-active-directory-password-over-ldap-using-passwd-ldappasswd-samba
AD attribute names with cross reference of LDAP attribute names
https://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx

Related

Do I need to change the configuration of the admin key after installing APISIX?

After I successfully installed APISIX, I found that the configuration file contains admin key information and all control requests need to contain this credential, do I need to change this configuration? How do I make the change take effect?
for security reasons, we would encourage any users to generate a different API key before using Apache APISIX, please check its documentation[1].
NOTE: API Key is only a string, you can generate a new one in your preferred way. For me, I would use https://www.random.org/strings/.
[1] https://apisix.apache.org/docs/apisix/admin-api/
[2] https://github.com/apache/apisix/blob/master/conf/config.yaml#L46

Active Directory Search query buid

I am trying to find a list of users that are DISABLED ( no locked )
This users must have a home folder mapped and the folder starts with \\userdatasrv\
I manged to find the custom filter for the home folder:
(&(objectCategory=user)(objectClass=user)(homeDirectory=\5c\5cuserdatasrv*))
also I found some examples for disabled users on the internet but I can't make them work together.
Please advise.
Thank you.
I think you should be able to use a search filter that looks something like this:
(&(objectCategory=person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2)(homeDirectory=\5c\5cuserdatasrv*))
Also remember to use objectCategory person. The objectCategory for a user object is not user it is person and objectClass is not enough since computer class is a sublclass of user. objectCategory will give you both user objects and contact objects.
This will only include accounts that are disabled. For more information about using bitwise filters see this page: http://support.microsoft.com/kb/269181

How do I run/call/kickoff an external program (custom code) whenever certain attributes or objects are added or modified in OpenDJ’s database?

How do I run/call/kickoff an external program (custom code) whenever certain attributes or objects are added or modified in OpenDJ’s database?
Here is my real world need. (Feel free to change my thought direction entirely).
Whenever a new email address gets created or changed in the OpenDJ database I want to initiate some java code that does some email verification/validation (send the “click here” link with a token to prove the user owns the email they just signed up with).
I know, I could use OpenIDM/AM to accomplish this but to take this a step further I need to validate other information and other credentials (custom) which users supply that are not supported by OpenIDM/AM suites.
Initiating/calling custom code upon ADD or MODIFY of specific objects and attributes is what I want and would like to know how to accomplish this. Preferably without having to scrape logs.
Please Help.
Chad
OpenDJ has a plugin interface where you can plug Java calls on Add or Modify. A sample of this kind of plugin is the attribute uniqueness which verifies that some attributes have a unique value in the directory.
The plugin interface javadoc can be found here : http://docs.forgerock.org/en/opendj/2.6.0/javadoc/org/opends/server/api/plugin/DirectoryServerPlugin.html

How to filter Google Analytics by actual domain name supplied in GA script?

When using the following snippet in your Google Analytics script
_gaq.push(['_setDomainName', 'www.domainname.com']);
How do I filter my views by this value?
A lot of people suggest to filter by 'Hostname' but this value is from the browser not by the DomainName value above.
I dont think this domain name is available in the UI. This domain name API is used for setting the cookies etc. To do what you want, you should set a custom variable with the value of the domain name that you want.

Grails - access only for object's owner

I'm still working on my first Grails application. This time, my problem is to limit access to some actions for particular users.
Assume users add some object, e.g. books. I would like to give access to edit a book only to admin and the user that added the book. I'm currently using Acegi plugin. I know there is newer version of that plugin, but I'm not sure if it changes anything in my problem.
The second thing is some kind similar. I have a sidebar and there is "Hello ${currentUser.username}. currentUser is a method that returns an instance of currently logged user. But the problem is that I don't have any idea where can I put this message to be able to use it everywhere. Should I put it in some service and include it everywhere? I tried to create an ApplicationController that is extended by all other controllers, but that doesn't seem to work. Have you got any ideas?
Thanks!
Grzegorz
You should use the newer Spring Security Core plugin since it has an ACL add-on plugin that does exactly what you're looking for. See http://grails.org/plugin/spring-security-acl for details.
For the second question, there's a taglib for that. In the Acegi plugin use this:
Hello <g:loggedInUserInfo field="username"/>
(see http://www.grails.org/AcegiSecurity+Plugin+-+Artifacts) and in the Spring Security Core plugin use this:
Hello <sec:username/>
(see the "Security Tags" section of http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/)
For ROLE access you'll just need to specify that a particular ROLE for a particular URL has access to that action. That is if you are using the plugin's RequestMap approach. If you're using the annotation approach, just annotate the action in the controller with:
#Secured(['WHATEVER_ROLE'])
As far as only allowing the user who created the book to edit it, you can pull the user domain out of the authentication with authenticateService.userDomain(), then you can compare that user with the user who created the book (assuming you have some sort of createdBy property on your Book domain.
def loggedInUser = authenticateService.userDomain()
if (book.createdBy.equals(loggedInUser)) {
// allow editing
}
Something like that, anyway.

Resources