We use ACLs to grant access to svn repositories. The users/groups are stored in LDAP (openLDAP 2.4 (LDAP3). Does anyone know or used libraries/package (gems) I can use. Basically, I will traverse LDAP DIT and update my svn file based on that.
Connect to ldaps://xxxxxxxxxxx:636
Traverse DIT (subtree based on 'ou')
Read attributes
Write svn ACL file.
That's the high-level overview of what I would need to do. So, my question is regarding ldap package/library that I could use. I have heard of Net::LDAP. I'm very new to Ruby, so, I'm learning it as I go along.
Also, please correct me if I am mistaken. We are using ldaps:// that means when I connect to ldap server, the server will send a certificate. Do I need to do anything special to handle the certificate? Thank you
I have used Ruby/LDAP before, things worked fine with me.
There is a code example that comes with the gem. Also have a look at the documentation.
Related
everyone. I've been following in Github the progression of this issue handling. I think and believe all is OK now. I just need you to tell me what to do in my deployments. I've just installed Clickhouse 21.8.9, and I'm trying to make some tests in order to extract from MongoDB and fill out an aggregatingMergeTree table in Clickhouse. I've been reading a lot of tech doc about Clickhouse possibilities, so I know that is not the only way to accomplish what I want to do. But it's a valid way, so I want to test it. My Clickhouse installation comes from downloaded DEB files (I'm using Ubuntu 20.04 in my laptop). According to some changes I saw in the Clickhouse repo at Github, it seems I might have to re-compile Clickhouse, is that correct? What do you advice me to do? Thanks in advance.
PS: I've just tried in a MongoDB 3.6 and a MongoDB 4.0, the outcome is the same: no admit empty username or cannot authenticate if I use credentials
I need to get response on this URL:
https://[host IP]:8088/api/admin
I tried so many different configs so you might see extra stuff commented out.
I can easily access the web page, the only issue is, I cannot call admin api from application. No response in this regard.
Here are logs and config
https://pastebin.com/42pSg9yN
This is an AWS instance with Ubunutu 16.04
I have tried following this stackoverflow Answer too and also followed the official DOC too.
How to call ejabberd Administrator API
https://docs.ejabberd.im/developer/ejabberd-api/simple-configuration/
If there is anything you need to get a better understanding, Let me know.
I think that your configuration file have some conflicts.
Plus the REST endpoints for admin is "/api" not "/api/admin".
If you have just installed ejaberred, I'll suggest you to do a clean installation using the official linux installer (not apt-get).
The installer is interactive and will generate most of the configurations for you.
Thanks
I am willing to create a private maven repository, where the access rules are not based on groups/patterns, but on completely custom rules. I've checked both nexus and jfrog, both of them keeping the simple user/group/pattern approach. And (AFAICS), although they provide custom ways to authenticate, they don't provide a was for custom access rules.
For this reason I have started thinking the opposite: what if I can create a simple repository with my custom rules. But when I searched in the Apache documentation, there was no clear explanation how authentication is performed on the back side.
Does anyone knows how this is done, and maybe point me to the correct documentation?
Authentication is done by HTTP Basic Authentication which basically concats the username and password and base64 encodes that. So Maven and Apache do understand each other.
But out of the box the Apache authorization is based on, you guessed, it. Directories (which represent Maven's artifact groups), username and groups. So unless you are willing to write a custom Apache model you won't gain a lot. Probably IP based access control can be done with Apache alone better than with Nexus/JFrog but I haven't looked at the authentication settings for ages.
In Artifactory what you can do, in order to achieve what you mentioned, is to create permission target per user. Meaning that all of your Maven users will deploy to the same repository BUT each to a different name space. For example, 'com/{company}/{project}/' (please replace the company and project with real values)
This is done on the permission target using the 'Include Pattern' so let's say that my company name is JFrog, and I'm working on a project named 'artifactory' I will have a permission target with the following include pattern '/com/jfrog/artifactory/**/*'.
You can also create those permission targets using a script that will automate it for you using this REST API.
That means that I will only be able to reach this namespace.
Does that help?
I would just like to ask if anybody here has run Turbogears2 from an Amazon EC2 instance. I've been looking for a way to do it, but so far searching the Web hasn't given me anything I could use as an example. I did see one here:
http://codersbuffet.blogspot.com/2010/05/announcing-turbpgears-ec2-images.html
Though I think the person used an earlier version of TG in his post.
I thought it would be as simple as changing the host parameter in the development.ini, but that did not work. I've also tried connecting to the instance with the -L option for ssh, but it did not work as well (I did this approach for web2py way back, and it worked).
I'm wondering if I need to configure some file somewhere in the TG2 application. I've also tried searching the TG2 documentation. Either I'm not using the right keywords, or I'm just not getting the right results.
Thanks in advance for any help!
DM
By itself EC2 doesn't provide a platform, you can freely choose a deploy environment from mod_wsgi, circus, gunicorn or whatever your prefer. It's not strictly a TurboGears problem, it can be deployed like any other WSGI application.
There are some tutorial for a step by step deploy on Apache+mod_wsgi and Circus+chausette on the TurboGears documentation, you can find them here: http://turbogears.readthedocs.org/en/latest/cookbook/deploy/index.html
Avoid deploying on gearbox+wsgiref because it is not meant for production usage, if you want to use gearbox I suggest you give a try to waitress
Is it possible to create a new user in sonar without using the web interface?
I need to write a script that inserts the same users for some tools, including sonar.
There are three ways you can do this:
Write directly to the database (there is a simple table called users).
Use the LDAP plugin, if you specify sonar.authenticator.createUsers: true in sonar.properties, it will create the users in the sonar database automatically the first time they authenticate.
Write a java application that depends on the sonar plugin API, you can then use constructor injection to get a Sonar hibernate session and persist the user you want. See Here.
Since SonarQube version 3.6, there is support for user management in webservice API:
https://sonarqube.com/web_api/api/users
http://docs.sonarqube.org/display/DEV/Web+API
The web service API does not seem to support user management. Anything's possible, but it doesn't look like this is offered directly via Sonar.
You could probably use some web automation library (webbrowser, webunit, watir, twill) to do it through the running server; it might even be possible to just use something like 'curl' by looking carefully at the page source for the users/create form.
Or, if you want to go straight to the database, you could try to pull out the user creation functionality from the code and mess with the sonar.users table directly.
There is the LDAP Plugin, which would take care of authentication, but it still requires you to create the users in Sonar, so that wouldn't solve your problem.