Why "select current_user" in Apache Kylin always return 'sa'
How to get real user connected and queried kylin?
I tried docker image Kylin v 4.0.1. No matter who is Authorized - "select current_user" always return 'sa'
Related
I have a docker compose file which sets up influxdb.
These are the env variables used-
DOCKER_INFLUXDB_INIT_BUCKET: test
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_ORG: test_org
DOCKER_INFLUXDB_INIT_PASSWORD: test_pass
DOCKER_INFLUXDB_INIT_RETENTION: 1w
DOCKER_INFLUXDB_INIT_USERNAME: test_user
and volumes-
/mount/influxdb:/var/lib/influxdb2
I am able to login using DOCKER_INFLUXDB_INIT_USERNAME and DOCKER_INFLUXDB_INIT_PASSWORD.
The issue is when I execute influx user list it returns an empty table. Same goes for influx org list. Due to this I'm not able to add any users to the test_org or change the password of default user.
Is there any solution to this?
I'm installing a new Jenkins server (let's name it "A") and my LDAP authentication runs into the error
"[LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search"
The LDAP configration is identically to another Jenkins installation (version 1.642.2, let's name it "B") in the same network where LDAP works fine (Due to security reasons, I can't give exact names below)
- Server: ldaps://server.domain:port
- root DN: dc=XXX,dc=com
- User search base: ou=people
- User search filter: uid={0}
- Manager DN: uid=XYZ,ou=people,dc=XXX,dc=com
- Manager Password: ****
Group search base and Group search filte are not defined
The server "A" has currently no openldap2-client package installed. So I can't test on the command line on server "A".
When testing on server "B", the following query returns successfully:
ldapsearch -x -D "uid=XYZ,ou=people,dc=XXX,dc=com" -W -H ldaps://server.domain:port 'uid=myAccount'
Without giving the account to search for
ldapsearch -x -D "uid=XYZ,ou=people,dc=XXX,dc=com" -W -H ldaps://server.domain:port
returns the same error as I get in Jenkins on "A": "[LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search".
This works as expected, indeed.
So I assume, that somehow the User search filter uid={0} in Jenkins "A" isn't interpreted correctly.
I created a new log recorder in Jenkins for the "hudson.security.LDAPSecurityRealm" with priority "All", but it doesn't give more information about the LDAP query.
Any hints what could be wrong here?
Adding the Group Search Base "ou=groups" did the trick!
This is not necessary in Jenkins Vers. 1.642.2 - the Jenkins Version, which is installed on my question's server "B". There everything works fine without this option.
When using the LTS Version 2.263.1 (I forgot to mention the version in my question) it's necessary (in my case) to add the Group Search Base.
Thanks to all the people, who spend some time for reading my post!
Regards!
I have installed influxdb. But in the server every user can login when ther type inlux.
Why is it like that? Is not it a security problem. And how can I solve it?
I want to login with spesific admin user and its admin password.
The "why"
Different databases have used reasonings with minor differences over the years, but basically, it goes like this:
In its most simple install, <insert DBMS here> should just run - for integration tests, simple evaluation purposes etc. We could generate a root/admin/superhoncho user password, but more often than not, this is not going to be changed, and that is a Bad Thing™.
And since nobody sane would run a database in production without authentication and authorisation enabled, providing easy access in the default installation is not a problem anyway, is it?
I tend to agree with this reasoning, though I am off the opinion that in the case the DBMS has authentication and authorisation disabled per default, it should bind to localhost by default, too. You make your DBMS accessible to the outside world, and be it only your company's network? You surely have thought about the implications!
The "how"
Authentication
I am going to use docker to illustrate it and it is quite obvious what you have to do in a non-docker environment.
First, we pull the influxdb docker image and create a default config file in one go:
$ docker run --rm influxdb influxd config > influxdb.conf
Unable to find image 'influxdb:latest' locally
latest: Pulling from library/influxdb
...
Digest: sha256:0aa7fea5336b5e5cc1c80e16062865821ec772e06519c138947ef5ebd9b34907
Status: Downloaded newer image for influxdb:latest
Merging with configuration at: /etc/influxdb/influxdb.conf
Now we change the authentication parameter in the [http] section of our influxdb.conf to true:
...
[http]
auth-enabled = true
...
Next, we start our InfluxDB using this modified config file:
$ docker run -d --name influxdb -p 8086:8086 \
-v $PWD/influxdb.conf:/etc/influxdb/influxdb.conf:ro \
influxdb -config /etc/influxdb/influxdb.conf
1987f962c331d2404a2564bb752d971553b13181dbbbb1e38cf50d345b3191c4
(The hash sum you get will be different.)
Now, we connect to our influxdb and create the admin user
$ docker exec -it influxdb influx
Connected to http://localhost:8086 version 1.7.8
InfluxDB shell version: 1.7.8
> create user admin with password 'secret' with all privileges;
From this point on, credentials are needed for pretty much everything
> show users
ERR: unable to parse authentication credentials
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".
> auth
username: admin
password:
> show users
user admin
---- -----
admin true
Authorization
Simple mnemonic: "Users are granted permissions per database." So, in order to grant something to a user, that user must first exist:
> create user berkancetin with password 'supersecret';
> create database foobar
> grant read on foobar to berkancetin
> show users
user admin
---- -----
admin true
berkancetin false
> show grants for "berkancetin"
database privilege
-------- ---------
foobar READ
Further reading (!!!)
Ignore at your own risk. You. Have. Been. Warned.
InfluxDB authentication
InfluxDB docs on Authorization
We got a problem with the neo4j database. I was running this query, after a minute the docker container stopped and the database needed a to be restarted manually.
start r=relationship(*)
match (s)-[r]->(e)
with s,e,type(r) as typ, tail(collect(r)) as coll
WHERE coll <> []
RETURN COUNT(coll)
The only thing that we see in the logging is a lot of deleted relationships. There is no delete query running. It there something wrong with the db/ can it be fixed? The error message is:
Unable to delete relationship[5146889] since it is already deleted.
Version is 3.1.1
Neo is running on docker (swarm). But only a cluster of 1.
Hi I installed JIRA on a ubuntu box, but I forgot to write down my user/password (I know :/).
Mails are not working because the mail server isn't configured, and I can't access the admin panel.
The DB is a hsqldb db and I only have command line which seems impossible to run query's against.
How can I recover my user/password ?
You can run the HSQL Database Manager by shutting down JIRA, then running the following command:
java -cp /path/to/WEB-INF/lib/hsqldb-1.8.0.5.jar org.hsqldb.util.DatabaseManager \
-user sa \
-url jdbc:hsqldb:/path/to/jira-home/database
...depending on the actual filename of the HSQL jar. The actual JDBC string should be available in JIRA admin somewhere.
This will then allow you to look in the cwd_user table for the user and reset the password as described here:
https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator
You'll be able to see the users with this:
select u.user_name, d.directory_name
from cwd_user u inner join cwd_directory d on u.directory_id = d.id
order by directory_name, user_name;
Then reset the password like this:
update cwd_user
set credential='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ=='
where user_name='some-user-name';
-- new password is 'sphere'
More details on HSQL Database Manager & Atlassian products:
How to access the HSQL Database Manager during Atlassian Confluence add-on development
Accessing HSQL Database Manager