How to override Kong ldap Auth Plugin configuration? - docker

I am using Kong.yml file with DB less mode for configuring Kong gateway
I have configured ldap-auth plugin for all the services.
We need to authenticate user based on attribute sAMAccountName, so i need to modify kong/plugins/ldap-auth/access.lua file to support attributes
Where can i find below file in docker to modify
kong/plugins/ldap-auth/access.lua
Referred below link
github.com/Kong/kong/pull/5149/commits/d5752f71ff2c7a38b642bebab55f26eb73e286f9

Related

Requiring user password authentication for JMX on ActiveMQ Artemis

Where in the configuration do you enable/disable authentication for JMX in Artemis? In the artemis.profile file I have -Dcom.sun.management.jmxremote.authenticate=false on two instances of Artemis, one on a local VM and one on a remote VM. The local one doesn't require authentication (such as from JConsole) and will fail if I give is the user/password. The remote instance requires authentication, which accepts the user/password I created when setting up Artemis.
Is there another configuration I'm missing?
ActiveMQ Artemis guards JMX calls using role based authentication that leverages Artemis's JAAS plugin support with the login.config file. This is configured via the authorisation element in the management.xml configuration file and can be used to restrict access to attributes and methods on mbeans.

Multiple user authentication for Docker Private Registry running inside Kubernetes

I'm running a docker private registry inside a kubernetes cluster using the standard registry:2 image. The image has basic functionality to provide user authentication using the Apache htpasswd utility.
In my case multiple users need to access the repository and therefore need to setup username passwords for multiple different users. What would be the best approach to implement this.
I got the single user htpsswd based authentication working, but does not seem to find a way to enable auth for multiple users i.e. having proper access control.
The registry is SSL enabled.(TLS at the ingress level)
There are multiple ways this could be done. First of all its possible to have multiple users in the htpasswd file. It was not working with docker becasue docker required the passwords to be hashed using bcrypt algorithm.
Use the -B flag while creating the htpasswd file.
sudo htpasswd -c -B /etc/apache2/.htpasswd <username1>
Another way this could be done, is using nginx authentication annotations.
nginx.ingress.kubernetes.io/auth-url: "url to auth service"
If the service return 200, nginx forwards the request or else returns authentication error response. With this you could have a lot of custom logic as you create and manage the authentication server.

Grafana plugin activation

Is there any way to enable a grafana plugin within its configuration files?
I am using grafana v5 or v4
It looks like you have to login and then click then enable button
I found a workaround for my problem running docker with a volume that would map the default sqlite db for grafana in /var/lib/grafana/grafana.db
this would keep any configuration, dashboard, datasource firstly set up in the web interface
You can use the Zabbix Plugin for Grafana.
You need to install and enable the plugin, then configure the Zabbix datasource:
URL: http://yourserver/zabbix/api_jsonrpc.php
access: proxy or direct, depends on the reachability of Zabbix and grafana servers
username: use a dedicated one, with the required read permissions
And you're ready to create dashboards by referencing groups, applications, hosts and items.
Here you can find the getting starded guide, it's quite complete.
The regexp & templating features are really powerful, I advise to read it carefully.

Jhipster can not select API first development using swagger-codegen

I'm going thru the Jhipster and can't select some option. How could I have it selectable? Why I can't select the 'API first development using swagger-codegen' option?
These are the console steps after running jhipster command:
Check your Internet connection.
If you are using an HTTP proxy, try this command: git config --global url."https://".insteadOf git://
? Which type of application would you like to create? Microservice application
? What is the base name of your application? service1
? As you are running in a microservice architecture, on which port would like your server to run? It should be unique to avoid port conflicts. 8086
? What is your default Java package name? com.comp.abc.service1
? Which service discovery server do you want to use? JHipster Registry (uses Eureka, provides Spring Cloud Config support and monitoring dashboards)
? Which type of authentication would you like to use? JWT authentication (stateless, with a token)
? Which type of database would you like to use? No database
? Would you like to use Maven or Gradle for building the backend? Maven
? Which other technologies would you like to use?
❯◯ API first development using swagger-codegen
◯ Asynchronous messages using Apache Kafka
To select answers on multiple choices questions you need to press the spacebar.

How to retrieve LDAP data in Grails?

I am trying to use the Grails plugin 'directory services' to access LDAP data. I am unable to configure it in GGTS. Can anyone help me with the code or directions to be used in coding a program for LDAP access in GGTS.
Did you check the documentation http://lr.github.io/directory-service/guide/configuration.html to see how to configure the plugin ?
This is a client and this means you have to install / configure also a ldap server. Have a look at the apache directory project https://directory.apache.org to get a ldap client / server . Afterwards you can connect from Grails as client to the Ldap-Server.

Resources