I have script that user can change password to ldap. The user write his password and the script is sending the command to ldap server. I can`t do that other way, only this way ldap server creates propper passwords. The command is:
ldappasswd -x -D "uid=userwhocanchangepassword,cn=users,dc=example,dc=org" -w "userpass" -h ldap.host -S 'uid=usertochange,cn=users,dc=example,dc=org' -s 'passwordTochange'
userwhocanchangepassword - is user that has perrmissions to change other users passwords
Autside the container it works perfectly (password is changed) but when I try to run same command in the docker container insted of password change i get ldappasswd help:
Change password of an LDAP user
usage: ldappasswd [options] [user]
user: the authentication identity, commonly a DN
It`s strange but it works well if I delete the -s param with the password. But if I do that command is prompting to pass the password.
On my dev machine and inside the docker container is the same version of the ldappasswd. Docker is ubuntu container with installed ldap-utils.
Is any other way to modify this command, or maybe some one has simillar problem?
Thanks for any help.
Related
How to recreate my problem
Creating the MonetDB Container
I have this setup (using windows with Docker Desktop).
Create the official monetdb docker container with the follwing command:
docker run -v $HOME/Desktop/monetdbtest:/monetdbtest -e 'MONET_DATABASE=docker' -e 'MONETDB_PASSWORD=docker' -p 50000:50000 -d topaztechnology/monetdb:latest
explanation what the command does:
creates a monetdb container with a database called 'docker' and applies the password 'docker' to the default user called 'monetdb'. It also mounts my directory monetdbtest/ into the container.
Testing the container with DBeaver
I test the connection using DBeaver with the following credentials:
JDBC URL: jdbc:monetdb://localhost:50000/docker
host: localhost
port: 50000
Database/schema: docker
username: monetdb
password: docker
this works fine, i am able to connect and can exequte sql queries with dbeaver.
Using mclient within the container to send queries
I enter the container as root with the following command:
docker exec -u root -t -i nostalgic_hodgkin /bin/bash
(replace nostalgic_hodgkin with your randomly generated container name)
2.
I navigate to my mounted directory
cd monetdbtest
then I test the connection with mclient:
mclient -h localhost -p 50000 -d docker
I get asked for user and password, so for user I enter
monetdb and for password I enter docker. It works and I am in the mclient shell, able to execute SQL queries.
3.
Since I don't want to always enter username and password I create a .monetdb file in the monetdbtest/ directory. It looks like this:
user=monetdb
password=docker
Now I should be able to use the mclient command without entering user information. So I type this command:
mclient -h localhost -p 50000 -d docker
However I get the message:
'nvalidCredentialsException:checkCredentials:invalid credentials for user 'monetdb
I did everything according to the mclient manual. Maybe I missed something?
You may need to export the environment variable DOTMONETDBFILE with value /monetdbtest/.monetdb. See the man page for mclient, especially the paragraph before the OPTIONS heading.
I am using selenium/standalone-chrome-debug.
By default connecting to the container via VNC will trigger an authentication prompt which can be avoided by setting an environment variable as per the documentation:
If you want to run VNC without password authentication you can set the environment variable VNC_NO_PASSWORD=1.
When I start the container with the following command, I'm still prompted for the password:
docker run -d -p 4444:4444 -p 0:5900 -v /dev/shm:/dev/shm -e VNC_NO_PASSWORD=1 selenium/standalone-chrome-debug
As you can see in the following screencast:
I'm still asked for a password
Trying to authenticate without password fails
When I use the default password (secret), it passes
Question: how do I avoid authentication completely?
Adding
VNC_NO_PASSWORD: 1
to the environment of the relevant service in docker-compose.yml worked for me.
I have read some Docker tutorials and I see this command line:
docker login -u LOGIN -p PASSWORD
But the registry server URL is never set.
How does the docker command know the registry URL? What is the URL for Docker Hub Registry? I have tried this:
docker login -u LOGIN -p PASSWORD cloud.docker.com
but it does not work.
If you want to login to the default Docker Hub repository, simply use:
docker login
or more specifically:
docker login registry-1.docker.io
You can also login using a Docker Hub Access Token: https://docs.docker.com/docker-hub/access-tokens.
To do that:
Access your Docker Hub account.
Click on your avatar (on the page top right side).
Click on Account and Settings.
Click on Security (on the page left side in the middle).
And then click on New Access Token button.
Give a token description, define the token permissions and click on Generate.
Copy and save your token.
Then log in with your new token. Type docker login -u <your-username> on your terminal and paste your Access Token when requested by the password.
docker login -u <your-username>
You may need to use a specific registry version, for me this worked.
docker login registry-1.docker.io/v1
In my case docker daemon is not running, so I just restarted it and re-executed same command. It worked!!
While login you may encountered with permission denied issues, in that case first give bellow command:
sudo chmod 666 /var/run/docker.sock
then use:
docker login
The problem is docker login creds take password directly in command option which is insecure. Commands get logged in event log for process creation or powershell or bash can be configured to log all of the script text. This can lead to creds getting leaked. So My question is how can i pass the secret to docker login without passing it directly in command line. I can't find any option in docker login that takes a file which has creds.
cat ~/my_password.txt | docker login --username foo --password-stdin
In one of the latest Teamcity you can create connection where you specify password (which is then invisible) and then using Build features you can use this connection to login before build process begins.
I set up Neo4j on an EC2 instance using this
http://www.neo4j.org/develop/ec2
I have the SSH key so I can SSH into the instance, but I don't remember the password I set up for the web interface. I believe this is a Jetty basicauth equivalent, but I'm not sure, nor could I find the config files that might lead me to the right place. How can I reset this password?
`neo4j-server.properties´ has a setting for the auth-extension being used by the puppet script:
org.neo4j.server.credentials=<user>:<pass>
I'm not sure where neo4j-server.properties is located on your machine, check /etc/neo4j or use find / -name neo4j-server.properties.
You can reset neo4j web interface password by following these steps, provided you have SSH access to ec2 instance:
Login to ec2 instance from your local console:
ssh -i [your-key] ubuntu#[ec2-instance-ip]
login as superuser sudo su
Remove auth file from var/lib/neoj/data/dbms
rm -f var/lib/neoj/data/dbms/auth
Reset the password by running
neo4j-admin set-initial-password secret
Restart neo4j: systemctl restart neo4j
You can access neo4j web interface from browser with username as neo4j and new password.