I am trying to have SCM Manager accept users from my organization so they can log in using their Windows username and password. I have installed the LDAP plugin, but it still doesn't recognize my own windows username and password from my organization
I don't really understand - I think I shouldn't even need LDAP and some kind of basic authentication should be able to figure out my username password on windows active directory etc type of thing...
Do I need the SSL to do this? It says various things about a binding problem.
I am using the custom LDAP profile. I put wsproxy in the proxy server area and enabled. I have no idea what that means but it was the same configuration that I saw in a previous installation of SCM-server that worked with organizational credentials on windows server.
This problem occurred after upgrading from version 1.6 to 2.9.
Though I was not the person who set it up on v1.6.
UPDATE: what's needed is not LDAP plugin, but rather understanding how to configure active directory for SCM - previously, in 1.X versions active directory plugin worked under the hood - now it needs to be configured and I have no idea how -- also the active directory plugin for 1.X is no longer available - if you could provide me with that code I might be able to see how it connects to AD and then go from there on version 2.X - any chance you can get me access to the code of https://bitbucket.org/sdorra/scm-manager/wiki/active-directory-plugin??
We have an issue for the LDAP plugin saying that the migration of the ldap password may fail (though I cannot reproduce this), so maybe this happened with your migration, too. Proxy settings should not play any part in this game, because as far as I know company ldaps aren't behind a proxy.
The configuration for 2.x should be the same as for 1.60. We haven't changed anything here. So first I would try to reenter the "Connection Password". If this still fails, please use the "Test connection" feature. Enter a valid authentication here. This tells you, on what level the connection fails and may show you an exception with further information.
Feel free to post your results here for further investigation.
Related
I'm trying to install Umbraco on an ASP.NET environment. After I downloaded the umbraco nuget package I tried to run the installation wizard, by building and running the project. All is fine and good, if i take the default database configuration, but if I want to customize my configuration, it fails and says :
"Could not connect to database"
I'm trying to configure it to use my local SQLExpress database, but I just cannot get it working. I have both tried putting in the server information and connecting via. a connection string, via. the wizard. It produces the same error every time.
I have made a database called umbracoblog and created an admin user, with credentials. He has dbowner etc. for the database. Besides that, I have also given full permissions to IIS_IUSRS and Network Service accounts for the project and all subdirectories, and it still doesn't work.
These are some of the connection strings I have tried:
datalayer=SqlServer;Data Source=.\SQLExpress;Initial Catalog=umbracoblog;User Id=admin;Password=********;
datalayer=SqlServer;Data Source=127.0.0.1\SQLExpress;Initial Catalog=umbracoblog;User Id=admin;Password=*******;
I have also tried putting in the connectionstring into the web.config, manually, but that just makes the project load infinitely in the browser, when I run it.
It's starting to get frustrating, that I cannot even get past the configuration of Umbraco, because it look very cool. I have tried everything I was able to found online. Have anyone gone through this and know what I need to do ?
Start again - clear out and remove the umbracoDbDSN connection string entirely from your web.config and reset the umbracoConfigurationStatus AppSetting back to empty if it has been populated.
Use the Wizard to configure the database - if it's still having problems connecting then here's a few things to check:
Check the Log file here: ~/App_Settings/Logs/UmbracoTraceLog.txt - does that show up any errors?
Make sure you can connect to the database using other clients - if Umbraco can't connect to it, chances are something else won't be able to as well.
What happens if you use Integrated Authentication? If that works, then it's most likely an issue with the username and password you specified.
The password I had for the SQL Server user had a character that the installation UI didn't accept. I changed the password to remove special characters and it was able to connect to the server again. I could successfully log in through SSMS with the previous password.
my project recently opted for LDAP authenctication from HTTP, is it possible to change them with out re-running the steps,. or pls let me know how we can do this.
It is possible, however you need to do some manual steps.
Please check out the following link for some hints (it is for OpenId to LDAP migration, but you need to do some manual work in the same database tables):
https://groups.google.com/forum/#!topic/repo-discuss/VMpG0k119AY
So I have an application that works perfectly on my desktop, and also works perfectly when deployed to tomcat on a windows machine. However, when I attempt to use this application while deployed on the same version of tomcat, but on AIX, it fails to retrieve data out of LDAP.
A user is able to successfully authenticate, but the context is null. DirContextOperations is passed into my ContextMapper as null. Does anyone know what ports that need to be open to get this data or what other configuration may need to be done? Based on what I am seeing it has to be a server configuration issue somewhere.
If you are using Spring Security LDAP plugin then it will be easy to co-relate the below mentioned configuration in AIX with the app. I prepared few snapshots for the configuration so that I do not clutter the answer space here. Have a look at LDAP config in AIX and try to setup the same in AIX Server.
Now coming to the LDAP plugin, there is nothing much other than setting up a bunch of properties is required. Values for these properties will be available once the LDAP configuration is done in AIX (as mentioned in the above mentioned slide).
Note:-
After creating a standalone LDAP, you might need to add realm if the user is associated to a group. I have not mentioned the same in the slides since I do not have an active LDAP host available now.
UPDATE
Instead of using BindAuthenticator can you try switching to PasswordComparisonAuthenticator for authentication.
Using the below setting in Config forces to use PasswordComparisonAuthenticator to authenticate and return back the DirContextOperations. Can this setting be tried?
grails.plugins.springsecurity.ldap.authenticator.useBind = false
#Refer LdapAuthentication Implementations.
I am not sure if this will be the answer in your case. I was also getting null in DirContextOperations object when trying to obtain values from Active Directory.
I was trying to get ldap attributes like this as the Grails LDAP plugin Documentation states:
String mail = ctx.originalAttrs.attrs['mail'].values[0]
and all those were null. So I have changed the line above for this one instead and it works for me:
String mail = ctx.attributes.getAt('mail').values[0].toString()
I have just started using grails and installed the spring-security and spring-security-ui plugins. I am following the tutorial given here. The application starts with one bootstrapped user me with ROLE_ADMIN permission.
With the UI override scripts I was able to get the register functionality up and running and it works all right. Now, I have installed the User Management scripts (grails s2ui-override user) to try adding, editing, removing users.
A new user gets created fine, I have checked this against the HSQLDB instance. However, if I now log-out from the application and try to login with the newly created user the application tells me that it is unable to find a user with the provided username and password.
I haven't modified the default logout handling so am using /j_spring_security_logout which as the documentation says invalidates the session.
Is this a know issue? If so how can I get around this or if not how can I debug this issue?
EDIT:
This issue is also persisting without the UI addition. Register as a new user. Once you finish e-mail verification you are auto-logged in to the site. Now logout and try to login in back again. It gives the same error.
FINAL EDIT:
The UI plugin comes with the RegisterController that still encodes the password. However, the newer domain classes that come with the core are also doing this and the recommended practice is that controllers shouldn't. I commented out a line that does the encoding and the login/logout works now at least for the basic scenario.
There is a warning on that tutorial
Earlier versions of the plugin didn't include password encryption logic in the domain class, but it makes the code a lot cleaner.
I am guessing security-ui plugin does not know about that change, and comparing unencrypted password with the encrypted one on the database.
l managed to fix my problem. The problem was double encryption. Under the spring security ui in the user controller on line 41 the password was being encrypted and then again by the domain class so on login it was comparing a double encrypted password and a single encrypted password. To solve the problem l just commented out line 41 in the user controller which was encrypting the password
EDIT: If you have trouble figuring out where one would go to edit the controller, you can find the source code of the downloaded plugins in your user home's
/.grails/version/projects/projectname/plugins
directory for editing (at least on Mac / Linux, dunno where you'd find it in windows).
I've been experimenting with ASP.Net MVC, and have come across a problem that is probably not specifically MVC related. But I cannot get the authentication in the default MVC application (the one created by the wizard when you create a new MVC project) to work properly under IIS 7 on Windows 7.
If I run under the Visual Studio environment, it works, but if I switch the settings to run under IIS instead, I get the following exception trying to submit the login or registration:
Failed to generate a user instance of
SQL Server due to failure in
retrieving the user's local
application data path. Please make
sure the user has a local user profile
on the computer. The connection will
be closed.
I believe that this is because the website runs under my own account in Visual Studio, but under the IUSR account in IIS. Google searches on the exception message have been unhelpful so far.
So, can one create a local user profile for the IUSR account? If so, how? Is there something else I should be doing to get the SQLExpress engine to work under the anonymous account in IIS 7?
I also tried configuring the IIS website to use my account, but since this is my home machine, my account doesn't have a password, and it appears that IIS won't let a website be configured to use an account without a password. Or, since this is my first experience with IIS 7, and configuration feels very different than IIS 5/6, I am just missing the right setting that will let me configure the account to use for anonymous access.
EDIT: Some additional information. If I empty the App_Data folder and try again from IIS, SQLExpress attempts to create my database and fails, but the exception message has further information with the following suggestions.
SQLExpress database file auto-creation
error:
The connection string specifies a
local Sql Server Express instance
using a database location within the
applications App_Data directory. The
provider attempted to automatically
create the application services
database because the provider
determined that the database does not
exist. The following configuration
requirements are necessary to
successfully check for existence of
the application services database and
automatically create the application
services database:
If the applications App_Data directory does not already exist, the
web server account must have read and
write access to the applications
directory. This is necessary because
the web server account will
automatically create the App_Data
directory if it does not already
exist.
If the applications App_Data directory already exists, the web
server account only requires read and
write access to the applications
App_Data directory. This is necessary
because the web server account will
attempt to verify that the Sql Server
Express database already exists within
the applications App_Data directory.
Revoking read access on the App_Data
directory from the web server account
will prevent the provider from
correctly determining if the Sql
Server Express database already
exists. This will cause an error when
the provider attempts to create a
duplicate of an already existing
database. Write access is required
because the web server accounts
credentials are used when creating the
new database.
Sql Server Express must be installed on the machine.
The process identity for the web server account must have a local user
profile. See the readme document for
details on how to create a local user
profile for both machine and domain
accounts.
I've pretty extensively confirmed that the first three suggestions have been satisfied. The fourth seems to be the cause of my problems, but I can't figure out how to do that. And although the suggestion claims there is a readme document that describes it, I have not been able to find that document.
I got this problem as well running under medium trust. The process that creates the database requires at least High trust. You can check this by looking in your Web.Config for
<trust level="TrustLevel" />
If there is no trust specified in your Web.Config, try adding it and set it to either Full or High. If this doesn't work, there is a machine.config in your IIS which you would need to modify.
That being said, the best route I have found to solve this is to just use aspnet_regsql.exe to create the necessary tables and then change the connection string in your Web.Config to look at it directly.
I solved "The directory 'LocalApplicationData' does not exist." error when running an SSIS package through an SQL Job by ensuring the SQL SSIS service and SQL Server Agent service were running under the same account as the swql job was set to use!
This in my case was a domain account.
Solution: Try UNINSTALLING any updates before you started experiencing the issue. I spent countless hours - wasted hours that I will never get back in my life - reading and following every solution possible without success. I uninstalled all SQL Server updates and now everything works fine.