Erlang: query more than 1000 LDAP elements using "eldap" library - erlang

I am using ejabberd, a jabber daemon written in Erlang. It is connected to our Active Directory using its LDAP interface and Erlang's eldap library.
Everything works so far with a small limitation causing a big problem:
A normal LDAP query receives up to 1000 elements and then stops.
We have more than 1000 employees and therefore receiver only a part of the whole query
Using *nix' ldapsearch tool, I can use the option -E pr=1000/noprompt for receiving multiple pages (which finally get concatenated to a single one) without any limitation.
How could I use this function using Erlang's eldap library?
I already read through the source code, but don't seem to find anything obvious.
#erlang had some nice ideas about this:
emauton: It looks to me like you're out of luck. Paged results are supplied by an LDAP extension, described in http://www.rfc-editor.org/rfc/rfc2696.txt. If you look at ldapsearch, you can see this being added to the query at http://goo.gl/lemNOS
emauton: Reading through the eldap source, this extension doesn't make an appearance. The good news is that it shouldn't be too hard to add, I think, by messing about with the 'controls' part of the LDAPMessage.
emauton: You should be able to set up your request according to the RFC using the right controlType & contents (referencing the ldapsearch code) and use it to make a paginating version of eldap:search

Related

Accessing Mozilla Certificates from Delphi

I would like to access certificates stored in Mozilla products (Firefox and Thunderbird) from a Delphi (XE) applicaiton. For start I would like to list them, next it would be nice to be able to manage them (import, export, delete) and use them (sign). The software token would be sufficient although using all tokens supported by mozilla would be great.
So far I tried using XPCOM with http://d-gecko.svn.sourceforge.net/viewvc/d-gecko/trunk/ delphi binding. However there is not much documentation around and I am kinda confused with all the terminology and concepts. The best I could manage was:
var ns:nsIX509CertDB;
servMgr:nsIServiceManager;
p:Pchar;
begin
GRE_Startup;
NS_GetServiceManager(servmgr);
servMgr.GetServiceByContractID('#mozilla.org/security/x509certdb;1',NS_IX509CERTDB_IID,ns);
ns.FindCertNicknames(nil,1,count,p);
GRE_Shutdown;
end;
Using this code I did get instance of certdb object and I was able to ask it for certificates. However it seems to be completely empty (count from FindCertNicknames is 0) and it also does not react on changing OCSP (IsOcspOn always returns true). I am thinking that I did either create new certstore or that I need to activate default user profile somehow.
I also tried accessing softokn.dll as a PKCS#11 library. As this seem to have some sort of PKCS#11 API, it is not responding well. I.e. CKR_BAD_ARGUMENTS on C_Inititialize.
The last and really bad way would be accessing certificate files directly as it should be "standard" NSS but I realy do not like this way.
Our SecureBlackbox works with softtokn.dll via PKCS#11 and you can use interfaces provided by SecureBlackbox for handy certificate management.
I explored the PKCS#11 way a little more and I actually got it to do something. The softokn.dll library is "almost" standard PKCS#11 library, see https://developer.mozilla.org/en/PKCS11_Module_Specs . The key thing is that you need to initialize it with special arguments (the structure is described in the linked URL).
Its also handy to check the NSS erorr return values: see CKR_NETSCAPE_... at http://people.mozilla.com/~chofmann/l10n/tree/mozilla/security/nss/cmd/pk11mode/pk11mode.c .
The last key thing is that you need to specify the tokens by hand as the documentation is unclear about using secmod.db - there is a missing word, probably "supported", in "The MOD DB function is not through standard PKCS #11 interfaces".
All this is rather low-level coding and will still need a lot of work so it may be better to use SecureBalackbox as suggested by Eugene if you are starting from scratch.

Get watched issues in Redmine via REST API

We're looking to create a tool to help with time management in Redmine. The issue we are currently having is that we want to get a list of issues that are watched by a particular user but can't find an API for it. Does anyone know if this is possible or are we just going to have to try and modify Redmine directly?
SOLUTION: Similar to the solution provided below by dmf85, I found a solution to this problem that worked for me. The Issues API takes a query_id as one of its parameters. What I ended up doing was filtering my issues by Watcher (like dmf85 said) then saving the query. I then used the query_id from that saved custom query in my API call.
At least in Redmine 3.1, there’s an undocumented parameter for the Issues API that allows you to specify a watcher directly: watcher_id. It works just like assigned_to_id, you can pass either a user ID (i.e. watcher_id=23) or the special string me (i.e. watcher_id=me).
An example of URL could be like the following: https://example.com/redmine/issues.json?watcher_id=me&key=redmine_api_key
Under your issues tab in the interface, click:
add filter
watcher
select a watcher in the box
Then, click the atom, csv, or pdf link at the bottom for a link that you can write a program to consume at your discretion.
Does this help?

Filter tweets by client name

I'm trying to filter tweets results by client name like - using source operator.
I'm trying to do it with a a client named "single platform" , to get tweets like http://twitter.com/#!/phoenixparknyc/status/43340419475570688 but the search doesn't seems to work (tried with quotes as well)
http://twitter.com/#!/search/source%3Asingle%20platform%20Specials%2FEvents%20
Any idea how to make the search works ?
The correct way to handle multi word sources is to remove the spaces. For example Twitter for Android becomes source:twitterforandroid. Unfortunately searching by source is pretty unreliable and generally doesn't work with low volume clients. My guess is it will eventually work for your client but who knows when.
http://twitter.com/#!/search/special%20source%3Asingleplatform

Search Engine Help

I have a mediawiki installation that I've customized with some of my own extensions. Here is the basic platform, pretty standard LAMP install.
Ubuntu Server
Apache 2
Mediawiki 1.15
PHP 5.2.6
MySQL 5.0.67
For the actual MW search I use Lucene (EzMwLucene). I also have custom extension that displays tabular data from a separate database within a MW page. Lucene doesn't index this info (which, in my case is actually good because it would clutter your expected search results). For this installation I didn't do anything to Lucene other than install it and wouldn't know how to customize it for my needs and it may be "too powerful".
At any rate, I need to create a search for the data in my other database. I have a master table that is updated daily based on data stored in other (normalized) tables. At the moment it is one of these searches that basically creates a SQL query based on the criteria you enter. This is a lot of work, though. I would like it to be more of a "type and submit" type search.
I don't think I need a comprehensive "cut & paste" type answer, but if anybody has something that I can google I would be very appreciative. I don't need to recreate the wheel, which is what I would be doing if I followed what I see in google.
If you would like to see my master database, let me know, I would want to sanitize it to make me more anonymous (whatever that means). Also, if you're familiar with MW and would like to see any of my extension code, again, let me know.
TL;DR: need to make a custom search feature with LAMP (displayed in Mediawiki). Any guidance appreciated.
Thanks SO!
Why do you need to add custom search? This will relate to the best answer.
For simplicity, you could use the Google Search Engine - http://www.mediawiki.org/wiki/Extension:Google_Custom_Search_Engine
Otherwise it sounds like you need to write a full-text query for the database.

Get country location of an IP with native PHP

Read on before you say this is a duplicate, it's not. (as far as I could see)
I want to get the county code in php from the client.
Yes I know you can do this using external sites or with the likes of "geoip_record_by_name" but I don't want to be dependent on an external site, and I can't install "pear" for php as im using shard Dreamhost hosting.
I thought I could just do something like this:
$output = shell_exec('whois '.$ip.' -H | grep country | awk \'{print $2}\'');
echo "<pre>$output</pre>";
But dreamhost seems to have an old version of whois (4.7.5), so I get this error on allot of IPs:
Unknown AS number or IP network. Please upgrade this program.
So unless someone knows how to get a binary of a newer version of whois onto dreamhost im stuck.
Or is there another way I could get the country code from the client who is loading the page?
Whois is just a client for the whois service, so technically you are still relying on an outside site. For the queries that fail, you could try falling back to another site for the query, such as hostip.info, who happen to have a decent API and seem friendly:
http://api.hostip.info/country.php?ip=4.2.2.2
returns
US
Good luck,
--jed
EDIT: #Mint Here is the link to the API on hostip.info: http://www.hostip.info/use.html
MaxMind provide a free PHP GeoIP country lookup class (there is also a free country+city lookup one).
The bit you want is what is mentioned under "Pure PHP module". This doesn't require you to install anything, or be dependent on them, nor does it need any special PHP modules installed. Just save the GeoIP data file somewhere, then use their provided class to interact with it.
Can you just install a copy of whois into your home directory and pass the full path into shell_exec? That way you're not bound to their upgrade schedule.
An alternative, somewhat extreme solution to your problem would be to:
Download the CSV format version of MaxMind's country database
Strip out the information you don't need from the CSV with a script and ...
... generate a standard PHP file which contains a data structure containing the IP address as the key and the country code as the value.
Include the resulting file in your usual project files and you now have a completely internal IP => country code lookup table.
The disadvantage is that, regularly, you would need to regenerate the PHP file from the latest version of the database. Also, it's a pretty nasty way of doing it in general and performance might not be the best :)
Consider ipcountryphp (my site, my code, my honour) as it provides a local internet-lifetime freely updated database. It's fast and fully self-contained, pluggable into anything PHP 5.3, SQLite3 and beyond. Very fast seeks and no performance penalties.
Enough with shameless self-promotion, let's get serious:
Relying on querying remote services in real-time to get visitor country can become a major bottleneck for your site's functionality depending on the response speed of the queried server. As a rule of thumb you should never query external services for real-time site functionality (like page loading). Using APIs in the background is great but when you need to query the country of each visitor before the page is rendered, you open yourself up to a world of pain. And do keep in mind you're not the only one abusing free services :)
So queries to 3rd-party services stay in the background while only local functionality that relies on no 3rd-party go into the layers there users interact with. Just my slightly performance paranoid take on this :)
PS: Above mentioned script I wrote has IPv6 support too.
Here is a site with a script i just used. The only problem is that you would probably every now and then need to regenerate IPs by yourself... which might be pain and tahts why everyone is telling you to use external API. But for me that wasnt solution as i was pulling like 50 IPs at once, which means i would probably get banned. So solution was to use my own script or to do saves to DB, but i was again pulling images from external sites. Anyway here is the site i found script on:
http://coding-talk.com/f29/country-flag-script-8882/
Here's a few:
http://api.hostip.info/get_html.php?ip=174.31.162.48&position=true
http://geoiplookup.net/geoapi.php?output=json&ipaddress=174.31.162.48
http://ip-api.com/json/174.31.162.48?callback=yourfunction
http://ipinfo.io/174.31.162.48
All return slightly different results.
here is also one of them. just change the IP to the variable:
http://api.codehelper.io/ips/?callback=codehelper_ip_callback&ip=143.3.87.193

Resources