Recently my application got migrated from NIS to LDAP. There is a script which uses "ypcat -k netgroup" to get all the users . This script is failing since migration.
Can anyone help me with
How to get all the users of a particular netgroup in LDAP? (getent netgroup is not working)
Alternative for "ypcat -k netgroup" in LDAP.
Thanks in advance.
Related
I am using sonarqube 8.9.7 version.
I am trying to do authentication using LDAP. we have 2 groups in LDAP one group is admin and another one is normal user.
sonar.security.realm = LDAP
sonar.authenticator.downcase=true
ldap.url=ldap://<IP address>
ldap.bindDn=CN=BInd username ,CN=Users,DC=company name,DC=in
ldap.bindPassword = BindPassword
ldap.authentication=simple
above one is for bind this is working fine.
ldap.user.baseDn=cn=Users,dc=CompanyName,dc=in
ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(|(memberOf=cn=Sonarusers,cn=Users,dc=companyName,dc=in)(memberOf=cn=SonarAdmin,cn=Users,dc=companyName,dc=in)))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
User access is also working fine giving access only to those groups.
ldap.group.baseDn=CN=Users,DC=companyName,DC=in
ldap.group.request=(&(objectClass=posixGroup)(member={uid}))
ldap.group.idAttribute=sAMAccountName
This is group access
for this I am not able to configure things.
I have 2 groups in LDAP sonarUsers and sonarAdmin and created same group in Sonarqube and give
permission for sonarAdmin.
please help me to sync the groups.
Thanks in Advance
I found the solution.
the mistake was from filter i was using wrong object class
I've forgotten my password for the apache of biz admin account , I've asked for an email to be sent however I don't know which account is associated with the ofbiz server so I can't view the email which changed the password , does anyone have any tips?
Thanks
if you can access database, you can make the change directly on the UserLogin table.
Otherwise if you have a remote access to the server, you can use the ant or gradle target - depending of your OFBiz revision - to create another admin acount :
gradlew loadAdminUserLogin -PuserLoginId=myadmin
or
ant create-admin-user-login
Also a possible solution in such case is to use the (eg) lmtadmin if you have access to it. This is what I do on the demo when someone screws the main admin pwd
I am doing LDAP with websphere setup. I did all the priamary setps in the DN am using OU=Users, O= O=IN.
for the federated repository in websphere for PersonAccount i gave the same DN name and in filters i used (objectclass=user). But in the manage user, no user is getting listed.
Turn on the following trace: com.ibm.ws.wim.*=all.
Restart your server. Go to admin console and click Manage Users.
Look in the logs for "JNDI_CALL search"
You will see the filter being used, eg. (&(objectClass=inetorgperson)(uid=*)) and the baseDn being searched on. Verify these are correct by comparing to your ldif of a user you expect to see or by using the ldapsearch utility. It is probably not correct, so take action to fix the filter.
I'm using sonar 5.6 LTS with LDAP plugin 2.1.0.
The basic LDAP configuation is working fine. Sonar can connect to LDAP (in my case active directory). sonar.log:
Test LDAP connection on ldaps://ldap.mycompany:636: OK
My user mapping is
ldap.user.baseDn=OU=Users,OU=Accounts,DC=mycompany
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
When I try to login with mycompany\tobi sonar logs:
DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user mycompany\tobi
...
DEBUG web[o.s.p.l.LdapUsersProvider] User mycompany\tobi not found in <default>
This makes sense as sAMAccountName contains the value tobi and not mycompany\tobi. But when using just tobi as login, sonarqube does not connect to LDAP for authentication. I just get "Authentication failed" and the log file contains only
DEBUG web[http] POST /sonar/sessions/login | time=235ms
Any ideas why sonarqube does not always use LDAP? Thanks, Tobi
Thanks to Godin, I've finally found the answer:
The root cause is that I had a local account with the same login credentials before using LDAP. When removing users using the web interface, they are not removed permanently from the database. Instead, they are just deactivated.
I connected to the (postgresql) database and in the users table there were still all old local accounts. So I just changed the login column of all deprecated local accounts with
UPDATE users SET login='username_local' WHERE login='username'
As those accounts are deactivated, they cannot be used to login into sonarqube but should not be removed as some other tables might still have references to them.
I setup a little server and have it authenticating with ldap.. is there a way to restrict which ldap user can login via ssh without adding an account to the opensuse box?
1 - Create a group on LDAP using YaST's User and Group Management, for instance "serveradmins".
This will create a entry on your LDAP server under the group OU.
2 - Add the allowed users to this group, also using YaST
3 - On the servers you want to restrict the access, edit the /etc/ldap.conf, making sure the following instructions are present (uncommented), mind changing the DC= parts to your configuration:
pam_groupdn cn=serveradmins,ou=group,dc=example,dc=com
pam_member_attribute member
Let me know if this worked well for you. I have this working on OpenSUSE and Ubuntu machines.