OpenDJ rest api authentication giving invalid credentials with custom uid as username - ldap

We have are in the process of migrating our old OpenDJ from v3 to v4.After successful installation of OpenDJ when I try to access users api with username and password it is working fine.
We have another custom unique identifier apart from uid and I have configured this with dsconfig. In OpenDJ v3 version we can able to call rest api with the combination of custom uid + password.But when I try same thing in v4 I am getting invalid credentials.
What I have done?
Sample curl commands:
Version 3 ( working fine)
curl \
--user abc-1234-5bbd:password \
http://opendj.ourapi.com:8080/users/abc-1234-5bbd
version 4 ( invalid credentials)
curl \
--user abc-1234-5bbd:password \
http://opendj.ourapi.com:8080/api/users/abc-1234-5bbd
abc-1234-5bbd is custom uid in above code.
I have already validated http-config.json and schema.Could not find any mismatch.
Is there any other config changes required to authenticate with custom uid and password
combination.
Note: Unfortunately I can not provide screenshots because of security restrictions.

Related

How do I make gcloud select the right project?

I am using gcloud to realize speech2text. I had to reset my server and now have trouble getting gcloud recognize the right project.
transscript=$(curl -s -H "Content-Type: application/json" -H "Authorization: Bearer "$(gcloud auth print-access-token) https://speech.googleapis.com/v1/speech:recognize -d #$mailpath/sync_request.json)
results in
"code": 403,
"message": "Cloud Speech-to-Text API has not been used in project 32555940559 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/speech.googleapis.com/overview?project= then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
I have no clue where the wrong project number comes from.
I have tried gcloud config configurations list and the correct project is shown.
I have completely deinstalled the sdk.
I have assigned GOOGLE_APPLICATION_CREDENTIALS environment variable
all without success.
expected result is assigned correct project
as the documentation reads:
gcloud auth application-default print-access-token generates and prints an access token for the current Application Default Credential (ADC). The ADC can be specified either by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of a service account key file (JSON) or using gcloud auth application-default login.
You are using the undocumented (and un-recommended) gcloud auth print-access-token. This will use the default SDK client ID (which I'm guessing is in project 32555940559), and the Speech API is not enabled in that project.
As Martin suggested, instead of using gcloud auth print-access-token you should use gcloud auth application-default print-access-token.
You can check if I'm right regarding the client ID by running grep -r 'CLOUDSDK_CLIENT_ID =' $(dirname $(which gcloud))/../ (I just checked and, indeed, that project ID is the project for the default client ID).

Authentication for foxx APIs

I am working on ArangoDB 3.1 in stand-alone mode.
We are creating a Foxx API to authenticate the users who are accessing our database and our custom APIs. In order to activate authentication, we added the following statements in the arangod.conf file.
authentication = true
authentication-system-only = true
We created a user in arangosh for the database we are working on. When we log into the web console the username and password worked and we are able to access the database,APIs and also able to create users using the APIs.
But when we try to access using another browser or using curl command we are not able to see the user information. HTTP and curl commands are given below.
http://username:password#ip-address:portno/_db/AdtheorentDB/test-app/whoami
curl --basic --user "username:password" -X GET --header 'Accept: application/json' 'http://ip-address:portno/_db/databasename/test-app/whoami'
What might be the issue ?
The above curl command is obtained from the link given below.
ArangoDB authentication via HTTP

Authorize Azure AD application to access RateCard API

Since a change in the Azure OAuth 2, I've an error:
The client 'xxx' with object id 'xxx' does not have authorization to perform action 'Microsoft.Commerce/RateCard/read' over scope '/subscriptions/xxx'.
I've followed the role-based assignment instructions, added a Reader role for my application to the DefaultResourceGroupResource.
I've also added an Admin role in the appRoles section of my application manifest.
And adding all possible app permissions :
To call the RateCard API, I retrieve a token :
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" "https://login.windows.net/xxx.onmicrosoft.com/oauth2/token" -d "grant_type=client_credentials&client_id=xxx&client_secret=xxx"
And I use it in my request :
curl -H "Authorization: Bearer <token>" "https://management.azure.com/subscriptions/xxxproviders/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId eq 'MS-AZR-0003P' and Currency eq 'USD' and Locale eq 'en-US' and RegionInfo eq 'US'"
But I still have this error.
What should I do to add this authorization to my application ?
Here some screenshot of my app permissions:
After a brief call with the Azure support, they tell me that this kind of permission can't be handled via the portal, it has to be done in PowerShell.
So I had to download a Windows 10 Virtual Machine to run :
Login to Azure account:
Login-AzureRmAccount
Add permission:
New-AzureRMRoleAssignment -ServicePrincipalName "<my-app-id>" -RoleDefinitionName "Reader" -Scope "/subscriptions/<my-subscription-id>"
To check if permissions are assigned correctly:
Get-AzurermRoleAssignment -ServicePrincipalName "<my-app-id>"
I've followed the role-based assignment instructions, added a Reader
role for my application to the DefaultResourceGroupResource.
Instead of giving Reader role permission on an individual resource group, try giving the same permission on the subscription level.
Another thing you could do is create a custom role in your subscription with following permissions:
Microsoft.Commerce/RateCard/read
Microsoft.Commerce/UsageAggregates/read
Then you can assign this custom role to your application.

How to find the oauth_verifier in Magento

I've to use Magento Web API's using OAuth . I have created a Consumer with web panel and i've consumer key and consumer secret key. now i have to find the Access token . so i refered some material and came to run the following command
oauth \
--verbose \
--query-string \
--consumer-key c9c60d4aaf670c86acee7e93bb776e45 \
--consumer-secret 0a0b845eb7507de84c63740b15561568 \
--access-token-url http://localhost/magento/oauth/token \
--authorize-url http://localhost/magento/oauth/authorize \
--request-token-url http://localhost/magento/oauth/initiate \
authorize
The response came like
Server appears to support OAuth 1.0a; enabling support.
Please visit this url to authorize:
http://localhost/magento/oauth/authorize?oauth_token=6a57c2e2d3f9883a94bfd2087dd95a89
Please enter the verification code provided by the SP (oauth_verifier):
Now i dont know where to find the verification code and how to use this.
Help me through this,. Thanks in advance:)
its returned when you do as it requested 'Please visit this url to authorize:'
in your case its
http://localhost/magento/oauth/authorize?oauth_token=6a57c2e2d3f9883a94bfd2087dd95a89
just paste that in you browser, and it should take you to an authorize or reject page. (will now be invalid)
this is based on the --authorize-url
i need admin access, so i use
--authorize-url http://www.myhost.com//admin/oauth_authorize

github api - create repo

I'm trying to create a repo using Github API, but it always return this JSON:
{"message":"Not Found"}
But this error appears only when I try to create using OAuth access token in request header, if I use username and password, API create the repo and return a successful message.
Anyone had problems with this API endpoint?
You can create a new repository using the Python library, PyGithub.
from github import Github
g = Github("your username", "your password")
g = Github("your token") # safer alternative, if you have an access token
u = g.get_user()
repo = u.create_repo("name-of-your-repo")
This should solve your problem.
I had a different message come up with this
curl -i -d '{"name":"NAME"}' https://api.github.com/orgs/:ORG/repos?access_token=XXX
{
"message": "Must be an owner or admin of Organization."
}
But still not sure why I cannot create either
Ok
This worked for me
Create Auth Token
curl -u 'iwarner' -d '{"scopes":["repo"],"note":":NAME"}' https://api.github.com/authorizations
Create Repo - Need to contain "Authorization: token"
curl -i -H 'Authorization: token TOKENHERE' -d '{"name":":NAME"}' https://api.github.com/user/repos
This works, just tried it.
curl -F 'login=c00kiemon5ter' -F 'token=s3cr3t' https://github.com/api/v2/json/repos/create -F 'name=testapi' -F 'public=0'
Are we talking about API v2 or v3 ?
I do not know what technology you are using. But just in case of iOS, you can use this demo app which describes 3 simple ways to interact with the GitHub API.
Note: This demo app provide only few selected functionality.
GitHub-Interaction
Hope this helps!!
As of today, the GitHub v3 API documentation explicitly states:
Create
Create a new repository for the authenticated user. (Currently not enabled for Integrations)
EDIT:
The "not enabled for Integrations" means, if you get your OAuth token via one of your OAuth apps (which is an "integration") the GitHub API will refuse to create a repository with that function.
However, if you use some other access token (e.g. a personal access token you add yourself, see below) then the GitHub API will happily create a repository for you with the very same API call.
curl -u your_username -d '{"scopes":["repo"], "note":"Description of personal token"}' https://api.github.com/authorizations
That's the reason why the solution presented by Ian Warner works. The solution with PyGithub will suffer the same limitation. Only the token makes the difference!
EDIT: Not entirely true: With OAuth you can specify the scope to attach specific permissions to your OAuth token when authenticating (OAuth app flow). For creating repositories you need to have the 'repo' scope. (See also: Github v3 API - create a REPO)