I'm currently trying to configure a ldap authentication on a nuxeo server and for me documentation is not enough precise.
The Nuxeo server is on a Centos 7 on the local network.
I declared the Nuxeo server on the Windows server 2019 Active Directory which make the bridge to the WAN.
For now, I just have registered instance and installed nuxeo-web-ui nuxeo-platform-getting-started.
I'm at this page step of the documentation:
https://doc.nuxeo.com/nxdoc/using-a-ldap-directory/
I don't really understand how to map the default userDirectory to my LDAP Server.
And where can I find the extension point userManager noted in that link?:
https://explorer.nuxeo.com/nuxeo/site/distribution/Nuxeo%20Platform-2021/viewExtensionPoint/org.nuxeo.ecm.platform.usermanager.UserService--userManager
Thank You for your cooperation!
Related
I'm newbie to liferay 7,I want to integrate liferay 7 with CAS server using ldap.
my liferay's version is 7.0.2 GA3,CAS server's version is 3.5.2 and I'm using opendj active directory.
I have installed liferay on localhost:8080,CAS server is on one of my server
machine over ssl and ldap is on the same server machine.
I have successfully integrated CAS with ldalp that is I can able to login in CAS server from ldap users.
After this I have configured CAS authentication in liferay that is in Configuration->Instance Setting->Authentication under this CAS tab.
when I try to login im getting following url:
http://localhost:8080/?ticket=ST-36-tP25deAgea9pUfwEcf6V-cas01.example.org
Although ticket is generating,but I'm not able to access admin panel.
Please help,
Thanks in advace
This happens because there is a handshake error, so, when you configure your keystore you must be careful with CN name, cause you must use the domain name, not the IP, and if you don't have a DNS you could configure a host file, for example /etc/hosts in CentOS.
Can any one provide me a documentation for setting up ldap server on centos machine.I googled a lot but couldn't find proper document.I want to use LDAPv3 Directory services in my LDAP server
I've found a lot of articles on web deploy and why it might fail, but not any with answers with this error message.
Web deployment task failed. (Could not complete the request to remote agent URL https://myserver:8172/msdeploy.axd?site=mysite.)
Could not complete the request to remote agent URL https://myserver:8172/msdeploy.axd?site=mysitename. The request was aborted: The request was canceled. This method is not supported by this class.
I am trying to deploy an MVC4 website from Visual Studio 2013 Express to a Windows 2008 R2 Datacenter server with the Web Server role installed.
I followed this (and other installation guides) and can confirm the following:
Windows Server 2008 R2 Datacenter
Web Server role installed
Management Services is running
Accepting windows and IIS credentials
Server Administrator has permissions
Remote connections enabled (and service restarted)
SSL certificate is our real one, not the self-cert
My firewall is configured to allow this traffic
I am prompted for a username/password when accessing https://myserver:8172/msdeploy.axd
The website is running
Bound to all IPs on :80 and :443 (with same cert as deploy)
So for some reason, it didn't want the Windows Administrator account doing a deploy.
Created an IIS user in IIS Manager User
Changed the permission settings to Windows credentials or IIS manager credentials
Restarted Management Service
Added the newly created user to the website
it works!
We're working on an implementation of DirectAccess using Windows Server 2012 R2.
The DA server is a single NIC behind the firewall with TCP/443 forwarded for IPHTTPS.
During the initial testing/setup, we set it up strictly for Windows 8.1 clients, using the username/password (computer account) to authenticate. Everything worked beautifully.
Wanting to extend the testing to Windows 7 clients, we configured DA to use certificates for authentication. We have an internal PKI infrastructure that has worked properly for everything else we've needed it for during the last 2 years.
Windows 7 clients, with the DirectAccess Connectivity Assistant, connect and work beautifully. However, Windows 8.1 clients cannot.
We've checked the certificates and all seems good. Using the DirectAccess Troubleshooter, we see that it connects successfully to the DA IPHTTPS URL, however it can't access any internal resources. We can ping the internal DCE addresses x:y:z::1 & x:y:z::2 that it is my understanding are the DA server inside our network.
Are there any additional tools for troubleshooting this? Can anyone point me in the right direction to determine why only Win8 clients won't connect with certificates?
The initial getting started wizard in DA allows Windows 8 / 8.1 to connect using Kerberos Proxy (no certs). A full blown install using PKI mandates that all clients use certificates. Deploy the Computer certs to the Windows 8 / 8.1 and you will be fine.
Reference - http://technet.microsoft.com/en-gb/windows/dn197886.aspx
How does DirectAccess in Windows 8 and Windows Server 2012 simplify deployment?
In earlier versions of Windows Server, a PKI was required to deploy DirectAccess. DirectAccess used the PKI for server and client certificate-based authentication. Now Windows 8 sends client authentication requests by using a Kerberos proxy service running on the DirectAccess server. The Kerberos proxy service sends requests to domain controllers on behalf of the client. As a result, for simple deployments a PKI is not required to deploy DirectAccess, and IT administrator can use the Getting Started Wizard to configure DirectAccess in a few easy steps. For more complex deployment scenarios, PKI is still required.
It would help if you can present some graphical representations of your problems 'cause every response to your question would only be assumptions.
Troubleshoot as follows:
Check to make sure the windows client is an Enterprise edition
If point 1 above is true, run the 'get-DaConnectionstatus' command on Powershell to see if the client can determine its location, otherwise get a windows enterprise edition.
3.If both point 1 and 2 are true then check to make sure your group policies are well configured. Remember to separate the security groups for windows 7 and windows 8 clients.
what's the best way to develop with ldap without having the connection to the productive ldap server. Can you recommend some software?
Thanks
I'd say a test instance of OpenLDAP :)
If you're more into the Microsoft space, you could also check out:
Active Directory Lightweight Directory Services (AD LDS)
which is a Windows service based subset of the full AD. You can spin up multiple instances of AD LDS and since it's a Windows service, you can also turn it off when no longer needed.
It depends on what kind of LDAP server you have in production. Usually it's a question "AD or not AD?"
If your productions server is AD then it would be either virtual machine with a domain controller or a local instance of AD LDS (formerly ADAM).
If your production server is a generic LDAP server then there is a wide set of options. These days I would use a virtual machine with any Linux and OpenLDAP or/and Fedora Directory Server, or a local instance(s) of ApacheDS or OpenDS.
If you do not want to install/host/configure a Microsoft Server with Active Directory, you can use the following for LDAP testing purposes:
https://documize.github.io/ad-ldap-test-server/
Try
https://github.com/Upekshe/simple-ldap-server
Its running a nodejs server, highly configurable, supports both ldap and ldaps
Dokerized version
https://hub.docker.com/r/upekshejay/simple-ldap-test-server