I need to get some ldap user list with curl command.
In order to get locked users, I used
curl 'ldaps://LDAP_SERVER/ou=users,dc=my,dc=example,dc=com?memberOf?sub?(pwdaccountlockedtime=*)'
How can I get the list of users who are under 'admins' group?
cn=admins,ou=groups,dc=my,dc=practice,dc=com
Related
RE: https://jfrog.com/knowledge-base/when-do-the-groups-associated-with-an-ldap-user-get-updated-in-artifactory/
The Knowledge Base article above says:
"LDAP user authentication requests using Encrypted password or plain text password will update the LDAP group association changes from the LDAP server."
We've added a user to a group, but that user still can't see the artifacts governed by that group even after he has logged in. How can we cause Artifactory to update its group membership cache?
Please ask the user to logout and log back in after being added to the groups. Artifactory will try to reach to the LDAP server for validating the creds and then get the groups associated with the user which is returned from the LDAP server.
There is a chance that LDAP cache as mentioned in here https://www.jfrog.com/confluence/display/JFROG/LDAP#LDAP-Non-UIAuthenticationCache might take effect the groups to be associated if the user session is not hitting the LDAP server.
I need to get a list of users who logged in within the last 2 years. YouTrack Web interface shows me 141 users on /admin/hub/users?query=lastAccess(after:%202018-01-01)
But when I try to get the same list via API, I get an empty array. What am I doing wrong?
Here's my API request:
curl -X GET "https://[my_youtrack_URL]/api/admin/users?query=lastAccess(after:%202018-01-01)&$skip=0&$top=200"
What am I doing wrong?
You're missing an authentication token.
Try adding the following to your curl command -H "Authorization: Bearer mytoken123". The token itself can be created in your YouTrack user profile.
I got the answer from the YouTrack developers, it's two-fold:
1) First, the endpoint for request concerning users is different - this is a "hub" feature, so the endpoint should be /hub/api/rest/users (as also mentioned by #Jk1 above).
2) Second, the correct syntax for the query is lastAccess(after:+2018-01-01) (+ instead of %20).
It's possible to "simulate" a user using the master key? I would like this feature to test what the user can really see in the application and verify that he does not have access to some part of it etc.
Is this possible without knowing the password of the user?
If you want to test how user, roles, and permissions work, a simple way to do it is to make command line REST requests against the parse-server. Here's the guide.
You should be able to go into your parse dashboard and locate a user, look at their session token and then use that in queries to simulate that user's permissions.
With a session token, you can query objects in parse like this:
$ curl \
-X GET \
-H 'X-Parse-Application-Id: ABC123 \
-H "X-Parse-Session-Token: r:XXXXXX" \
-H "Content-Type: application/json" \
https://cloud.so.good/parse/classes/Product
For a complex system, you'll want to cover your cloud code to ensure that all is working as expected. A good place to start would be with parse-server's extensive test coverage, including ACL's
You can create a Parse.Session object for the particular user, setting the user and expiresAt fields. You creating the object, get the sessionToken key from the object.
Then for any request you are trying to make, you will set the X-Parse-Session-Token header to be the value of the session token.
I have spent a lot if time in the documentation and this Q/A forum but have still not ascertained the information I need/understand. The model that I ham working with does not exactly meld with WSO2IS very well. The programmer is set in their ways and will not budge on change, nothing I can do about that. They are just after the security that is provided by WSO2IS. So here is programmers model, NOT sso.
user->web_site->wso2is authorization->website
It is to have every user login every time. What they want from wso2s is to send user_name, password and company_id and to return valid/invalid id and a set of permission. External id should work well as a claim for the company id.
I have been able to create a user, but not able to add a role for that user and I have not been able to get authorization. I can get some of the information about the user via SCIM : curl -v -k --user admin:admin https://wso2-dev.h3net.com:9443/wso2/scim/Users/d9bef03a-ddcf-44fc-a431-3b71e618b61e
What I need are 3 curl commands via REST like commands
Here's what I have for adding a user : curl -k -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"user":{"username":"Gomez","realm":"PRIMARY","password":"Password1!","claims":[{"uri":"http://wso2.org/claims/givenname","value":"Gomez"},{"uri":"http://wso2.org/claims/emailaddress","value":"bnpatton#west.com"},{"uri":"http://wso2.org/claims/lastname","value":"Adams"},{"uri":"http://wso2.org/claims/mobile","value":"1234567890"}]},"properties":[]}' "https://wso2-dev.h3net.com:9443/api/identity/user/v0.9/me
This does not show haw to add a role for the user, just claims.
With something like the above, how would I do the following :
1. add roles to a user
2. authorize user when just only have user_name, password and company_id(external_id claim)
3. return permissions with authorization or a separate curl command?
Question 1
You can refer this comment for adding roles to the user using SCIM API.
Question 2
In this case, you can use XACML for claim based authorization. Please refer this blog for the implementation.
Question 3
WSO2IS server is working as policy decision point(PDP). Based on the decision you can access the resource in the resource server.
I'm attempting to pull a full list of users that have a specific app or Role on their onelogin account.
I've looked under both Roles and Users within the API but it doesn't appear it's possible to simply give the API a role name/ID and get all user's that are apart of it.
Is there an easy way to do this? It's to help automate auditing of auto-provisioned applications.
Thanks!
As described at the API documentation, at the User section.
you can use "query parameters" in order to filter users.
In your case you want to filter by role_id.
Imagine you want all the users with the role_id = 1:
curl 'https://api.<us_or_eu>>.onelogin.com/api/1/users?role_id=1' \
-X GET \
-H "Authorization: bearer:<access_token>"
In order to get the list of available roles you can execute:
curl 'https://api.<us_or_eu>.onelogin.com/api/1/roles' \
-X GET \
-H "Authorization: bearer:<access_token>"