LDAP connection for jupyterhub - ldap

I want to configure LDAP connection for Jupyterhub, but i don't know what are the setting to use as there are so many, I tried using this as reference https://github.com/jupyterhub/ldapauthenticator and https://github.com/hansohn/jupyterhub-ldap-authenticator .Still i am not able to figure out which settings are most, it would be helpful if you could identify which are must and how the LDAP login works in jupyterhub.
If you have any opensource LDAP connection working example, please share.

Related

ActiveMQ: Configure secured LDAPS connection to AD

I am using ActiveMQ 5.16.2 and try to secure the ActiveMQ Web console with LDAP. I have followed this guide.
Because I am not that familiar with LDAP I used ldapsearch from openldap-clients to perform some initial queries to check if my roleFilter and userFilter within LdapRoleAuthorizationModule have the correct settings.
When using ldapsearch I have received the following error:
ldap_bind: Strong(er) authentication required (8)
Ldap_bind: additional info:00002028:ldapERR:DSID-0C09027F,comment: The server requires binds to turn on the integrity checking if SSL/TLS are not already active on the connection, data 0, v3839
I tried to search how I can configure a secured ldaps connection from my ActiveMQ VM to solve this error but was not able to find a good solution.
Could someone give advice / help please?

How to connect to a remote ldap server to perform ldap search from Windows 10 OS?

I am new to Ldap. I'm using windows10 OS and I'm trying to connect to a remote ldap server in order to perform an ldapsearch operation. I have browsed about this but till now I have only come across very very complicated steps and I'm not sure if its the right way as well.
So can someone share the steps in order to achieve this?
I would rather recommend Apache Directory Studio that works pretty similar to any other kind of LDAP browse, such as the above mentioned Softerra.
However, on Wikipedia you can find an exhausting List of LDAP software.
You could use the an LDAP browser, such as the Softerra LDAP Browser.
https://www.ldapadministrator.com/softerra-ldap-browser.htm
Then you enter the URL and authentication data of the server where you want to connect and you're ready to browse the data.
You will probably pass a "bind DN" (which identifies the user) and the password of him.

LDAP the right choice?

So I'm looking for a solution for ssh key authorisation access to numerous servers, and have been pointed towards using LDAP. I wanted to present the use case and see if LDAP would be applicable and any suggestions or help would be appropriated.
Would it be possible to use LDAP to restrict access to specific servers per user/group using ssh keys. So a user tries to access a box which would bounce out to the LDAP server with the server and user details. This would then check if that person has access to that server and potentially return the correlating key to grant access.
After some research it seems possible to do the above, but I couldn't find anywhere where its for specific servers.
Also is openLDAP the best to use, I've tried setting this up and run into several issues like checksum on config files etc.

Ldap certificates expired on a WebSphere application server initially configured with ldap

We are running WebSphere Application Server v8.5 on AIX 7, which we configured to use ldap security. Everything is working fine, but project went halt for some time and our WAS was down. Now we see that ldap cerficates were expired, hence we are unable to connect to dmgr & admin console. Can somebody help to resolve it?
We know how to configure ldap on WAS, but dont no how to change expired ldap cerficate with new cerficates. (We received new non-expiry certificates from ldap team but dont no how to configure it on WAS).
You need to disable security, restart dmgr, replace certificates and reenable security.
To disable security:
stop/kill the dmgr
run the following from the dmgr\bin folder:
wsadmin -conntype NONE
At the wsadmin prompt, type securityoff and then type exit.
Restart your dmgr.
UPDATE
Do you have Federated or Standalone Ldap configured? You should have in LDAP configuration link to SSL configuration. There you will need to add your new certificate to the Signers store (this is very simplified description as I'm not sure which repository you are using).

Using ldap locally to share login info with webapps - Do I need Kerberos too?

So I'm setting up a dedicated server using Debian 5 Lenny. I will be using some Atlassian Tools (JIRA, Confluence, Bamboo, and Fisheye). I want to use a local LDAP server to store information for the users that will be accessing these software titles, so that they can use one set of credentials to log in.
I also want webmail users to be configured using LDAP.
However, this is a small operation. Three people. That's why all of the software, including the ldap server, will all be on the same machine.
That said, is it safe to use LDAP to store user credentials (including passwords) in LDAP without using Kerberos? I'm confused as to when Kerberos should be used.
Hypothetically, let's say I had two servers on a subnet. Server A received requests from the outside world, for atlassian tools. Server a communicates to ldap server (internally) on server b. In that case, would I use kerberos?
When do I use Kerberos? When do I not?
I am not setting anything like "Active Directory" up. No Samba either. Users do not need to login to a domain (with access to files on the domain), they just need to login to webapps. But if I was doing LDAP on it's own dedicated machine, then I might want Kerberos?
:confuzzled: :(
-Sam
The simplest possible answer is yes, it is possible to store user names, user ids, and passwords without using Kerberos, and in fact directory services accessed via LDAP are an excellent tool for storing this sort of authentication and authorization information.
Update:
In my opinion, if you do choose an open source server, you will find OpenDS to be superior to OpenLDAP or Apache.
Basically, if you have Kerberos, you do not need any directory server. If you aren't in a corporate environment and are looking for an identity management store, you should definitively go for a directory server like OpenLDAP or Apache Directory. Kerberos require running a correctly set up DNS and NTP server. This might be way to much. Even if you do, those lazy morons from Atlassian still did not implement Kerberos support into their products. You can't even go with that.
I just noticed that there are only three of you, maybe a simple database setup with MySQL would suffice instead of running a full-blown directory server?