I'm new to Gluu and have a question regarding import/export sync with LDAP (active directory). I have a server setup locally and am able to successfully import/sync Users from my Active Directory into Gluu locally via LDAP Cache just fine.
My question is, how can I can configure Gluu so that any new users I create locally within Gluu and any AD Imported users whose attributes I update, also get exported/sync'd back to my Active Directory?
Thanks in advance
You could use Apache Directory Studio and export/import any entry you want to manage. Take a look to this section of the documentation:
https://gluu.org/docs/gluu-server/user-management/local-user-management/#import-people-in-oxtrust
Also if it's not clear at all, consider openning a question in the Gluu support platform.
https://support.gluu.org/
Related
We have an on-prem server which is also in our backup solution.
We were trying to create a new delegated LDAP permission for a different team by using the Add Directory option within User Directories in the Administration. We were able to create the directory but when we deleted it post the testing, the configuration made in the original directory were removed, specifically from the ldap.group.filter
Now we are trying to retrieve the old config file however I dont know the location where it is stored. Is it stored on the server or does it also reside in the DB? Is there a way to restore it without restoring the entire server?
We in our team are planning to use gerrit. So, to get introduced, I did set up a server, used open-id for authentication and created some test-users and test-projects in it.
Now we are ready to use it. But we actually prefer LDAP for real use.
So, can I change my authentication system from open-id from LDAP? What will happen to current users then?
I want to clear test projects and changes. How can I do them?
Can I complete delete existing gerrit setup and initiate a fresh setup in same machine? (I tried extracting the jar in different folder, but I faced some problems in it)
I am using Ubuntu 12.04 as my server.
Please help.
Delete the database (you're not using the H2 database anymore, but some MySQL or PostgreSQL server, don't you?) plus the directory where Gerrit is running (the -d parameter, see docs). Additionally, remove the git repos, if you configured them to be located on a different path.
Then all your data is gone and you can start from scratch.
I am running CQ 5.4 currently (5.5 upgrade pending) and need to establish a few sub-directories that can only be accessed by logging in and validating against the LDAP. This also means the files users can download after logging in have to be authenticated as well.
I have read as much of Adobe's documentation (and 3rd party) as I can:
http://dev.day.com/docs/en/cq/5-4/howto/create_apply_cug.html
http://dev.day.com/docs/en/cq/5-4/deploying/dispatcher.html#/sessionmanagement
http://www.wemblog.com/2013/01/how-to-associate-cug-with-dam-asset-in.html
We have LDAP enabled to log in and use CQ5 on our development server, but this is different from having our publish server use it for subdirectory-specific authentication and allowing all other static pages be cached. Unless I'm reading all of this wrong, none points out how to accomplish such.
Having the default login component work with LDAP authentication would be wonderful, but I am not holding my breath.
It's possible to configure ACLs (access lists) for each node.
For example, through LDAP you export users which belong to group ldap-users. Then, if you go to Content Repository Explorer (/crx/explorer/index.jsp) -> Content Explorer - > Choose node you need to set ACL for -> Security Access Control Editor -> New ACE. There you can set the access rights for the node.
More on how to set the ACLs: http://helpx.adobe.com/cq/kb/CQ53ACLsMappingToCRX2.html
My company has a MediaWiki setup which we are looking to make [partially] client accessible. Ideally each client would be able to see only their own page. Our wiki requires the user to be logged into view or edit, and we have the LDAP plugin (This one, specifically) so we can use our Active Directory credentials.
I see this question has come up before a few years ago, but I didn't see an question dealing with LDAP in particular. Can we manage a specific AD account if we give clients one on our domain for this purpose? Alternatively, is there a way to give clients a login directly into the wiki (sort of like logging locally into the computer, instead of the domain), that we could control the access rights of?
For reference: we are on MediaWiki version 1.19.1, PHP version 5.3.15, MySQL version 5.0.96-winx64, and the installation is running on Windows Server 2008 R2 x64 (IIS 7.5).
Thanks very much for the help!
You can use local accounts in addition to the LDAP accounts to log users in. You have to set $wgLDAPUseLocal to true in your LocalSettings.php. Basically, it adds another option to the domain drop down box on the login form that says "local". Users that want to log in with a local wiki account use that. I would also disable account creation on the wiki and create accounts manually for your clients.
Regardless of whether you use local accounts or AD accounts, for page-level access control, you would have to use one of these extensions. Extension:AccessControl seems to be a popular one.
The answer to this may be a link to a good tutorial, but I've been unable to find one and it's getting rather frustrating.
I'd like to dive into the source code of DotNetNuke 5.2 which I have downloaded to a folder. I've opened up the solution that ships with it and it opens & compiles just fine.
What are the recommended steps for:
Setting up the database for this
source/compiled version of DotNetNuke?
Configuring IIS 7 (on the local
machine) to run/serve the site?
(Windows 7, VS2008, SQL-Server-2005, DotNetNuke 5.2)
FOr the setup you will follow the standard installation process, using the /website folder as the root for the configuration within IIS.
I have an installation tutorial on my blog that you can use, the specific tutorial is for 5.0.0, but the installation process is the same. The short order process is as follows.
Create a database and SQL user for the database, giving them DBO permissions
Setup a virtual directory in IIS that points to the /website folder of your dnn installation
Grant the ASP.NET worker process account full permissions to the /website folder
Navigate to the /install/installwizard.aspx page, follow the instructions and set the database values for what you specified in number 1 above.
NOTE: the use of a source version of DNN for production use is not recommended, additionally it is my personal recommendation to not modify the source, unless you are truly willing to accept that future upgrades might not be possible due to your modifications.
Expanding on Mitchel's Answer:
Create a database and SQL user for the database, giving them DBO permissions
Go into DNN/Website folder. Copy release.config and name the copy web.config
Setup a virtual directory in IIS that points to the /website folder of your dnn installation
Open the solution and compile the project
Grant the ASP.NET worker process account full permissions to the /website folder (NETWORK SERVICE)
Had to give users group read/write/modify access to the entire website folder otherwise I got some errors about file access. This is more than is necessary but it worked.
Navigate to the /install/installwizard.aspx page, follow the instructions and set the database values for what you specified in number 1 above.
Edit: This is as of version 5.2 available 2/25/2010