I am unable to connect with database using psycopg2 module. This may be due to the # character needing escaping, but I have already tried this. Also, it could be related to my password having the "/" character, or the hostname having the "-" character, and I don't know how to escape it (I've already tried escaping using %2f and %2D).
This is the code I have tried with a edited password, so you can see the "special" characters it has, and also the "-" characters in the hostname. Most likely I am doing this wrong.
engine = create_engine('postgresql://username:asd/32foo/T123%40sql-is-a232#sql-is-a232.database.windows.net:5432/database')
The username here is: username,
The password here is: asd/32foo/T123,
The hostame (I think this is) here is: sql-is-a232,
The server here is: sql-is-a232.database.windows.net,
The database name here is: database.
Any help would be greatly appreciated!
Please reference this document: Database Urls:
As the URL is like any other URL, special characters such as those that may be used in the password need to be URL encoded. Below is an example of a URL that includes the password "kx%jj5/g":
postgresql+pg8000://dbuser:kx%25jj5%2Fg#pghost10/appdb
The encoding for the above password can be generated using urllib:
>>> import urllib.parse
>>> urllib.parse.quote_plus("kx%jj5/g")
'kx%25jj5%2Fg'
Examples for common connection styles follow below. For a full index of detailed information on all included dialects as well as links to third-party dialects, see Dialects.
Hope this helps.
Related
Am working on anypoint studio 6.6.8 with runtime 3.9.4EE.
I have the following mssql generic database connection string.
jdbc:sqlserver://ABC.org:59000;databaseName=master;username=nrp;password=*37n%3b#wu;5r:;_1z~(f{1y{j
Test connection gives me the following error:
Test connection failed:
org.mule.module.db.internal.domain.connection.ConnectionCreationException: Cannot get connection for URL jdbc:sqlserver://ABC.org:59000;databaseName=master;username=nrp;password=<<credentials>>;5r:;_1z~(f{1y{j: The connection string contains a badly formed name or value
PS: I have 2 semi colons in password
I have seen similar question raised here earlier a few times, hence my question might look repetitive.
however I tried the following solutions given in the replies. none of them worked. Please let me know if you have any alternate solution.
Enclosing the password in single quotes.
adding \ in front of ;
Enclosing password within double quotes or {}
Am not the admin hence removing ; from password cannot be done.
The connection string is in a format known as JAVA JDBC URL. It is similar to a normal URL. Many characters are not allowed in URLs and have to be encoded with the URL encoding method. Try using URL encoding for the entire URL. You can do it with most languages or online pages, though you might want to avoid public pages for sensitive information like passwords.
Example in Groovy: https://stackoverflow.com/a/10187493/721855.
Example in Python: https://stackoverflow.com/a/5607708/721855.
Thank you #aled
So the {} did work. I was doing it the wrong way.
I was encrypting the password & later concatenating {} to the decrypted password right b4 passing the connection string.
What worked was that I enclosed the password in {} first & then encrypted it.
I'm trying to authorize a user depending on his group membership.
Apache is configured as follows:
AuthLDAPURL "ldap://DOMAIN.COM/DC=FOO,DC=COM?CN?SUB?(objectClass=user)" NONE
AuthLDAPBindDN "CN=..."
AuthLDAPBindPassword "..."
Require ldap-group CN=\#\#SOMETEXT,OU=GSI,OU=DMM,OU=DDSIS,OU=Admin_Exchange,DC=DOMAIN,DC=com
The problem comes from the two hashes that appear in the CN.
I tried with and without quotes, with two backslashes and no backslashes, URL encode, but nothing worked.
I always get the following error message.
[Thu Feb 13 18:40:56.728349 2020] [authnz_ldap:debug] [pid 17154]
mod_authnz_ldap.c(922): [client 10.255.180.148:65050] AH01719:
auth_ldap authorize: require group
"CN=##SOMETEXT,OU=GSI,OU=DMM,OU=DDSIS,OU=Admin_Exchange,DC=DOMAIN,DC=com": didn't match with attr Comparison complete [member][34 - Invalid DN
syntax]
When i remove the hashes, i get a no such object error, that confirms the problem comes from the hashes.
EDIT:
As suggested in the answer, I tried to write the octal representation of the hash character \43 but it gave me the exact same error:
"CN=##SOMETEXT, ...Invalid DN syntax]
So that doesn't seem to change what Apache sends to LDAP
You typically can get around these type of issues with something like:
CN=\23\23SOMETEXT,OU=GSI,OU=DMM,OU=DDSIS,OU=Admin_Exchange,DC=DOMAIN,DC=com
As described in RFC 4514 and Characters to Escape
However, different applications may be trying to parsing these parameters for you and may interfere with the escaping process.
The RIGHT thing to do is rename the group.
The problem you are encountering will persist with other application in the future. Best Practices for LDAP imply all Relative Distinguished Names be "URL Safe" and not require escaping.
You will need to escape the string according to RFC 4515 String Representation of Search Filters
Generally, you need to escape the items listed in RFC 4515 String Representation of Search Filters and I would suggest, also any non-UTF8 character.
I also found some methods that may be helpful to get you started.
I believe the proper escaped value you are trying to find is: All in 463"567y\5c22"\c2\a4&/2#%&! Test Group
Finally, quit it. Start populating a searching for Description or some other non-naming attribute. (any attribute that is not part of the DN) Make your DNs never changing. No user should ever see a DN which should be only a path to an entry. You will have issues with many "off-the-shelve" tools if you continue this practice.
I tried and was not even able to create an entry in two different vendors' tools.
I have looked at various solutions and am familiar with using the \ as an escape character. Im in a situation where I need to pass credentials over pyodbc and in making my connection string I need to pass credentials, unfortunately my username is in the format domain\username . I am continually getting errors because the literal string passed to SQL server is domain\username. I have seen a similar question on here trying to figure this out for url requests. I tried implementing it and I end up with the same error once the actual credentials are decoded. I've tried all kinds of string and raw string tricks best I can get is either '\ ' (with space behind it) or '\\' being literally passed to SQL Server. Any ideas?
#username and password is an argument passed from the console, lets just focus on username issue
username = bytes(sys.argv, 'utf8')
credentials = base64.b64encode(usename, altchars = bytes('\ ', 'utf8') )
cnxnstrng = f'''Driver={SQL Server};
Server=server;
Database=database};
UID={base64.b64decode(credentials)};
PWD=password'''
I wanted to give Bareos (Open Source Data Protection) a go to see how it works and performs. However I cannot even get past the basic installation and get it working...
I followed the following installation tutorial (several times now): https://www.svennd.be/installing-bareos-on-centos-7/
But I am getting every time the following error: Sorry, can not authenticate. Wrong username and/or password.
I don't understand what I am doing wrong. I even tried using the previous version of Bareos 16.2, but that didn't make a difference and I experience the same issue. I am 200% sure the password and username are correct.
I also consulted the logs:
17-Mar 13:00 bareos-dir JobId 0: Fatal error: Authorization key rejected by Console USERNAME.
Please see http://doc.bareos.org/master/html/bareos-manual-main-reference.html#AuthorizationErrors for help.
17-Mar 13:00 bareos-dir: ERROR in authenticate.c:283 Unable to authenticate console "USERNAME" at client:127.0.0.1:9101
I checked that page (also several times) and even made sure the (user)names/passwords were correct. But still I get the message "Sorry, can not authenticate. Wrong username and/or password." when I try to login on "bareos-webui".
Probably I am doing something wrong, but I cannot disover what.
I have the following files available. Maybe I need to make certain changes to those as well?
/etc/bareos/bareos-dir.d/director/bareos-dir.conf
/etc/bareos/bareos-fd.d/director/bareos-dir.conf
/etc/bareos/bareos-sd.d/director/bareos-dir.conf
/etc/bareos/bconsole.conf
/etc/bareos/bareos-sd.d/storage/bareos-sd.conf
/etc/bareos/bareos-dir.d/client/bareos-fd.conf
/etc/bareos/bareos-dir.d/job/backup-bareos-fd.conf
When I compared some files, they have different passwords in them?
For example: /etc/bareos/bareos-fd.d/director/bareos-dir.conf
Director {
Name = bareos-dir
Password = "J36zN1mQVF5lLA/FP0kASo+X9wTo8D988nsVqZjx"
Description = "Allow the configured Director to access this file daemon."
}
And /etc/bareos/bareos-sd.d/director/bareos-dir.conf
Director {
Name = bareos-dir
Password = "PAU/ov3RvnFp0I59brd4d8u9m8ejRpkVE7P/4Qz3"
Description = "Director, who is permitted to contact this storage daemon."
}
And (one more example): /etc/bareos/bconsole.conf
# Bareos User Agent (or Console) Configuration File
Director {
Name = bareos-dir
address = localhost
Password = "Fs5JnyO1ypBhcR0D9CNkx3gynPMa+jmp7sj9Ghst"
Description = "Bareos Console credentials for local Director"
}
They all have different passwords here? As I understand it, from the online docs, they should all be the same, right?
Maybe that's the issue? Hopefully someone can explain things a bit better or advice me what to do in order to get this working... Maybe it's something simple that I may overlooked?
FYI: I whitelisted all IP's and ports I use on this server.
//small edit
I re-read the documents once again and it says: "The default configuration files are automatically defined for correct authorization with random passwords. If you add to or modify these files, you will need to take care to keep them consistent."
So if I didn't change a thing, it should have worked in the first place, right? So I think something else is wrong here?
Well I finally found the issue...
Apparently my username or password was to difficult for Bareos to accept.
Don't know exactly which one it was, but either username or password caused issues.
I used as a username something like:
BCKPserver
And the password I used was similar to:
!!!!RNDpassW222####
For some reason Bareos saved the password (in the console) and was displayed correctly in the configuration files, HOWEVER it didn't allow me to login on the bareos-webui!
Solved. Hopefully this will help someone else.
I have implemented a java code which connects to the given host ip with username and password of the AD server.(using JNDI)
Now when I use a username which has no special character it works fine. But when I use symbols like $, #, &, etc in the username it gives me Auth. Error.
I am surprised to see this because &,$, and # are not used in userdn format by AD.
Can anyone explain what the problem and what can be the solution for this.
Thanks
I cannot be sure (I have very little information to judge), but there may be a problem with the "7-bit-check-plugin". It is a LDAP plugin, which is responsible for rejection of data that are coded with more than 7 bits. This includes characters as %, $, # as well as some German characters, middle and east European characters, etc.
Please try to check if you have enabled 7-bit-check-plugin. If so, try to disable it and use that data again.