I am on Apex 5.1 in a hosted environment and have an application that uses a custom LDAP authentication function. It works fine when the application is running on the Production schema. I now wanted to make some changes to the schema and application, so our hosting vendor added a 'DEV' schema on same instance with exactly the same data and objects as PROD and I then exported the application and used the DEV schema as the parsing schema when I imported it back to same Workspace so I could make changes to the application without touching prod data. This set up works fine when I use the Application Express authentication and go ahead and make changes to the DEV schema and to the application, but when I try to test my changes using the custom LDAP authentication, I am getting Invalid Session thrown by DBMS_LDAP. Since both schemas are on the same oracle server, I assumed that the same LDAP function that works in PROD schema should work with the DEV schema. Looking at the custom LDAP function, there is no reference to schema owner so what am I missing? I would have assumed identical functions should function identically against the same Oracle server even though coming from 2 different schemas. Does my hosting vendor need to make sure ACLs for both schemas (PROD and DEV) are identical??
Thanks,
Pat
My guess was correct. ACLs were not set identical for both schemas. Once ACLs were adjusted, LDAP worked as expected.
Related
I am using KeyCloak as my user management tool, and love it.
The data of Keycloak is stored for me on a Postgres database. Over time, more clients are being registered, and other alterations to the realms may be done. My question is: How do I properly keep track of that, and propagate automatically changes between my different environments? For databases, I use liquibase for a purpose like this. I couldn't find anything similar for the Keycloak case.
So, I wanted to ask: How are you folks out there handling this? What am I missing?
It depends on how you're doing the management of those changes. There are generally two approaches:
Using the Keycloak admin console
Using the Keycloak CLI
If you're applying your changes via the admin console, then you can either rely on the database backup or setup a scheduled pipeline in your CI tool to make an export of the Keycloak realm into a file and archive it somewhere.
In case you're using the second approach, then you can have a git repository containing all the Keycloak CLI scripts that you run on your server (e.g. to add a client, to update a realm config, etc.). In that case, you can have them reviewed, versioned and then run as part of an automated pipeline. This will also allow you to run a script on different environments. But of course it comes with a price which is to write a script for every single task that you can typically do in admin console with a couple of clicks.
Is it possible to run AspnetBoilerplate CompanyName?ProjectName.Migrator as per environment and how?
What I can see is that it can only read settings from appsettings.json but not from appsettings.{Environment}.json for example. This is totally not affordable for CI/CD scenario where I plan to run Migrator as a part of the process.
Any help or idea would be appreciated.
Migrator gets the host connection string from its own appsettings.json file. In the beginning, it will be the same in the appsettings.json in the .Web.Host project. Be sure that the connection string in the config file is the database you want. After getting the host connection string, it first creates the host database and applies migrations if they don't already exist. It then gets the connection strings of the tenant databases and runs migrations against those databases. It skips a tenant if it does not have a dedicated database or its database has already been migrated by another tenant (for shared databases between multiple tenants).
You can use this tool on the development or on the production environment to migrate databases on deployment instead of EntityFramework's own tooling (which requires some configuration and can only work for a single database/tenant in one run).
You can refer this document related to connection string.
How do I get my dropwizard application to operate against a specified schema, a schema other than the default 'public'?
The postgres user has all privileges on schemas 'public' and 'schema1'. It should be doing a lookups on 'schema1' tables but it comes back as (tablename) doesnt exist, even though it clearly does. This is because its looking at the 'public' schema
Should this be handled on the application side i.e dropwizard hibernate config, or on the database side. How should i tackle this? Is there a standard way?
Thanks guys
The dropwizard use a yml configuration file, in this file you can configure your database connection, the correctly use is the configuration file.
This question is related to Weblogic 12c.
I have an EAR file that I want to deploy in various environments (dev, QA, pre-prod and prod). However, my application requires a username and a password (to connect to another server) and they're not the same across the four environments. I don't want to package 4 different property files in 4 different EAR files. I want a single generic EAR file. Beside, I don't want to handle the prod password during packaging.
Ideally, I'd like the admin of each environment to provide the appropriate username nad password for the environment. Unlike Tomcat, Jetty or JBoss(?), I think it's not possible for a WebLogic Admin to specify this information in a way that it will become available under the java:comp/env JNDI context.
How can an application obtain some admin-defined configuration strings from Weblogic?
BTW, it's not a username/password for a JDBC connection.
From what I understand, you need to change parameters based on the environment you are using right?
If you would like to override parameterss on the fly you can use WebLogic deployment plan concept.
Did you mean that you need to provide username/password to start-up the application?
If so, you may accomplish that by creating a script with WLST http://docs.oracle.com/cd/E15051_01/wls/docs103/config_scripting/using_WLST.html
As far as I know, the WebLogic way is to
Define your username/password as env-entry in the deployment descriptor
Deploy your application together with the plan.mxl whereas each environment admin maintains his own envrionemnt-specific version of the plan.xml
That way you get them into /comp/env/config
More details here: http://docs.oracle.com/cd/E11035_01/wls100/deployment/config.html
Only drawback known to me: plan.xml will always contain the unencrypted password but as the admin knows the password anyway and this is "his" file on "his" maschine that should be fine.
Our users' web passwords/usernames/firstname/lastname/etc are in the dbo.contacts table in our CRM. This is great for CRM and our CRM compatible apps, but I would love to query these accounts with software that can only query LDAP.
Is it possible to tell openldap, "Hey, create logins using this table*" and to update this information periodically as obviously information changes over time? My scripting-fu isn't very strong but I've worked with php and webservices and would just like to get ldap talking to this table so I can get serious with single-sign-on.
Thanks.
*This can be a live connection to the CRM db via odbc/ado, a csv file, or connection via webservices.
This has nothing to do with OpenLDAP. LDAP clients can use the add request to add entries, assuming the client's authorization state allows adding users under the base object chosen by client. There is a standalone modify client called ldapmodify. Please "LDAP: Mastering ldapmodify" for more information.
Be aware that the some versions of the openldap ldapmodify tool are broken in that it incorrectly allows values with trailing spaces (which is illegal). The directory server base 64 encodes these values, which is probably not what was intended.