I try to get information from users on a new openldap server,
I want to get the current count of login attempt,
but the only thing I get from the internet is an attribute named 'badPwdCount' but it's only for Microsoft AD.
If anybody know it, please tell m, or if is there a good documentation about the hidden attributs that we can't get with a simple '*'.
You need to install and configure the ppolicy overlay, and then query the operational attribute pwdFailureTime. The number of values of this attribute is the count of the most recent login failures. When the user logs in successfully it is cleared.
Related
I use the Clockify API to sync objects to and from our other databases.
I try to update the user image from our LDAP user repo; works fine on my own account, but when I try to update the image for someone else I get a 403.
That leads me to the conclusion that everything under /users is only available for the current user (even if the current user is admin of the workspace). If so, can that be clarified in the documentation?
https://clockify.github.io/clockify_api_docs/#tag-User
Is there a way to update user settings/profile for someone else?
That's right. By design, you can't edit other people's User Settings.
This is because the person in your workspace might have other workspaces (be it their own or someone else's). You're only someone's admin in your particular workspace, and they're free to have other workspaces beside yours.
Looks like you are right, I can't GET users/{userId} except for my own user ID. Attempting to get it for other user IDs, even those users on my team and I'm the owner/admin, gives the 403 Forbidden.
I would recommend reaching out to support#clockify.me, they may be able to fix it - or at least they can be made aware of the issue. I've had success in contacting them and they respond relatively quickly.
I have looked at many posts on this issue, but for me all the proposed solutions didnt work. I am trying to access a database with a remote user, so I am setting the connection credentials as needed. I get the error as shown in the subject of this post. I have checked all the permissions, things like that, windows/sql authentication, etc. Any quick ideas of another potential problem?
Presuming the user has the permission, and you have entered the password correctly as you say, then another thing to look at would be to ensure the user is authorized to access the database remotely.
Hi I have an issue in which a particular user always gets locked because of ldap lookup failure. We would this account shold never get locked irrespective of failure login attempts. Currently, we have mapping as below for password:
expr:user=(user)?(user):user
Now, we want a particular user (like testuser#mydomain.com) to consider some hardcoded password. i.e.
If user is testuser#mydomain.com, then it should always take the password from the mapping section otherwise..it should work as earlier. Can someone suggest the mapping/expression to achieve this?
I guess this question basically boils down to some misunderstanding that I have about how the SonarQube LDAP plugin works in general. We have integrated the LDAP plugin and our users are authenticating against our corporate LDAP server. When we we want to create a new group and add users to that group for a new project, we have assumed that the users themselves must authenticate into SonarQube first so they get added as a user to SonarQube. After that, then we are able to put them into the appropriate groups that they belong to. This is a pain for our administrators since the people that need to be added are logging in at differing times or forgetting to log in at all. What we would like is something that Nexus provides where we can do a lookup of that user's account id, then add them and place them into the appropriate group(s). In that way, the user is not bothered by having to login first and then the administrator has to give the privileges and then the user logs out and logs back in. Is this a misunderstanding on my part? I ask because when I go to the users page and click on 'Create New User' it not only asks for the user's id but also the user's password which I obviously don't know so this is telling me that this will be a local account.
By default SonarQube's LDAP plugin works like you think it does. You can configure LDAP group mapping so that when the user enrolls, he/she is automatically added to the appropriate group.
In other words, create the group for the project in SonarQube, and then create the same group in LDAP and add users to it. Then when users login for the first time they will be in the appropriate group, and on each subsequent login any group changes will be reflected in SonarQube.
This, in my opinion, is infact better than adding users manually.
I have specified the LDAP filter option as uid=${username} to get the username. I also need to get other attributes such as organization, telephone no, email etc.. I have only one LDAP store configured in my system. I know all the configuration steps to acheive it. I am struck with the LDAP filter to get those attributes. That's where I am getting error.
for eg, in order to get organization, I should give something like o=${SOMETHING}
How to provide the filter?
Please let me know.
Thanks,
Aswini J
I'm assuming you have already specified in the Assertion Mapping screen that you wish to "Retrieve Additional Attributes" and that you then added your existing LDAP Data Store.
The filter is simply used to locate a single user's record that you wish to return the associated attributes from. In the previous Admin screen (LDAP Directory Search) is where you specify the user attributes you wish to return. You simply specify your LDAP Base DN and then select the attributes from the drop-down list. You can find more information in the Admin Guide -
http://documentation.pingidentity.com/display/PF73/Configuring+an+LDAP+Directory+Search#ConfiguringanLDAPDirectorySearch-2232188
After choosing the attributes, you then get to setup your LDAP Filter where something as simple as "uid=${username}" will usually suffice. It really depends on what user identifier is coming in from your IDP Adapter and how specify that lookup needs to be. If you're using the HTMLForm Adapter, then chances are your users are entering their LDAP userID values.