How do I configure LDAP plugin for SonarQube Server? - ldap

I am trying to set the correct values for LDAP properties of a SonarQube Server. I am having difficulty finding a resource that explains the list of possible values for these properties, and understand which one to use in which scenario?
I am referring to https://docs.sonarqube.org/display/PLUG/LDAP+Plugin
For example,
Property1: ldap.user.request
Default_Value: (&(objectClass=inetOrgPerson)(uid={login}))
Example for AD: (&(objectClass=user)(sAMAccountName={login}))
Here what are all the possible values for objectClass?
When do i use value inetOrgPerson?
When do I use value user?
When do I use uid?
When do I use sAMAccountName? What does it mean?
There are several other properties like memberAttribute , idAttribute which I dont understand.
Is there a guide available which describes ALL ldap properties and ALL their possible values? I tried searching on LDAP.com, openldap.org but couldnt find relevant answers.

This is what i use as my LDAP configuration in the conf file.
Hope that helps you make a good start.
# LDAP configuration
# General Configuration
sonar.security.realm: LDAP
sonar.security.savePassword: true
sonar.authenticator.createUsers: true
sonar.security.localUsers: admin,sonar-build
ldap.url: ldap://ipadress:389
ldap.bindDn: CN=SonarUser,OU=Service Accounts,DC=domain,DC=com
ldap.bindPassword: {aes}xxx
# User Configuration
ldap.user.baseDn: DC=domain,DC=com
ldap.user.request: (&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute: cn
ldap.user.emailAttribute: mail
# Group Configuration
ldap.group.baseDn: DC=domain,DC=com
ldap.group.request: (&(objectClass=group)(memberUid={uid}))

Related

Setting LicenseType property of Azure SQL Database to enable Azure Hybrid Use Benefit (AHUB) using Terraform?

Using Terraform, how do I set the Azure SQL Database (and Azure Elastic Pool) LicenseType property to enable Azure Hybrid Use Benefit (aka AHUB, aka AHB)?
Here's an example using Powershell:
# Azure SQL Database:
Set-AzSqlDatabase -DatabaseName $sqlDb.DatabaseName -ResourceGroupName $sqlDb.ResourceGroupName -ServerName $sqlDb.ServerName -LicenseType "BasePrice"
# Azure SQL Database Elastic Pool:
Set-AzSqlElasticPool -ElasticPoolName $elasticPool.elasticPoolName -ResourceGroupName $elasticPool.ResourceGroupName -ServerName $elasticPool.ServerName -LicenseType "BasePrice"
The property is easily set using Az CLI too.
This is a very important property (from a cost perspective) and I cannot find mention of it anywhere in the context of Terraform.
Thanks!
From Terraform documentation
license_type - (Optional) Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
Here is the link
https://www.terraform.io/docs/providers/azurerm/r/mssql_elasticpool.html#license_type
Why does it seem LicenseIncluded = the "Save Money" box being unchecked. I would have thought LicenseIncluded would have add the box checked and BasePrice would be unchecked, but in practice it is the opposite.
Hashicorp's site doesn't make this setting clear. The setting description is present, but the expanded description of the possible values is not. Combining Hashicorp's site with Microsoft's, we get:
license_type - (Optional) Specifies the license type applied to this database. Possible values are:
'LicenseIncluded' if you need a license
'BasePrice' if you have a license and are eligible for the Azure Hybrid Benefit
Sources:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database#license_type
https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.management.sql.models.database.licensetype?view=azure-dotnet

Spring Cloud Server serving multiple property files for the same application

Lets say I have applicationA that has 3 property files:
-> applicationA
- datasource.properties
- security.properties
- jms.properties
How do I move all properties to a spring cloud config server and keep them separate?
As of today I have configured the config server that will only read ONE property file as this seems to be the standard way. This file the config server picks up seems to be resolved by using the spring.application.name. In my case it will only read ONE file with this name:
-> applicationA.properties
How can I add the other files to be resolved by the config server?
Not possible in the way how you requested. Spring Cloud Config Server uses NativeEnvironmentRepository which is:
Simple implementation of {#link EnvironmentRepository} that uses a SpringApplication and configuration files located through the normal protocols. The resulting Environment is composed of property sources located using the application name as the config file stem (spring.config.name) and the environment name as a Spring profile.
See: https://github.com/spring-cloud/spring-cloud-config/blob/master/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/environment/NativeEnvironmentRepository.java
So basically every time when client request properties from Config Server it creates ConfigurableApplicationContext using SpringApplicationBuilder. And it is launched with next configuration property:
String config = application;
if (!config.startsWith("application")) {
config = "application," + config;
}
list.add("--spring.config.name=" + config);
So possible names for property files will be only application.properties(or .yml) and config client application name that is requesting configuration - in your case applicationA.properties.
But you can "cheat".
In config server configuration you can add such property
spring:
cloud:
config:
server:
git:
search-paths: '{application}, {application}/your-subdirectory'
In this case Config Server will search for same property file names but in few directories and you can use subdirectories to keep your properties separate.
So with configuration above you will be able to load configuration from:
applicationA/application.properies
applicationA/your-subdirectory/application.properies
This can be done.
You need to create your own EnvironmentRepository, which loads your property files.
org.springframework.cloud.config.server.support.AbstractScmAccessor#getSearchLocations
searches for the property files to load :
for (String prof : profiles) {
for (String app : apps) {
String value = location;
if (app != null) {
value = value.replace("{application}", app);
}
if (prof != null) {
value = value.replace("{profile}", prof);
}
if (label != null) {
value = value.replace("{label}", label);
}
if (!value.endsWith("/")) {
value = value + "/";
}
output.addAll(matchingDirectories(dir, value));
}
}
There you could add custom code, that reads the required property files.
The above code matches exactly the behaviour described in the spring docs.
The NativeEnvironmentRepository does NOT access GIT/SCM in any way, so you should use
JGitEnvironmentRepository as base for your own implementation.
As #nmyk pointed out, NativeEnvironmentRepository boots a mini app in order to collect the properties by providing it with - sort of speak - "hardcoded" {appname}.* and application.* supported property file names. (#Stefan Isele - prefabware.com JGitEnvironmentRepository ends up using NativeEnvironmentRepository as well, for that matter).
I have issued a pull request for spring-cloud-config-server 1.4.x, that supports defining additional file names, through a spring.cloud.config.server.searchNames environment property, in the same sense one can do for a single springboot app, as defined in the Externalized Configuration.Application Property Files section of the documentation, using the spring.config.name enviroment property. I hope they review it soon, since it seems many have asked about this feature in stack overflow, and surely many many more search for it and read the currently advised solutions.
It worths mentioning that many ppl advise "abusing" the profile feature to achieve this, which is a bad practice, in my humble opinion, as I describe in this answer

Where to put common variables for groups in Ansible

We have some scripts to help us set up VPCs with up to 6 VMs in AWS. Now I want to log in to each of these machines. For security reasons we can only access one of them via SSH and then tunnel/proxy through that to the other machines. So in our inventory we have the IP address of the SSH host (we call it Redcarpet) and some other hosts like Elasticsearch, Mongodb and Worker:
#inventory/hosts
[redcarpet]
57.44.113.25
[services]
10.0.1.2
[worker]
10.0.5.77
10.0.1.200
[elasticsearch]
10.0.5.30
[mongodb]
10.0.1.5
Now I need to tell each of the groups, EXCEPT redcarpet to use certain SSH settings. If these were applicable to all groups, I would put them in inventory/group_vars/all.yml, but now I will have to put them in:
inventory/group_vars/services.yml
inventory/group_vars/worker.yml
inventory/group_vars/elasticsearch.yml
inventory/group_vars/mongodb.yml
Which leads to duplication. Therefore I would like to use an include or include_vars to include one or two variables from a common file (e.g. inventory/common.yml). However, when I try to do this in any of the group_var files above, it does not pick up the variables. What is the best practice to use with variables that are common to multiple groups?
If you want to go with the group_vars approach, I would suggest you add another group, and add the dependent groups as children to that group.
#inventory/hosts
[redcarpet]
57.44.113.25
[services]
10.0.1.2
[worker]
10.0.5.77
10.0.1.200
[elasticsearch]
10.0.5.30
[mongodb]
10.0.1.5
[redcarpet_deps:children]
mongodb
elasticsearch
worker
services
And now you can have a group_vars file called redcarpet_deps.yml and they should pickup the vars from there.

ApacheDS - cannot verify the quality of the non-cleartext passwords

I'm getting cannot verify the quality of the non-cleartext passwords error while trying to add an entry into my organizationalUnit. I use MD5 hashing method while storing password. (with userPassword attribute)
A blog post says the solution is adding ads-pwdcheckquality attribute with value of 0; but it didn't work for me. And also while trying to add this attribute; it gives a warning like this:
You don't need to add a new attribute, you need to edit the server configuration and restart:
1-Open config.ldif in the server folder, search for the string:
ads-pwdcheckquality: 2
and change it to:
ads-pwdcheckquality: 0
2-After that, restart the server and try again. The solution worked for me.

Cannot connect to AD using LDAP (VB.Net)

I'm writing code to connect to my Active Directory server using LDAP. I can connect using
LDAP://celtestdomdc1.celtestdom.local
but I can't connect using
LDAP://celtestdomdc1.celtestdom.local/CN=Users;DC=celtestdom
Am I using the wrong syntax or something?
Your LDAP string is wrong - use:
LDAP://celtestdomdc1.celtestdom.local/CN=Users,DC=celtestdom,DC=local
or even this (server-less binding - goes to the default DC)
LDAP://CN=Users,DC=celtestdom,DC=local
First, the parts need to be separated by comma (,) not semicolon - and second, you need to use the DC=.... for all DNS-parts of your domain.
<shameless plug>
Also you might want to look at my ADSI browser called Beavertail which is written in C# and 100% free and open-source. It will show you what your domain tree looks like and what the valid LDAP paths are.
</shameless plug>