I have problem when implemented password updating of user in AD LDS: it throws below error when calling connection.Modify().
Does anybody have experience with ADLDS and its errors?
Operations Error:00002077: SvcErr: DSID-03380736, problem 5012 (DIR_ERROR), data 8237
Code as below:
var entry = GetUserEntry(userName, AttributeList(AttributeTypes.Basic));
//create the ldap modifications
var modifications = new LdapModification[2];
var deletePassword = new LdapAttribute(application.UserPasswordAttribute, oldPassword);
modifications[0] = new LdapModification(LdapModification.DELETE, deletePassword);
var addPassword = new LdapAttribute(application.UserPasswordAttribute, newPassword);
modifications[1] = new LdapModification(LdapModification.ADD, addPassword);
//perform the modification
connection.Modify(entry.DN, modifications);
The entry.DN includes: "CN=user1,CN=Users,CN=sampleInstance,DC=local,DC=com".
By the way, I'm using SSL connection.
Related
I'm trying to get the PKCE example to work, but I keep hitting
Error code: 500
Error: invalid_request : code challenge required
Here's a sample url, it does include a code_challenge param generated with the example code.
https://login.xero.com/identity/connect/authorize
?client_id=XXX
&response_type=code
&scope=openid%20profile%20email%20offline_access%20files%20accounting.transactions%20accounting.contacts&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2F
&code_challenge=tj6n3SLd6FZ8g6jjSJYvfC--4r2PHGnpbSGTwIreNqQ
&code_challenge_method=S256
The registered app is a PKCE flow, kind of out of options what it could be.
Here's the code I use, the only changes are the last 2 lines where I launch the browser a I'm connecting from a desktop app. Tried pasting the generated url into the browser directly but that also didn't work.
XeroConfiguration xconfig = new XeroConfiguration();
xconfig.ClientId = "XXX";
xconfig.CallbackUri = new Uri("https://localhost:5001"); //default for standard webapi template
xconfig.Scope = "openid profile email offline_access files accounting.transactions accounting.contacts";
//xconfig.State = "YOUR_STATE"
var client = new XeroClient(xconfig);
// generate a random codeVerifier
var validChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._~";
Random random = new Random();
int charsLength = random.Next(43, 128);
char[] randomChars = new char[charsLength];
for (int i = 0; i < charsLength; i++) {
randomChars[i] = validChars[random.Next(0, validChars.Length)];
}
string codeVerifier = new String(randomChars);
var uri = client.BuildLoginUriPkce(codeVerifier);
Clipboard.SetText(uri);
System.Diagnostics.Process.Start("explorer.exe", $"\"{uri}\"");
I created a connection to rally using the ApiKey constructor.
Question is how do i find out the User "_ref" associated with this User ApiKey ?
rallyRestApi= new RallyRestApi(new URI(host), "myApiKey");
I tried following 2 test runs:
doing a blank query (i.e. without any setQueryFilter) on User object; it returns me all the users.
QueryRequest userRequest = new QueryRequest("User");
QueryResponse userQueryResponse = connection.query(userRequest);
JsonArray userQueryResults = userQueryResponse.getResults();
Getting owner from Workspace object >> This returns me the owner of the Workspace
You may get a current user:
GetRequest getRequest = new GetRequest("/user");
GetResponse getResponse = restApi.get(getRequest);
JsonObject currentUser = getResponse.getObject();
String currentUserName = currentUser.get("_refObjectName").getAsString();
String currentUserRef = currentUser.get("_ref").getAsString();
System.out.println("current user: " + currentUserName + currentUserRef);
I tested it with latest Rally API toolkit for Java.
I´d like to know why this code is not working. It runs without errors but rows are not inserted. I´m using C# client library.
Any ideas? Thanks!!
string SERVICE_ACCOUNT_EMAIL = "(myserviceaccountemail)";
string SERVICE_ACCOUNT_PKCS12_FILE_PATH = #"C:\(myprivatekeyfile)";
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "notasecret",
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(SERVICE_ACCOUNT_EMAIL)
{
Scopes = new[] { BigqueryService.Scope.BigqueryInsertdata, BigqueryService.Scope.Bigquery }
}.FromCertificate(certificate));
// Create the service.
var service = new BigqueryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "test"
});
Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest tabreq = new Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest();
List<Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest.RowsData> tabrows = new List<Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest.RowsData>();
Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest.RowsData rd = new Google.Apis.Bigquery.v2.Data.TableDataInsertAllRequest.RowsData();
IDictionary<string,object> r = new Dictionary<string,object>();
r.Add("campo1", "test4");
r.Add("campo2", "test5");
rd.Json = r;
tabrows.Add(rd);
tabreq.Rows = tabrows;
service.Tabledata.InsertAll(tabreq, "(myprojectid)", "spots", "spots");
I think you should add the Kind field [1]. It should be something like this:
tabreq.Kind = "bigquery#tableDataInsertAllRequest";
Also remeber that every request of the API has a response [2] with additional info to help you find the issue's root cause.
var requestResponse = service.Tabledata.InsertAll(tabreq, "(myprojectid)", "spots", "spots");
[1] https://developers.google.com/resources/api-libraries/documentation/bigquery/v2/csharp/latest/classGoogle_1_1Apis_1_1Bigquery_1_1v2_1_1Data_1_1TableDataInsertAllRequest.html#aa2e9b0da5e15b158ae0d107378376b26
[2] https://cloud.google.com/bigquery/docs/reference/v2/tabledata/insertAll
I am trying to connect to oracle DB .
I want to retrieve list of passwords from data base using the authentication query. Here is my sample shiro.ini file:
# password matcher
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher.passwordService = $passwordService
# datasource
ds = oracle.jdbc.pool.OracleDataSource
ds.URL = jdbc:oracle:thin:#matrix-oracle11g:1521:dev11g
ds.user = cit1am
ds.password = cit1
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT USR_PSWD FROM USR
jdbcRealm.credentialsMatcher = $passwordMatcher
jdbcRealm.dataSource = $ds
securityManager.realms = $jdbcRealm
[users]
[roles]
[urls]
Sample code snippet of login:
public class Quickstart {
private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB container!!!)
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
try{
// let's login the current user so we can check against roles and permissions:
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("cit1am", "cit1") ;
token.setRememberMe(true);
try {
currentUser.login(token); //problem occurs here
log.info("inside try block ==========>>" );
}
catch (UnknownAccountException uae) {
log.info("There is no user with username of " + token.getPrincipal());
}
I am getting following error:
[main] ERROR org.apache.shiro.realm.jdbc.JdbcRealm - There was a SQL error while authenticating user [cit1am]
java.sql.SQLException: Invalid column index
at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)
at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:199)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:263)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:271)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:445)
Please suggest what i am doing wrong?
After debugging more i found issue with my code and sql query in .ini file.
I changed following in .INI file
jdbcRealm.authenticationQuery = SELECT USR_PSWD FROM USR where USR_NM = ?
Also commented
#cm = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
#jdbcRealm.credentialsMatcher = $cm and removedconfiguration related to password matcher
I also removed role and permission check from java code.
As i have just started with shrio it's bit difficult to understand flow at start.
Though it can help some one in future.
Thanks
I'm trying to write a small script to set all users images to their AD image, I did some jumping around in ILSpy and found out what to set using the TFS Server API, however the code needs to be a bit different because I'm using the client API instead.
The code I have below can succesfully iterate through all the users in tfs, look them up in AD, grab the thumbnail, set the property on the TFS identity. But I can't for the life of me figure get the extended property to save back into TFS.
The code doesn't exception, but the property isn't set to the value I set it to when I next run the application.
Does anyone know the way to save extended properties via the client api?
Microsoft.TeamFoundation.Client.TeamFoundationServer teamFoundationServer = new Microsoft.TeamFoundation.Client.TeamFoundationServer("{URL TO TFS}");
FilteredIdentityService service = teamFoundationServer.GetService<FilteredIdentityService>(); ;
IIdentityManagementService2 service2 = teamFoundationServer.GetService<IIdentityManagementService2>();
foreach (var identity in service.SearchForUsers(""))
{
var user = UserPrincipal.FindByIdentity(new PrincipalContext(ContextType.Domain), identity.UniqueName);
if (user == null) continue;
var de = new System.DirectoryServices.DirectoryEntry("LDAP://" + user.DistinguishedName);
var thumbNail = de.Properties["thumbnailPhoto"].Value as byte[];
identity.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.Data", thumbNail);
identity.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.UploadDate", DateTime.UtcNow);
service2.UpdateExtendedProperties(identity);
}
Figured it out, needed to set some additional properties.
Microsoft.TeamFoundation.Client.TeamFoundationServer teamFoundationServer = new Microsoft.TeamFoundation.Client.TeamFoundationServer("http://urltotfs");
FilteredIdentityService service = teamFoundationServer.GetService<FilteredIdentityService>(); ;
IIdentityManagementService2 service2 = teamFoundationServer.GetService<IIdentityManagementService2>();
foreach (var identity in service.SearchForUsers(""))
{
var user = UserPrincipal.FindByIdentity(new PrincipalContext(ContextType.Domain), identity.UniqueName);
if (user == null) continue;
var de = new System.DirectoryServices.DirectoryEntry("LDAP://" + user.DistinguishedName);
var thumbNail = de.Properties["thumbnailPhoto"].Value as byte[];
identity.SetProperty("Microsoft.TeamFoundation.Identity.Image.Data", thumbNail);
identity.SetProperty("Microsoft.TeamFoundation.Identity.Image.Type", "image/png");
identity.SetProperty("Microsoft.TeamFoundation.Identity.Image.Id", Guid.NewGuid().ToByteArray());
identity.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.Data", null);
identity.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.UploadDate", null);
service2.UpdateExtendedProperties(identity);
}