LDAP different passwords for different applications - passwords

So as far as I found out it is possible to assign multiple passwords to a LDAP-user. However what I'm trying to figure out is if one could limit one password to a specific application.
As far as I'm concerned this looks like the opposite of what one would like to achieve with using LDAP, however this is my task and I'm trying to go with it.
I explicitly do no want to create seperate users but just two passwords where one logs me into let's say my homepage backend and the other into my email but not the other way around!
Is this doable? I did not find any solutions so far.

Related

Best way to log usage in VB.NET? (To a server)

I have an application but for security reasons I need to keep track of who uses it. It will be used in my company and the users will be informed that their usage will be tracked. This is because it's dealing with some sensitive information so we need to know who has accessed it.
That said, I don't know how to approach this in a secure way. The simplest way would simply be to write computer name, Ip, etc etc to a text file and upload it to a FTP file server. However for this to be possible, I need to include the authentication details in the code which, if decompiled or otherwise seen would be very dangerous.
So I was wondering if there's any good/decent approaches to doing this in VB.NET?
Thanks.
In my project i used DBManager class where i did all my DB stuff, so to keep track of what users are doing, I wrote an function that fired up every time Data was edited, inserted, deleted etc, or even User has logged in, my function Inserted new data with query (what user has done), username, date, IP and so on...
It's not perfect, but it worked and I think this method is worth to recommend.

Adding user/pass to one webpage

I am looking to add a username and password to one specific webpage I shall be creating. I have seen many guides but most either 'lock' the whole site or, alternatively, are that simple that the user and pass can be easily seen in the source.
So I need something secure that locks just one page and is also not too complex (as I would probably get lost..)
It's a html site and I just need one login for all, not different ones for different people.

LDAP Bad Search Filter

I'm using an open source software called LDAP Account Manager to manage ldap users, groups, and hosts for my company. I'm having a weird problem though, and I was hoping someone could give me an idea what's happening on the LDAP side of things as opposed to the actual software.
So here's the problem in a nutshell.
The software can find all users at the following suffix:
ou=Users,ou=Accounts,dc=xxxx,dc=com
When I try to view the details of one of these users, I get an error that says:
Bad search filter
Here's the weird part. When I add a new user, the entry appears with the other users at the same suffix.
ou=Users,ou=Accounts,dc=xxxx,dc=com
In other words, all of the users (the old ones that were already in the LDAP tree, and the new one I added, exist in the same place).
I can navigate to the new user at:
CN=User, Test,ou=Users,ou=Accounts,dc=xxxxx,dc=com
But I can't navigate to any of the existing users at this location (I get the Bad Search Filter error):
CN=Fakename, John,ou=Users,ou=Accounts,dc=xxxxx,dc=com
This seems inconsistent, and I'm trying to brainstorm what could be happening. The users exist in the same location, but I get an error when accessing some, but not others. Could this be a permissions issue, or is there something I am missing?
It sounds very much like your software has troubles encoding the , (comma) separating the name and the surname in the create command or in the search filter.

Yii: maximizing code reuse with per-user site configurations

The client I'm working for has a CMS written in Yii. Currently a part of their business is customizing the CMS to meet the specific needs of each customer. About 90% of the code is reused, essentially by copying and pasting from one directory to another. While I've been working on this project, I've had to merge changes in to the shared codebase several times.
All, or most, of these sites are hosted on the same server, and it would seem that it would make more sense to have a single login, that changed what features we showed based on the login. In some case that means overriding whole or partial views (eg, the _form.php might change from customer to customer) including the controller and model. Most of the time, it means adding a new controller for a bit of functionality written just for that client.
I've read about having both a front and backend site here: http://www.yiiframework.com/wiki/63/organize-directories-for-applications-with-front-end-and-back-end-using-webapplicationend-behavior but that doesn't seem to be the right fit (I don't want everyone coming to a different start php file, for instance)
Ideally, I'd have users log in, and get assigned a site id, which will filter data in the shared MVC objects, and will add in the ones specifically for them, or override the ones where necessary
Intuitively it seems like something like this would make sense:
Shared controllers go here:
/protected/controllers
Overrides and additions for client1 go here:
/protected/controllers/client1
or:
/protected/client1/controllers
But I'm not sure how to get Yii to do this in the most efficient and easy to manage way. Is this something that's going to work with Yii, or am I breaking it in ways unintended? If it will work, what's the best way to accomplish it so that it's clear to me six months from now, or some random developer who replaces me?
Do you know RBAM ?
With Role Based access you can profile your application in more-or-less granular way

How can I integrate users' logins from my site into phpBB?

I need some help with what is probably a newbie question in terms of modifying phpBB.
I have a whole system developed in PHP, and I would like to integrate phpBB so that people can navigate into the forums and post seamlessly, without logging in again.
Now, using the phpBB users table as the users table for my system (and having people register in phpBB instead of in my website) is not possible unfortunately (it'd take more work to redo our system than to build our own basic forum).
I'm assuming I can hack my way into making phpBB believe that a certain user ID has logged in, however, that user won't exist in phpBB's users table (which I'm assuming will cause it to error out pretty much everywhere).
All the tutorials and forum posts I could find implied having phpBB as the primary. I couldn't find anything to do it the other way around.
I'm guessing the only possible way to solve this is by having both tables relatively synchronized.
Now, provided that I can have both users table synchronized, what is the best way to integrate both sites, keeping my site's login and users table as the "primary" ones?
Also, is there anything in particular I should keep in mind when creating records in phpBB's users table? Or is it relatively straightforward to figure out? What tables should I be writing to, if there is more than one?
This is an old question so I'm sure you've worked something out by now, but if you need to refactor things in the future, this is entirely possible with authentication plugins in phpBB3:
http://wiki.phpbb.com/Authentication_plugins
I'm working on one now where phpBB is the "secondary" system, and it's going pretty well.
I just worked on this task today, after some investigation implemented an Authentication plugin Here is a good example Getting phpBB to accept Django sessions
I have integrated phpBB with a site before, however I used phpBB's login system/users table as the primary one as you said. Since phpBB is a pretty advanced forum software, it would be a pretty time consuming project to change its user and login system completely.
When I had to use the site's login as the primary one, I used PunBB. It was way simpler to modify PunBB.
If you absolutely have to use your own login as primary, and phpBB, then I agree with you in that the easiest way would be to keep the tables synchronized, and call both the login scripts when somebody logs in.
When you're inserting data into phpBB, the users table is pretty straightforward. Each entry has the basic info for a user, and if you have custom fields for the user profiles, they go into the profile_fields and profile_fields_data tables.
One tricky thing is how phpBB encrypts user passwords. I think you have to use phpBB's function called phpbb_hash($password) to do that. It's declared in the file
phpbb/includes/functions.php
For the phpBB login code, see funciton login_box in file phpbb/includes/functions.php
You can use the below to login into phpBB:
$result=$auth->login($username, $password);
if ($result['status'] == LOGIN_SUCCESS) {
echo "You're logged in";
} else {
echo $user->lang[$result['error_msg']];
}