Is it possible to change the settings of the Apache Authentication module in the (/system/console/configMgr) config manager? I'd like to turn off "allow anonymous access" but due to config issues the anonymous access required to access the login screen has been disabled. I'm assuming this could be done via cURL somehow?
Yes it is possible.
The following cUrl statement does the trick for me, restores the sling.auth.requirements settings and disables anonymous access.
curl -u admin:admin 'http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator' --data 'apply=true&action=ajaxConfigManager&%24location=launchpad%3Aresources%2Finstall%2F19%2Forg.apache.sling.auth.core-1.3.6.jar&auth.sudo.cookie=sling.sudo&auth.sudo.parameter=sudo&auth.annonymous=false&sling.auth.requirements=%2B%2F&sling.auth.requirements=-%2Flibs%2Fgranite%2Fcore%2Fcontent%2Flogin&sling.auth.requirements=-%2Fetc%2Fclientlibs%2Fgranite&sling.auth.anonymous.user=&sling.auth.anonymous.password=unmodified&auth.http=preemptive&auth.http.realm=Sling+(Development)&auth.uri.suffix=%2Fj_security_check&propertylist=auth.sudo.cookie%2Cauth.sudo.parameter%2Cauth.annonymous%2Csling.auth.requirements%2Csling.auth.anonymous.user%2Csling.auth.anonymous.password%2Cauth.http%2Cauth.http.realm%2Cauth.uri.suffix'
Related
I've done some research as to how to create a vHost from the HTTP API on RabbitMQ. I am brand new to RabbitMQ so I just need some basic guidance. I've seen to add a vhost you go to the admin page and there is an option for virtual hosts. However, when I am in mine, I do not have said option. I don't know if there is something else I need to install or enable but I can't seem to find anyone else with this type of issue.
You might not have the right permissions to create a vhost. Check your permissions and make sure you are logged in with a user that has the administrator tag according to this: https://www.rabbitmq.com/management.html#:~:text=and%20credential%20management.-,Tag,-Capabilities
The HTTP API documentation has an example on how to create a vhost:
$ curl -i -u USER:PASSWORD -H "content-type:application/json"
-XPUT http://localhost:15672/api/vhosts/foo
I try to fetch some data from a Microsoft Dynamics Nav WebService.
This service uses the NTML authentication.
If I open the webservice url in a browser and use the given credentials everything works fine.
For setting up the environment for the WebService Client, I used the command line to check whether everything is working fine, I was, at a specific point, unable to authenticate.
Thats the command I am using:
curl --ntlm -u "DOMAIN\USERNAME" -k -v "http://hostname:port/instance/Odata/Company('CompanyName')/Customer"
The command will prompt for the password.
I copy in the password and everything is doing fine.
But when I use this command, with the password already included, it stops working and the authentication fails:
curl --ntlm -u "DOMAIN\USERNAME:PASSWORD" -k -v "http://hostname:port/instance/Odata/Company('CompanyName')/Customer"
The password contains some special chars, so I tried to use the percent encoding, which had no effect at all.
It is very difficult to research this kind of issue. Searching for curl + ntlm authentication issues provides a lot of results, but nothing is related to this specific kind of issue.
Does anyone of you guys already had experience with this kind of issue?
I had a problem with authentication because of cookies. I solved this containing cookies in txt file and using exactly this file through all requests. For example, after login request I saved this cookies:
curl -X POST -u username:password https://mysite/login -c cookies.txt
And with next request I used this file like this:
curl -X POST -u username:password https://mysite/link -b cookies.txt
This solution worked for me, I don't know if your problem is similar, but, I think, you may try this.
I was struggling with similar issue for a long time and finally I found this curl bug report #1253 NTLM authentication fails when password contains special characters (british pound symbol £) .
NTLM authentication in cURL supports only ASCII characters in passwords! This is still the case in version 7.50.1 on Ubuntu but I tested this on many different distributions and it is always the same. This bug also will break curl_init() in PHP (tested on PHP7). The only way to solve that is to avoid non ASCII characters in NTLM authentication passwords.
If you are using Python then you are lucky. Apparently Python developers rewrote cURL implementation and it works with non ASCII characters if you use HttpNtlmAuth package.
Try with nltm flag.
Something like this:
curl -v --proxy-nltm -u 'username:password' youproxy.com:8080 someURL
from > curl --help
-x, --proxy [PROTOCOL://]HOST[:PORT] Use proxy on given port
--proxy-anyauth Pick "any" proxy authentication method (H)
--proxy-basic Use Basic authentication on the proxy (H)
--proxy-digest Use Digest authentication on the proxy (H)
--proxy-negotiate Use Negotiate authentication on the proxy (H)
--proxy-ntlm Use NTLM authentication on the proxy (H)
I try to setup an openLDAP server to manage a central addressbook which will primarily be used in MS Outlook. Still wondering, why there still is no out-of-the-box scheme implemented which provides all necessary fields, im stuck by the new cn=config backend.
I have no slapd.conf as all information is stored in the new backend. It's said, that I have to use ldapmodify to make changes to the configuration and schema-files. It is very inconvenient to me to do all the changes on CLI, I want to know, how to change the standard configuraion, to be able to make such modification with an LDAP tool of my choice on a remote machine.
At the moment, the only ways to modify the configuration are:
editing the data files while slapd is not executed
using ldapmodify with external authentication (e.g. ldapmodify -Y EXTERNAL -H ldapi:/// -f modifications.ldif)
Both methods are not what I want.
I tried to modify the config-backend-files to make it possible, but simply adding a RootPW didn't do the trick. Any help is appreciated!
It isn't
said [you] have to use ldapmodify
at all. You can use any LDAP client to modify the configuration. There are many:
JXplorer,
Userbooster,
...
Adding the olcRootPW to the entry dn: olcDatabase={0}config,cn=config should work.
If it still does not work, try to
slapcat the cn=config database to /path/to/file/slapd.conf.ldif (for example)
Modify the entry dn: olcDatabase={0}config,cn=config to add the attribute olcRootPW: YourPassword
slapadd the modified LDIF : slapadd -F /etc/ldap/slapd.d -b cn=config -l /path/to/file/slapd.conf.ldif
Every thing need to be done while slapd is stopped.
Is it possible to use {SHA} with ldappasswd? I didn't find responsible option in manual page and docs
Look for password-hash in slapd.conf(5), or for olcPasswordHash in slapd-config(5).
I know that's an old post but I found another solution for this problem.
This wolution works for ApacheDirectory servers (for org.apache implementation classes, but I think you can find interceptors for each openldap).
If you want use SHA encrypting by default when using ldappasswd you can change the interceptor implementation of password.
You have to modify following dn entry:
ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
And change the value:
ads-interceptorclassname: arg.apache.directory.server.core.hash.ShaPasswordHashingInterceptor
By default, openldap is using:
ads-interceptorclassname: org.apache.directory.server.core.hash.SshaPasswordHashingInterceptor
Command to modify:
ldapmodify -h <LDAP_HOST> -p <LDAP_PORT> -D "<ADMIN_DN>" -w "<ADMIN_PASSWORD>" <<EOF
dn: ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
changetype: modify
replace: ads-interceptorclassname
ads-interceptorclassname: org.apache.directory.server.core.hash.ShaPasswordHashingInterceptor
EOF
Then you have to restart your LDAP server. All new passwords added by ldappasswd will be in SHA and not in SSHA.
Note:
You can use another interceptor provided by Apache:
http://directory.apache.org/apacheds/advanced-ug/1.4-interceptors.html#existing-interceptors
Javadoc:
https://directory.apache.org/apacheds/gen-docs/2.0.0-M20/apidocs/org/apache/directory/server/core/hash/package-tree.html
I am attempting to use LDAP with Shibboleth. I am nearly there, but I cannot authenticate. I followed these instructions, and my login.config file contains the following:
ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host="ldap://localhost:10389" base="ou=users,ou=system"
ssl="false" userField="uid";
};
I have tried several variations of the above.
I can use TestShib to reach my IdP's login page, but always receive "Login failed. Double-check your username and password" when I attempt to authenticate.
This might be easier to debug myself if I could manage to get any authentication log messages, but I can't seem to get those working either.
Note that the following ldapsearch command works perfectly fine:
ldapsearch -h "ldap.example.com:10389" -w testpass -x -D "uid=testuser,ou=users,ou=system" -b "dc=example,dc=com" '(objectclass=*)'
If you could tell me what my problem might be, or at least how to enable logging, that would be very helpful.
I have this working locally. I have taken my working config and replaced my LDAP host and base path with yours from the question above.
ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
ldapUrl="ldap://localhost:10389"
baseDn="ou=users,ou=system"
userFilter="uid={0}";
};