I have a little question w.r.t MFP Client
Does Mobilefirst Client (ie MFP CLI) has built-in LDAP configuration (or) if not can LDAP be included by any means ?
LDAP is a protocol: http://www.gracion.com/server/whatldap.html
It is not related to the CLI, which is just a bunch of command-line commands to make operations that are specific to MFP. LDAP is not specific to MFP.
You can integrate with LDAP. Read more here: http://www-01.ibm.com/support/knowledgecenter/search/ldap?scope=SSHS8R_7.1.0
Related
My scenario is that we have a centralized Opendj in cloud and we want to sync(pull) the Directory data from this Opendj to an Openldap instance running in same cloud.
I am trying to achieve this by using syncrepl by configuring Openldap slapd.conf file. In the file
provider ldap://opendjendpoint.my.org:389 is Opendj
syncrepl rid=1
provider=ldap://opendjendpoint.my.org:389
type=refreshOnly
interval=00:00:05:00"
searchbase="o=my.org,c=us"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=syncuser,o=my.org,c=us"
credentials=somepass
Question is though opendj runs an LDAP server, but using syncrepl in openldap can I connect to it.
My thought is that openldap can connect only with RFC4533 implementations(LDAP sync Protocol) and opendj does not implement it. Can somebody provide input on this?
As you've noticed OpenDJ doesn't implement RFC4533 which is an experimental RFC. But when replication is enabled, all changes can be retrieved via LDAP (subject to access controls), from the cn=changelog suffix. Synchronization tools such as LSC Project can consume these changes and replay them against other LDAP servers.
I am working on ionic 3 with MobileFirst 8.x in it. To connect server I have configured URL in config.xml file.
Is there any way to change server URL dynamically while using application?
URL change occurs only once and after that we will connect the services which are secure under any scopes.
MobileFirst server version :- 8.0.0.00-20170911-123510
MobileFirst Cordova(plugin) version :- 8.0.2017102403
I can see that provision was there in MobileFirst 7.x :-
https://mobilefirstplatform.ibmcloud.com/blog/2015/02/02/changing-server-url-runtime/
Yes. Use the WL.App.setServerURL to achieve this. Usage details here
You have not mentioned why you intend to use the API. This API comes handy in development environments. For example, switching between dev or staging server instances.
Important points to note:
1) As this API points the client application to a new server, client id associated with the earlier server is reset. The application will register fresh to the new server.
2) Authentication contexts created by the earlier server is reset. You will be challenged again by the new server.
You should use this API judiciously and with caution.
Trying to setup private Dropbox-like service in our company.
I chose the NextCloud for that, installed it on Ubuntu server as per documentation. Now I want to configure the LDAP authentication but that option is not available on the admin pages.
This is the first time I ever tried NextCloud. What am I missing, is that a paid-for feature?
Do you have the php ldap module? If not try something like apt-get install php5-ldap.
NextCloud should have a setup form for the LDAP integration. Then you just put in the server information and credentials for the ldap. A free test ldap that is available for testing at Btech Online ldap.
The scenario is: from within a MobileFirst hybrid app, I need to show PDFs that will be residing on the server. For security reasons, I wouldn't like to just protect them by HTTP authentication (in Apache that I use as a reverse proxy to TomCat running MobileFirst).
What would be the simplest way to protect static resources by MobileFirst 8 authentication? Can I just configure TomCat to utilize it or do I have to code anything in Java? Processing them all the way through adapters (incl. base64-encoding) looks unnecessarily complicated to me.
You should save your files in a "resources server". You can protect this server with a confidential client in MobileFirst Foundation 8.0.
Read more about this, here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/confidential-clients/
But yes, this will require you to implement some code.
We are running WebSphere Application Server v8.5 on AIX 7, which we configured to use ldap security. Everything is working fine, but project went halt for some time and our WAS was down. Now we see that ldap cerficates were expired, hence we are unable to connect to dmgr & admin console. Can somebody help to resolve it?
We know how to configure ldap on WAS, but dont no how to change expired ldap cerficate with new cerficates. (We received new non-expiry certificates from ldap team but dont no how to configure it on WAS).
You need to disable security, restart dmgr, replace certificates and reenable security.
To disable security:
stop/kill the dmgr
run the following from the dmgr\bin folder:
wsadmin -conntype NONE
At the wsadmin prompt, type securityoff and then type exit.
Restart your dmgr.
UPDATE
Do you have Federated or Standalone Ldap configured? You should have in LDAP configuration link to SSL configuration. There you will need to add your new certificate to the Signers store (this is very simplified description as I'm not sure which repository you are using).