I use ldap_bind_s to bind to ldap server.
example:
SEC_WINNT_AUTH_IDENTITY *pSecIdentity;
ldap_bind_s( pLdapConnection, // Session Handle
NULL, // Domain DN
(_TCHAR*)pSecIdentity, // Credential structure
LDAP_AUTH_NEGOTIATE)
pSecIdentity is filled with username and password.
But the problem is i want to do the same with PKI users where i dont have username and password instead a user token.
So how to proceed with this scenario.
Are there any Structure to provide usertoken instead of username/password to authenticate?
Check if this helps
Not very sure but looks promising
https://pkienthusiast.wordpress.com/2011/09/16/apache2-pki-certificate-authentication-and-ldap-authorisation-example-2/
Related
I wanted to get the access token through the postman so I can use it on my mobile app to get token.
I can use the same password and username and login through the identity server login screen.
When I used the postman, it said invalid username/password? The configuration in the database is new for the identity server 4, am I missing some configuration in identity server.
I think I missing the service.AddAspIdentity() in the configueServices function
Currently, I have 1 user have the permission to bind OpenDJ server. Then I need to verify the username and password from the end user. How can I do that?
This is the way I create the LDAP connection and bind successfully:
LdapConnection connection = new LdapConnection("opendj.mydn.com.vn");
//Set session options
connection.SessionOptions.SecureSocketLayer = false;
connection.AuthType = AuthType.Basic;
connection.Bind(new NetworkCredential("myuser", "mypassword"));
After that, I need to use this connection to verify the "user1" and "password1".
How can I query this action?
This is the configuration of OpenDJ:
Host_LDAP=opendj.mydn.com.vn
dn_LDAP=ou\=People,dc\=mydn,dc\=com
#uid_LDAP=uid\=webservice,ou\=People,dc\=mydn,dc\=com
uid_LDAP=webservice
admin_LDAP_verify_attr=uid
admin_LDAP_verify_dn=ou\=People,dc\=mydn,dc\=com
You've already done it. If the bind succeeded, the username and password were correct.
EDIT Your 'IT guy' is seriously misinformed. According to the OpenDJ configuration documentation #6.1.5, there is no real 'bind' permission. Instead:
Bind
Because this is used to establish the user's identity and derived authorizations, ACI is irrelevant for this operation and is not checked. To prevent authentication, disable the account instead. For details see Section 11.2, "Managing Accounts Manually".
[Emphasis added.]
We have a Custom developed application and I want to make a Connection with Filenet-P8 using Java API's but the problem is I want to fetch the Username and pswd from LTPA token. I do not have prior exp. with LTPA so I don't know how to achieve this?
A quick Google Search gave me the below link - but I do not have some of the info which is used in this link --> How to use the information in an LTPA token
It's been 1 week now and I am struggling to achieve the desired result. Please assist.
LTPA token does not contain password in any form. If you expected to connect to Content Engine using username/password authentication and use LTPA token as the source of the credentials, then this is not possible.
As you already have LTPA token, I assume you are operating in the environment where JAAS context has been established and you were able to authenticate to WAS where Content Engine is running (hence LTPA token was granted). If this is the case, you can simply use authenticated JAAS subject with CE com.filenet.api.util.UserContext:
// Obtain the authenticated JAAS subject
// For the code operating within WAS the below will work for already authenticated calls
Subject subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject();
UserContext.doAs(subject, new PrivilegedExceptionAction<Object>() {
#Override
public Object run() throws Exception {
// CE operations here
}
});
In Lotus Domino, when user submits the login form, we need to intercept user's username and password and relogin him/her to Domino with another username and password, according to his/her input username and password.
Is it possible?
You will need a custom login and Access it with a URL: /names.nsf?login&Redirectto=/myDb.nsf/loginredirect?OpenForm
In the loginredirect user would be logged in with the username he enters. You will have to RELOG in with the another user. see http://dominounlimited.blogspot.co.il/2008/07/automated-login-to-domino-by-http-post.html
It is possible to do this in domino but it requires you to write a DSAPI filter, which can be complicated. DSAPI filter allowes you to validate the password and go around dominos password validation.
A easier solutions is to have another authentication server which logs in the user to domino, this will involve letting the authentication server doing a POST of the login form to domino and then give the session cookie to the user.
Is it possible to Impersonate a user when using Forms Authentication?
The thing is that I want an external login for users and an internal site that just uses integrated windows security and the users need to be impersonated.
I've looked around and found that John's answer here is really good, but I don't quite get how I can mix it up with my Forms authentication.
Suggestions?
Edit
I want to have an <asp:Login /> control and this control will authenticate against an Active Directory which has the same set of users as the Windows Machine that I want to use impersonation on.
My problem is that I don't get how I can impersoante with the same username and pasword that is provided to the <asp:Login /> control.
In order for that solution to work, you'll need access to the user's id and password. I don't believe that you can get this using the Login user control; you'll need to create your own login form and handle the login actions yourself. Keep the user's id and password, preferably in a secure string, in the session once you've authenticated and when you need to access the internal site on their behalf, use the Impersonator class from the referenced example to impersonate them using the credentials.
using (var context = Impersonator.LogOn( username, password ))
{
try
{
....
}
finally
{
context.Undo();
}
}