Apache Directory studio ldap bind from php - apache

I am new to Apache Directory Studio and ldap. I am running a ldap server from Apache Directory studio. I have a user in ldap and i am trying to bind to the uid from a php script.Not sure where i am going wrong.
I am using username as "uid=admin,ou=user"
password as "secret"
I also tried username as "uid=arone_a,ou=users,dc=example,dc=com"
and password as "password"
Password attribute was set manually and arone_a is the user uid.
I am trying to write a php script which can pull all users in the ldap server.
Thanks in advance.
My PHP script is:
$ldaphost = "localhost";
$ldapport = 10389;
$ldaprdn='uid=admin,ou=system';
$ldappass='secret';
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if($ldapconn)
{
$ldapbind=ldap_bind($ldapconn,$ldaprdn,$ldappass);
if($ldapbind)
{
echo "success";
}
else
{
echo "not success";
}
}
Connection goes through but bind is not going through.

I was having a similar issue and the problem was that I added to the userPassword attribute an additional param specifying the language, resulting in userPassword;lang-ca-ES (the wizard shows a form to add it).
That provoked that using Apache Directory Studio the "Verify" was working good, but it failed in the "Bind" check (you can do both in the password editor, double clicking the userPassword attribute.
I finally left userPassword without additional attributes and it binded perfectly :)

Just add the ldap set option, it worked for me
<?php
$ldaphost = "localhost";
$ldapport = 10389;
$ldaprdn='uid=admin,ou=system';
$ldappass='secret';
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if($ldapconn) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapbind=ldap_bind($ldapconn,$ldaprdn,$ldappass);
if($ldapbind) {
echo "success";
} else {
echo "not success";
}
}
?>

The simple BIND request requires the DN, not the RDN. Should your BIND DN be something like uid=admin,ou=system,dc=example,dc=com?
see also
LDAP: Authentication best practices
LDAP: Programming practices

Related

Is there a way to allow a user to change it's own password on Hashicorp's Vault UI

I wanted to let users change their own password within HashiCorp's Vault (assuming, we're using userpass auth).
I don't find any way to do so. Can anyone Help?
I believe this link has your answer.
It would look something like this
path "auth/userpass/users/{{identity.entity.aliases.auth_userpass_6671d643.name}}" {
capabilities = [ "update" ]
allowed_parameters = {
"password" = []
}
}
where auth_userpass_6671d643 is the mount of your userpass authentication and can be retrieved via vault auth list command.
To make it possible to not create different policy for each user, it might be handy to use next policy:
path "auth/userpass/users/{{identity.entity.name}}" {
capabilities = [ "update" ]
allowed_parameters = {
"password" = []
}
}
It also requires admins to change entity names for each user to be equal to the username (lower-cased), but it looks more handy then another solutions.

Groovy URL getText() returns a PasswordAuthentication instance

I am trying to download the content of a password-protected Gerrit URL in a Jenkins pipeline Groovy script. HTTPBuilder is not accessible so I am using the URL class with Authenticator:
// To avoid pipline bailing out since data PasswordAuthentication is non-serializable
#NonCPS
def getToString(data) {
data.toString()
}
def fetchCommit(host, project, version) {
withCredentials([usernamePassword(credentialsId: 'my-credentials',
usernameVariable: 'user',
passwordVariable: 'PASSWORD')]) {
proj = java.net.URLEncoder.encode(project, 'UTF-8')
echo "Setting default authentication"
Authenticator.default = {
new PasswordAuthentication(env.user, env.PASSWORD as char[])
} as Authenticator
echo "https://${host}/a/projects/${proj}/commits/${version}"
url = "https://${host}/a/projects/${proj}/commits/${version}".toURL()
result = getToString(url.getText())
echo "${result}"
}
}
The result is a PasswordAuthentication instance, and not the expected data:
[Pipeline] echo
java.net.PasswordAuthentication#3938b0f1
I have been wrestling with this for a while. I have tried different ways to setup the authentication and reading the data, but those mostly end up with an exception. Using eachLine() on the url does not enter the closure at all. The job also exits far to quickly, giving the impression it not even tries to make a connection.
Refs:
https://kousenit.org/2012/06/07/password-authentication-using-groovy/

Debug Apache 2.4 PerlAuthenHandler

I am trying to debug a problem that occured after an apache upgrade. I want to integrate redmine into my apache authentification/access control.
Here is my apache config:
<Location "/git/">
AuthType Basic
AuthName "Git Access"
Require valid-user
Order deny,allow
Allow from all
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
...
And this is the access/authen handler:
sub access_handler {
my $r = shift;
unless ($r->some_auth_required) {
$r->log_reason("No authentication has been configured");
return FORBIDDEN;
}
return OK unless request_is_read_only($r);
my $project_id = get_project_identifier($r);
$r->log_error("Setting Auth to OK") if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
$r->log_error("Content: " . $r->get_handlers("PerlAuthenHandler"));
$r->set_handlers(PerlAuthenHandler => [\&ok_authen_handler])
if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
return OK
}
sub ok_authen_handler {
my $r = shift;
$r->log_error("ok_authen_handler()...");
my ($res, $redmine_pass) = $r->get_basic_auth_pw();
return OK;
}
sub authen_handler {
my $r = shift;
$r->log_error("authen_handler() ...");
my ($res, $redmine_pass) = $r->get_basic_auth_pw();
return $res unless $res == OK;
if (is_member($r->user, $redmine_pass, $r)) {
$r->log_error("Auth succeeded");
return OK;
} else {
$r->log_error("Auth failed...");
$r->note_auth_failure();
return DECLINED;
}
}
As you can see, the access handler resets the auth handler to some dummy method in case the authentication is not needed. In theory, this allows for selective anonymous access.
In practice, though apache 2.4 yields an error:
AH00027: No authentication done but request not allowed without authentication for $PATH. Authentication not configured?
I already nailed the problem to the hack in the access handler, if I uncomment the set_handlers statement, I can authenticate against redmine. So I guess there is something wrong in this "hack". Unfortunately I am not really a perl guy, so I have no idea how to investigate the issue any further.
Is there any way to figure out what is the important difference between the "hacked" control flow (i.e. setting the auth handler programmatically) and the normal one?
A little bit dirty workaround is to always set the "user" (REMOTE_USER) variable even in anonymous mode, so "Require valid-user" seems happy,
$r->user("");
return Apache2::Const::OK;
We had this problem to implement lazy authentication (Shibboleth style).
I recently upgraded from 2.3 to 2.5.1. Now i get the same strange behavior as long as the project is public. I have some projects, where others need access without registration on the redmine site. So i need a quick solution. But i have also no idea how to solve it. Therefore i created a bug report at the redmine project side:
http://www.redmine.org/issues/16948

BigCommerce PHP API Ciper Error

I am using the BigCommerce PHP API and am receiving this error when it attempts to connect to either my store or the webdav store:
failed setting cipher list
From the same server I have connected to both sites using cURL via the command line. I have the cURL php module installed with SSL enabled. Any thoughts would be appreciated.
I think you have to enable the 'rsa_rc4_128_sha' cipher. It might not be enabled by default. Can you try
Connection::setCipher()
before making a request? By default this sets the cipher to the above cipher as default.
There is some history on this in the BC github repos -
https://github.com/bigcommerce/bigcommerce-api-php/pull/10
https://github.com/bigcommerce/bigcommerce-api-php/pull/11
Hope this helps.
I was using wamp and tested this just now.
To fix this I updated the connection api file with
curl_setopt($this->curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($this->curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($this->curl, CURLOPT_CAINFO, 'C:\xampp\htdocs\big\Bigcommerce\Certs\cacert.pem');
and the file from
http://curl.haxx.se/docs/caextract.html
We use an object based upon the following
<?php
// provision for laziness
if(
(array_key_exists('store_url', (array)$settings)) &&
(array_key_exists('username', $settings)) &&
(array_key_exists('api_key', $settings))
) {
// Config Basic
BC::configure(
array(
'store_url' => $settings['store_url'],
'username' => $settings['username'],
'api_key' => $settings['api_key']
)
);
// Set Cipher if needed
if(array_key_exists('cipher',$settings)) {
BC::setCipher('RC4-SHA');
} else {
BC::verifyPeer(false);
}
// Set Proxy if needed
if(array_key_exists('proxy',$settings)) {
BC::useProxy($settings['proxy']['url'], $settings['proxy']['port']);
}
}
// Run your code here...

Error while using REST api in magento

I have set up magento locally in my system using XAMPP
I have created a file in root directory named dm.php with the contents
<?php
/**
* Example of products list retrieve using Customer account via Magento REST API. OAuth authorization is used
*/
$callbackUrl = "http://localhost/dm.php";
$temporaryCredentialsRequestUrl = "http://localhost/mage2/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://localhost/mage2/oauth/authorize';
$accessTokenRequestUrl = 'http://localhost/mage2/oauth/token';
$apiUrl = 'http://localhost/mage2/api/rest';
$consumerKey = 'enhksf7u33p3snubewb6zcq0z9c63bvv';
$consumerSecret = 'p7e835cdcxofokeep749jgzz4l1e306p';
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/products";
$oauthClient->fetch($resourceUrl);
$productsList = json_decode($oauthClient->getLastResponse());
print_r($productsList);
}
} catch (OAuthException $e) {
print_r($e);
}
But this is giving me the following error
Fatal error: Class 'OAuth' not found in D:\Webserver\xampp\htdocs\dm.php on line 19
Can anybody shed some light on this
Thanks
Since oauth is not possible to install in xampp windows i changed the contents of my dm.php file to this.
<?php
$ch = curl_init('http://localhost/mage2/api/rest/customers');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$customers = curl_exec($ch);
echo $customers;
?>
Now i am getting an error like this
{"messages":{"error":[{"code":403,"message":"Access denied"}]}}
What am i doing wrong?
First of all
Go to magento admin panel System->Webservice->RESt Roles->Guest->Resources Access ->SET ALL
Similarly Go to System->Webservice->RESt Attribute->Guest->Resources Access ->SET ALL
Then Hit this url http://****/chanchal/magento/api/rest/products in web Browser and check what error it shows....
According to me it must show product in your website in xml format.
Please let me know..
EDIT:
I configured a localhost just now and got this output refer the Screenshot. Be sure there is product in your magento.
Similarly follow the above steps for admin,customer then create a Ouath consumer from admin panel , Install RESTClient For Mozilla Firefox And follow Here
These for steps are necessary for the setup..the link might help you..
Authentication Endpoints
1./oauth/initiate - this endpoint is used for retrieving the Request Token.
2./oauth/authorize - this endpoint is used for user authorization (Customer).
3./admin/oauth_authorize - this endpoint is used for user authorization (Admin).
4./oauth/token - this endpoint is used for retrieving the Access Token.
Let me know if you have any issues.
Best of luck
A bit of code modifications will easily solve this error 403 forbidden.
What magento engine does is that it uses the default guest user to provide access to the REST api methods. The guest user does not have much powers so it should be better to change this functionality of magento. There are 2 ways of doing this:
1) Quick and dirty fix: in the file /app/code/core/Mage/Api2/Model/Auth.php, change the value of: DEFAULT_USER_TYPE = 'guest' to DEFAULT_USER_TYPE = 'admin'. In the file /app/code/core/Mage/Api2/Model/Auth/Adapter.php, change this line from return (object) array('type' => Mage_Api2_Model_Auth::DEFAULT_USER_TYPE, 'id' => null); to this:
return (object) array('type' => Mage_Api2_Model_Auth::DEFAULT_USER_TYPE, 'id' => '1');
This way the authentication system will not be broken.
2) Proper and long run fix: Override the two functionalities using the magento overriding mechanism to have a better solution in accordance to magento standards. This way the core files will be intact.
We use this link to install oauth for php. Its good and easy to add extension for php.
install oauth php
I hope it helps to all and would solved 'OAuth' not found fatal error.
I had the same issue and was struggling for a week but just try insatlling new version of xammp or wamp with supports ouath.The better solution was ,I installed Ammps 1.9 and in php5.4 I resolved the extension of oauth but still make sure that you select the proper php for extension oauth is supported (php5.4)
For installing Oauth : http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html
Installing PHP Extension for Oauth :
1. Download php_oauth.dll file and add it under C:\xampp\php\ext\
2. add [PHP_OAUTH] extension=php_oauth.dll in php.ini