AD/LDAP authentication for FitNesse - ldap

We are going to put FitNesse on a server and wants to have a AD/LDAP authentication solution for this.
Does anyone have experience with good and easy to set up solutions for this?
Thanks in advance. Magnus

One straightforward method would be to download the standard edition of the UnboundID LDAP SDK and get a copy of the jsse.jar file and install both jar files in the fitness lib directory. Create a class in the fitness.authentication package that extends the fitness.authentication.Authenticator class and overrides the isAuthenticated() method. Specify the required properties such as hostname, port, simple or SASL bind, whether to use SSL or StartTLS, base object, search scope, and so forth.
The jsse.jar will provide the necessary SSL classes so that SSL and StartTLS can be implemented as required.
see also
LDAP: Programming practices

It is possible, but it would require either finding or creating a plugin to do it.
I found the following, but I have never tried it:
https://github.com/timander/fitnesse-ldap-authenticator.
Also out there, but older is: https://github.com/dleonard0/fitnesse
You can start there, but you might have to get your hands dirty. Unfortunately, I'm just not that familiar with that part of the code.

See here: http://fitnesse.org/FitNesse.UserGuide.AdministeringFitNesse.SecurityDescription.SpnegoAuthentication
I need to give many more characters to make stakeoverflow happy.

Related

Delphi Apache-Module with SSO

we successfully created an apache module with Embarcadero Delphi (10.3). Next step is the idea to extend this module with SSO-functionality (NTML/Kerberos).
I understand there are several modules for apache to enable the sso-features for php/html-content and directories by extending the httpd.conf-file (or even locations like those the module uses).
But i have no idea how to access the apache-server-variables or the information about the sso-credentials (windows logon-name) from inside my apache-module.
Perhaps someone can give me a hint here.
Possible alternatives:
Recode the negotiate-handshakes (ntml/krb) inside the module (already did this for indy)
Use a little php-script file to access the variables (with
redirect/ajax for example)
Somehow (would not know how) add those information to the request-headers inside apache before going into the module (sounds insecure)
But i would like to use an easier way ;)
Thanks
For the xxm project (which also has an Apache httpd module!) I've implemented NTLM authentication using the AcquireCredentialsHandle and AcceptSecurityContext calls.
It works using the WWW-Authenticate request and response values. First there's NTLM, followed by one or more round-trips with NTLM followed by a space and base64 encoded data you need to pass until you get a SEC_E_OK value back.

How to use SSL in MariaDB datasource with quarkus?

I would like to connect to MariaDB database via SSL in Quarkus application. However, I cannot find a way how to define the SSL-related information in Quarkus application.
How to provide the certificate which is needed in database connection in Quarkus application?
Is it even possible?
If not, I assume that many would be interested in that feature.
I searched information from https://quarkus.io/guides/datasource but did not find anything regarding this.
MariaDB reference: https://mariadb.com/kb/en/library/using-tls-ssl-with-mariadb-java-connector/
There's no reason for it to not work. Just include what you need in your JDBC url.
Be aware though that if you are using native images, you should read this guide that will guide you through configuring everything properly: https://quarkus.io/guides/native-and-ssl .

Is there any haproxy development guide?

Isn't that weird that Haproxy doesn't have any development guide to start for a beginner? For instance, for the university, I have to modify HA, but most of the content I do find on the internet is configurations of haproxy, but how to start developing it, I can't find any references.
Maybe someone knows where to get that information? Even though there are summaries on almost every method in their repo, but it still would be better if there was a more broad explanation.
From: https://github.com/haproxy/haproxy
The more detailed documentation is located into the doc/ directory :
doc/intro.txt for a quick introduction on HAProxy
doc/configuration.txt for the configuration's reference manual
doc/lua.txt for the Lua's reference manual
doc/SPOE.txt for how to use the SPOE engine
doc/network-namespaces.txt for how to use network namespaces under Linux
doc/management.txt for the management guide
doc/regression-testing.txt for how to use the regression testing suite
doc/peers.txt for the peers protocol reference
doc/coding-style.txt for how to adopt HAProxy's coding style
doc/internals for developer-specific documentation (not all up to date)
maybe you wanna start at doc/internals

I hope to give LDAP server new OID object

I am studying LDAP server(ADLDS)
I figured out that extended operation is implemented in ldap server.
For example, oid(1.3.6.1.4.1.4203.1.11.3) stands for whoami command.
If I give 1.3.6.1.4.1.4203.1.11.3 to ldap server, server would respond who the user is.
In this situation, I hope to make my own command with new oid.
How can I make this possible?
Thank you.
Some LDAP directory servers will allow you to extend them and define your own extended operation. This needs code and some expertise in the internals of the server.
I would strongly recommend that you consider open source directory servers, if you want to pursue that route, as getting full access to the code will make things easier.

Using erldis on ejabberd Module?

I'm working on an ejabberd module that requires erldis.
I'm having problems starting the rldis application from in the ejabberd module initialization.
Any tips, tutorial on how to integrate? Which files are required to be copied to ejabberd/ebin? What is the recommended start sequence?
I have found this example of using Redis with ejabberd:
http://logicalfriday.com/2011/06/30/ejabberd-global-roster/
A quick read shows that it is not totally integrated in ejabberd (even in term of start / stop), but that can help.
I do not know what your module is supposed to do, so it is hard to suggest a better approach at this stage.
I did similar here: https://github.com/bob-p/mod_global_roster this might give you a few pointers.