How do I configure Openfire to use custom database using openfire.xml? - properties

I tried out this guide from the Openfire documentation but none of my changes seem to have been applied. I can't login as any of the user from my custom database even if I set user names as admin. Do I need to manually apply all the changes to the system properties stored in the database (Openfire's ofProperty table)?
I'd also like to know if there's a way to prevent or customize which tables Openfire will add to my database.

Here's what I did to setup external database (in my case MySQL):
Assuming that you have a running Openfire instance, you should stop the server and edit the openfire.xml
Just add <setup>false</setup> so next time you open the web interface you will be directed to the setup page which will allow you to select and setup your database server.
From Openfire install directory copy the SQL query from /resources/database (choose the one for your specific database, in my case I used openfire_mysql.sql)
Of course you need to setup privileges.
From there I just followed the wizard and put the information in the input fields when setting up the database, like IP address, username and password that I have setup in the privileges in phpMyAdmin. Everything should be up and running within minutes.
In case you get error when setting up the database from the web interface, try to check if your database server MySQL port is open, its 3306. Do some sudo iptables if its not.
Hope this helps.

Related

Trying to connect ldap users two or more subdomains to nifi

I have setup three node secure NIFI cluster and integrated with LDAP for user login .
my doubts
In login-identity-providers.xml can we add multiple USER Search Base of ldap.(i tried by adding multiple usersearchbase but failed)
In LDAP user search should happen on multiple sub domains eg : DC=example1,dc=example,dc=com
DC=example2,dc=example,dc=com
on User-search-base in login-identity-providers.xml
TO achieve mutitenancy in ldap what is the configuration changes we need to make in identity provider.xml
tenant1 user should access process group define for tenant 1 itself and its not access for tenant2 users
From what I can tell, AND Assuming you are using Microsoft Active Directory if you use:
FOLLOW
It may work.
We also sometimes might use the Global Catalog (as then there are no referrals)
I also am guessing that the "empty" parameters should be removed (but I do NOT know how NIFI works).
I would suggest you also do tests with a LDAP Browser to make sure you know what your LDAP tree looks like. We use Apache Studio, but there are others.
More data on if it is Microsoft Active Directory and refer to https://stackoverflow.com/help/how-to-ask

Synchronize the user from ldap server to jira soon

I was using a openldap server to control the user in jira and confluence. But after I insert a user into ldap and add the user into the jira-users group, i still need to synchronize the user in jira. Can i set something to let it synchronize automatically after i insert the user into ldap server?
Here are the main steps :
Log in as a user with the JIRA System Administrators permission
Check your configuration : Settings > User Management > User Directories
You can manually synchronize the LDAP cache by clicking 'Synchronize' on the 'User Directories' screen.
If it works, you just need to set the Synchronization Interval on the directory configuration screen.
Otherwise there is probably something wrong with the current config. In this case, I would:
Check the server settings, see if it's reachable when connecting from a terminal.
Similarly, try to perform a search from a terminal using the schema settings.
Disable Incremental Synchronization if enabled.
Ensure the directory order is correct. Changes to users and groups will be made only in the first directory where the application has permission to make changes.
Ref: Connecting to an LDAP directory

Odoo Restrict access to database Manager page

How can I restrict access to database Manager page, by a password, for Odoo / OpenERP? So only master admin can see this page.
I found a good module here:
https://www.odoo.com/forum/help-1/question/how-to-show-the-manage-database-page-for-particular-user-like-administrator-in-openerp-v8-57036#answer-64736
But the problem is this module does not support multiple databases!
Is there any other method or custom module to achieve that ?
You can override the '/web/database/controller' and put the condition to check whether the session's user is admin or not , if it's admin then return the original page which is returned by odoo else you can show your page showing that you can't access this.
You can use this module: Restrict access to Manage Databases to restrict access to the Manage Databases page.
After installing the module, you will only be able to visit the Manage Databases page (/web/database/manager/) if you are signed in as the Administrator (with user ID = 1) or you have Technical Features enabled for that user.
If you have installed the module and are unable to switch databases while logged out, you can add the db flag to your url to manually select the database that you want, for example:
yoursite.com/web?db=database2
Caveat:
This solution might be troublesome as you will have to install it in all your databases on the same instance.
The other solution will be to use nginx to restrict access to /web/database/manager to only your IP address or a range or IP addresses.

SQL Server Authentication and Folder Permissions

In SQL Server 2014, I have created a login with SQL Server Authentication with which I am trying to do BULK INSERT; however it is failing because Windows is not letting SQL Server access the folder where the insert file is. If I enable Full Control for Everyone the bulk insert works, but that is not an acceptable solution. Within SQL Server setup, I have tried adding a Credential (with windows authentication that has rights to the folder) to the login, but this didn't work. I have also tried adding Full Control for users my_server\SQLServer2005SQLBrowserUser$WIN-832289876 and my_server\SQLServerMSASUser$WIN-832289876$MSSQLSERVER but that didn't work either.
I always struggle with this. For me, allowing MSSQLSERVER full permission to the folder where the input file resides always seems to work.
Right-click the folder (as an admin on the box), go to properties, security, edit, add...
here is where I always get tripped up. For me, the server service account is "NT Service\MSSQLSERVER" and I can never search for that user. I have to type it in manually and check the name to make sure I typed it in correctly. For you, this may not be the service account used by your server. Check your services list from windows administrative tools to see what account is in "Log On As" for SQL Server (MSSQLSERVER).

Failed to update database because the database is read only

This message appears every time I try to save the data to the DB.
Failed to update database because the database is read only
Note: This error comes only when the application is installed to C drive.
Front End: VB.NET
Back End:SQL Server
Is there any way to overcome this issue?
Or any way to restrict the user from installing the application on C drive?
I would check the file system privileges. I suppose you talk about an SQL server file database. You receive the message because the account trying to access your file database does not have the file system permissions to do so.
In order to confirm my suggestion, you allow everyone to access the specific directory with full permissions.
Then, you have to check what is the account trying to do the actual access. Probably it's a system account (user ASPNET or NETWORK SERVICE). You have to give the respective permissions to the specific account.
Then, restart IIS.
If you want to do this for a distributed stand-alone application. Then these permissions would have to change on each machine where the program would be installed. In order to avoid putting users in such a fuss, the setup program should do it. I am not an expert on setup programs, but even the simplest ones would give you the option to do it, after asking the system adminstrator's approval. I suppose you could build a custom action during the setup program which would change the specific folder's permissions, perhaps by using xcacls.exe.
Hope I helped!