I would like to access the company server's Active Directory so I can write a simple phonebook program. It would seem that I need to use LDAP to connect to it in order to grab a recordset. Is there anyway to figure out what the LDAP URL is based on settings and properties in Outlook (or otherwise)?
Can some one help me to understand these Ldap field and to fill the values!
Thanks
I am assuming you are writing VBA. In Outlook, you can use ADO to make the query against the LDAP provider. The query is composed of four parts
Base path
Search filter
attributes returned in the recordset
Search scope.
The LDAP URL that you meantioned is actually the base path of the LDAP query. You can use ADSIedit to get the base path in your local domain. Normally, if your domain is called abc.com, your base path should be something like LDAP://abc.com/DC=abc,DC=com. However, it's not always the case. Active Directory allows you to name an Active Directory domain different from the DNS domain, although most of the time, they are the same. This configuration is called disjoint namespace.
For the disjoint namespace case, to find out the correct base path, you can install ADSIedit from Windows 2003 support tools. Launch the ADSIEdit by typing adsiedit.msc in command line. Right click the ADSIEdit node and click "Connect to". Then, select the naming context "RootDSE" and leave all other settings as default to connect to the local domain. If your machine is joined to the domain already, you should be automatically connected to that domain. In the top RootDSE node, you should also see what domain controller you are connected to now. Mark down the FQDN of the connected domain controller. It should be something like dc1.yourdomain.com. Then, Expand the top "RootDSE" node and you will see another "RootDSE" folder node underneath. Right click and click properties. Find the defaultNamingContext. It should be something like DC=yourdomain,DC=com.
With the domain controller name and the default naming context, you can create your base path, it should be LDAP://domain controller/default naming context
Sometimes you see people putting in FQDN domain name instead of domain controller name in the LDAP base path. This is legitmate only if the A record of the domain exists on the DNS server. I don't recommend using domain name. However, if you really don't want to specify a specific domain controller, you can consider to use serverless binding. LDAP://default naming context. It's an Active Directory feature. It doesn't work on other LDAP servers. You can use serverless binding only if you are running as a domain user. When you use a serverless binding, the LDAP query will simply pick the next available domain controller in the site for you. In this way, you reduce the chances of overloading that server with requests. However, this also makes your result less predictable because sometimes the data is not yet replicated from one domain controller to another domain controller.
Just a side note, I am suggesting you to use the domain naming context as your search base path because I assume you want to search all the users under your domain. You can always pick some other containers as your base path. For example, LDAP://yourdomain.com/CN=Users,DC=yourdomain,DC=com. Then, the search will be done only under the Users container in your domain.
An alternative quick lookup is to run nslookup from Windows - Run
This should give you the Default Server.
See here for more info:
https://serverfault.com/questions/78089/find-name-of-active-directory-domain-controller
You can then connect with AD Explorer (http://technet.microsoft.com/en-ca/sysinternals/bb963907.aspx) to make sure that it is correct.
Building on Harvey's answer, if you need to do this on a Windows 7 computer, you will need Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1).
Open the start menu, there may be a menu called 'Administrative Tools' on the right-hand side. If so, it should have 'ADSI Edit' in it.
If the menu is not available, or if ADSI Edit is not in the menu, Then follow the following (annotated) instructions from Windows help:
Click Start, click Control Panel, and then click Programs.
In the Programs and Features area, click Turn Windows features on or off.
If you are prompted by User Account Control to allow the Windows Features dialog box to open, click Continue.
In the Windows Features dialog box, expand Remote Server Administration Tools.
Select the remote management tools that you want to install (Role administration tools > AD DS and AD LDS tools > AD DS Tools > Active Directory Administration Center), and then click OK.
Configure the Start menu to display the Administration Tools shortcut, if it is not already there.
Right-click Start, and then click Properties.
On the Start Menu tab, click Customize.
In the Customize Start Menu dialog box, scroll down to System Administrative Tools, and then select Display on the All Programs menu and the Start menu. Click OK.
Shortcuts for snap-ins installed by Remote Server Administration Tools (including ADSI Edit) for Windows 7 are added to the Administrative Tools list on the Start menu.
Related
I'm trying to figure out where all WHM settings are stored. I got a task to prepare some template with WHM and cPanel installed but I can't find anywhere any information what is the name of the database where information (with settings) are stored.
I'm precisely looking for the option to turn on email notification in cPHulk about banned user IPs. I know that I can set it up later but I don't want to make any of initial setup in WHM/cPanel.
Is any chance to manually change this settings value ? (either in database or file).
I'm looking as well where are stored values for WHM option: "Show IP Address Usage"
By default, you can only preconfigure WHM using cpanel.config file as described in their docs: https://documentation.cpanel.net/display/1144Docs/The+cpanel.config+File
Unfortunately, this only covers 'Tweak Settings' section, so you can't preconfigure cPHulk using it. One of the alternatives would be to use WHM API and fire it after the server is installed. With this API you have way more options, e.g. cPHulk controls are there: https://documentation.cpanel.net/display/SDK/WHM+API+1+Functions+-+load_cphulk_config
I have a test server installed with liferay 6.2 g4 and it is configured with a LDAP server.The configuration was done through the portal-ext.properties file.As per my understanding configuration mentioned in the portal-ext.properties file are effective only during the initial setup. Any change in the Ldap configuration should done through the control panel.The control panel show the ldap servers in a list(search container).and we can select and edit the ldap server from control panel.
Now what im trying is like, i want to do this from a custom portlet.ie I want to list the ldap servers in my portlet and should be able update it. I have checked the PortalLDAPExporterUtil,PortalLDAPImporterUtil but that didnt help.
Can someone help me to find out which Liferay API should i look to achieve this.
I got the answer from the liferay forum by their staff Jorge Díaz.
You can find the code where LDAP servers are stored at control panel at following files:
edit_ldap_server.jsp: https://github.com/liferay/liferay-portal/blob/6.2.x/portal-web/docroot/html/portlet/portal_settings/edit_ldap_server.jsp
EditLDAPServerAction: https://github.com/liferay/liferay-portal/blob/6.2.x/portal-impl/src/com/liferay/portlet/portalsettings/action/EditLDAPServerAction.java
At first JSP, edit_ldap_server.jsp the parameters are filed by final user and sent to EditLDAPServerAction. This second java only retrieves that information and stores it to preferences (method EditLDAPServerAction.addLDAPServer)
You cannot call this methods from a portlet, but perhaps you can copy and paste internal logic.
Orginal Answer:https://www.liferay.com/community/forums//message_boards/message/55597042
How can I restrict access to database Manager page, by a password, for Odoo / OpenERP? So only master admin can see this page.
I found a good module here:
https://www.odoo.com/forum/help-1/question/how-to-show-the-manage-database-page-for-particular-user-like-administrator-in-openerp-v8-57036#answer-64736
But the problem is this module does not support multiple databases!
Is there any other method or custom module to achieve that ?
You can override the '/web/database/controller' and put the condition to check whether the session's user is admin or not , if it's admin then return the original page which is returned by odoo else you can show your page showing that you can't access this.
You can use this module: Restrict access to Manage Databases to restrict access to the Manage Databases page.
After installing the module, you will only be able to visit the Manage Databases page (/web/database/manager/) if you are signed in as the Administrator (with user ID = 1) or you have Technical Features enabled for that user.
If you have installed the module and are unable to switch databases while logged out, you can add the db flag to your url to manually select the database that you want, for example:
yoursite.com/web?db=database2
Caveat:
This solution might be troublesome as you will have to install it in all your databases on the same instance.
The other solution will be to use nginx to restrict access to /web/database/manager to only your IP address or a range or IP addresses.
My company has a MediaWiki setup which we are looking to make [partially] client accessible. Ideally each client would be able to see only their own page. Our wiki requires the user to be logged into view or edit, and we have the LDAP plugin (This one, specifically) so we can use our Active Directory credentials.
I see this question has come up before a few years ago, but I didn't see an question dealing with LDAP in particular. Can we manage a specific AD account if we give clients one on our domain for this purpose? Alternatively, is there a way to give clients a login directly into the wiki (sort of like logging locally into the computer, instead of the domain), that we could control the access rights of?
For reference: we are on MediaWiki version 1.19.1, PHP version 5.3.15, MySQL version 5.0.96-winx64, and the installation is running on Windows Server 2008 R2 x64 (IIS 7.5).
Thanks very much for the help!
You can use local accounts in addition to the LDAP accounts to log users in. You have to set $wgLDAPUseLocal to true in your LocalSettings.php. Basically, it adds another option to the domain drop down box on the login form that says "local". Users that want to log in with a local wiki account use that. I would also disable account creation on the wiki and create accounts manually for your clients.
Regardless of whether you use local accounts or AD accounts, for page-level access control, you would have to use one of these extensions. Extension:AccessControl seems to be a popular one.
we have a domain controller (W2008 RC2) and several computers as client machines. At the moment when we introduce a new user to the domain who has to have access to a subset of computers, the admin logs on to each of them and adds the user to the list of remote desktop users.
Is there a way to do this from the domain controller? (There has to be a way, because the way we do it sound a bit stupid, right?)
Best regards,
Sascha
Why you just dont add a remote_desktop group to every computer at once. Then put the user into that group if needed. Then you control the access of the computer-access-list at the user setting "Computer Logon at/when" options.