Using Adldap2 package (https://adldap2.github.io/Adldap2/#/) and to be more accurate laravel version (https://github.com/Adldap2/Adldap2-Laravel) and having some issues with add/update some attributes after creation.
To be more specific, I will try to do this
Create user
$user = Adldap::make()->user([
'cn' => 'Vlad Test7',
'samaccountname' => 'vlad_test7',
'Company' => 'Company Name',
'givenname' => 'Vlad',
]);
$user->objectclass = [
'top',
'person',
'inetOrgPerson',
];
$user->save();
This will work.
But after if I will try to set another attribute like department, doing it as below
$user->setAttribute('Department', 'Information Systems');
$user->save();
I will get this error message
ErrorException : ldap_modify_batch(): Batch Modify: Insufficient access
at PATH_TO_PROJECT_ROOT\vendor\adldap2\adldap2\src\Connections\Ldap.php:386
I asked system admin about provided accounts permissions, and he told me that I have full access within OU for test user, that they have been created for me.
I suppose, that possibly can be something wrong with my config files, I have there as admin told me.
Here how config file (ldap.php) looks like
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'port' => env('LDAP_PORT', 389),
'timeout' => env('LDAP_TIMEOUT', 5),
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
'username' => env('LDAP_USERNAME', 'username'),
'password' => env('LDAP_PASSWORD', 'secret'),
Based on my search result, possibly error message on update can be related with dn (distinguished name), as I have something like that as base_dn
base_dn=OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
and when I'm creating a user, for new created user I'm getting new generated dn which is like below
dn=CN=Vlad Test7,OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
not sure, is this correct or not? Thinking also about possibility, that I can't perform operations using generated distinguished names,when I'm creating a new record, at least impression is that I have added CN=Vlad Test7 to base_dn, which is causing the error.
Any suggestions or thoughts about this issue?
Thanks
Answer is simple, it was a permission issue of the AD user, which I'm using here, as error message describes, insufficient access, so nothing related with coding here.
Related
I've implemented in my backend Cognito with Signup and Login, MFA activation and inactivation, but now I want to implement the remember devices, to reduce SMS confirmation.
For that, I've adjusted the InitiateAuth Function to the following code:
$client->initiateAuth([
'AuthFlow' => 'USER_SRP_AUTH', // REQUIRED
'AuthParameters' => [
"USERNAME" => $email,
"PASSWORD" => $password,
"SRP_A" => $bigA,
],
'ClientId' => $this->getClientId(), // REQUIRED
]);
This function runs properly, and returns the code in following image:
https://i.gyazo.com/a439e48e2de85a094f56ed4cfee10f83.png
Then, I continue generating SRP Values, and call in the function respondToAuthChallenge, with the following code:
$client->respondToAuthChallenge([
'ChallengeName' => 'DEVICE_SRP_AUTH',
'ChallengeResponses' => [
'USERNAME' => $username,
'SRP_A' => $bigA,
],
'ClientId' => $this->getClientId(),
]);
Yet, It returns me an error saying: 'Missing required parameter DEVICE_KEY'.
If I put a DEVICE_KEY key inside ChallengeResponses it starts returning me the error 'Device does not exist.'
I've searched a lot and cannot find a way to generate the DEVICE_KEY. I've tried with unique ID and sending it in both initiateAuthand respondToAuthChallenge but the error is the same.
Any clue how can I do it? I Believe that SRP code is not 100% yet, as still understanding the concept, yet, cannot understand the DEVICE_KEY part.
Thanks
It looks like you have to use Server Side Authentication Flow
For server-side apps, user pool authentication is similar to that for client-side apps, except:
The server-side app calls the AdminInitiateAuth API (instead of InitiateAuth). This method requires AWS admin credentials. This method returns the authentication parameters.
Once it has the authentication parameters, the app calls the AdminRespondToAuthChallenge API (instead of RespondToAuthChallenge), which also requires AWS admin credentials.
The AdminInitiateAuth returns among other stuff the device key.
I'm working on a rewrite of a project from the ground up and figured I would try to learn MVC along the way. In this case, I've chosen Phalcon and am still working through the fundamentals of converting the tutorials to my own project.
I have two "configuration" settings that I need to account for. First, I need to read a configuration file that has the database credentials (this works properly).
require_once('../fileconfig.php'); // Read config file
$init = new Phalcon\Config\Adapter\Php("../fileconfig.php"); //Convert it to array
But once I have that, how do I actually connect to the database and add it to $di-> (which, if I understand correctly, is effectively the global class? Ultimately, I want to pull the contents of "select * from config" into an array and use that for the application configuration. In this case, var_dump($dbh) returns "null"
//Connect to database
$di->set('db', function() use ($init) {
$dbh = new \Phalcon\Db\Adapter\Pdo\Mysql([
"host" => $init->database->host,
"username" => $init->database->username,
"password" => $init->database->password,
"dbname" => $init->database->dbname
]);
return $dbh;
});
var_dump($dbh); //returns null
If I remove the $di-> section, the array returns the data that I need, but it still doesn't help me figure out how to connect to the database and have it available globally for other functions in the models:
$dbh = new \Phalcon\Db\Adapter\Pdo\Mysql([
"host" => $init->database->host,
"username" => $init->database->username,
"password" => $init->database->password,
"dbname" => $init->database->dbname
]);
Returns:
object(Phalcon\Db\Adapter\Pdo\Mysql)[28]
protected '_descriptor' =>
array (size=4)
'host' => string 'localhost' (length=9)
'username' => string 'testuser' (length=8)
'password' => string 'testpass' (length=8)
'dbname' => string 'testdb' (length=6)
This question seems to be close to what I'm asking, but was more about error handling than the actual connection and I didn't see an answer to my question there.
To resolve your database you need to resolve your di. You could resolve it the file you declared it in with
$di->getShared('db')
But note, you don't want to do that. You want your files seperated with their responsibilities.
Inside of a class that inherits \Phalcon\Mvc\Controller you can use
$this->db->
Please refer to http://docs.phalconphp.com/en/latest/reference/di.html in order to see why to use a DI, and all the nuances of accessing it
It really helps to go through other phalcon projects and look at how everything works together. Please refer to the source here and look at how projects are set up:
https://github.com/phalcon/invo
https://github.com/phalcon/vokuro
https://github.com/phalcon/forum
These are ranked by complexity so start with invo first and then move on
I am using Laravel 4.0.10 and ccovey/ldap-auth for user authentication. On the server end I have OpenLDAP server created with Turnkey OpenLDAP. I've followed the instructions but I'm getting an error when trying to connect to server.
Error:
Bind to Active Directory failed. Check the login credentials and/or server details. AD said: Invalid DN syntax
My app/config/adldap.php file:
<?php
return array(
'account_suffix' => '#mreza.vpl',
'domain_controllers' => array("ldap.vpl.lan"), // An array of domains may be provided for load balancing.
'base_dn' => 'DC=mreza,DC=vpl',
'admin_username' => 'admin',
'admin_password' => 'mypassword',
'real_primary_group' => true, // Returns the primary group (an educated guess).
'use_ssl' => false, // If TLS is true this MUST be false.
'use_tls' => false, // If SSL is true this MUST be false.
'recursive_groups' => true,
);
I added this line to app/config/auth.php:
'username' => 'uid'
My OpenLDAP database looks like this:
I want to authenticate against People group
Any ideas what I am doing wrong? I've been trying to set this up for a few days now. I am new to LDAP though.
Thanks!
Change the Admin username to either cn=Admin or cn=admin,DC=mreza,DC=vpl and try to connect. You need a full DN to bind, generally.
I am a new to yii although i have worked a lot with codeigniter and was just trying to convert my code from codeigniter to yii
But the CDbconnection is taking more than 1 second to execute i have attached a screenshot.
also the sql code i am using.
$criteria = new CDbCriteria();
$criteria->select = "total_photos";
$data = array( 'Gallerys' => Gallerynames::model()->findAll($criteria));
Please look into it
Edit:
Here is my db config
'db'=>array(
'class' => 'system.db.CDbConnection',
'connectionString' => 'mysql:host=localhost;dbname=yiiwiki',
'emulatePrepare' => true,
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'enableProfiling' => true,
'schemaCachingDuration' => 3600,
),
From yii guide
Because ActiveRecord relies on the metadata about tables to determine
the column information, it takes time to read the metadata and analyze
it. This may not be a problem during development stage, but for an
application running in production mode, it is a total waste of time if
the database schema does not change.
so set the schemaCachingDuration of the db application component a value greater than zero.
'db'=>array(
'class'=>'system.db.CDbConnection',
'connectionString'=>'sqlite:/wwwroot/blog/protected/data/blog.db',
'schemaCachingDuration'=>3600,
),
Keep in mind that you should specify a valid cache in the application config
EDIT
It seems your problem is not due to the schema. Refering to this changing localhost to 127.0.0.1 will fix it
Using ext/ldap I'm trying to add entries to an Active Directory. As long as I only use one single structural objectClass everything works as expected, but as soon as I try to add an entry with a second auxiliary objectClass, the server reports an error:
Server is unwilling to perform; 00002040: SvcErr: DSID-030F0AA0,
problem 5003 (WILL_NOT_PERFORM), data
0
The following code works:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'objectClass' => 'organizationalUnit',
'l' => 'location'
));
This doesn't:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'associatedDomain' => 'domain',
'objectClass' => array('organizationalUnit', 'domainRelatedObject'),
'l' => 'location'
));
The same happens if I try to add an auxiliary objectClass to an existing entry:
ldap_mod_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'associatedDomain' => 'domain',
'objectClass' => 'domainRelatedObject'
));
The corresponding error message is essentially the same
Server is unwilling to perform;
00002040: SvcErr: DSID-030508F8,
problem 5003 (WILL_NOT_PERFORM), data
0
As all other updating and adding operations work, I think the problem must be related to the objectClass attribute.
As I've not enough experience with Active Directories (I'm used to OpenLDAP):
Are there any known issues with objectClasses in Active Directory? Am I missing something here? Are there any restrictions that disallow adding e.g. domainRelatedObject to an organizationalUnit? What the heck 's going on here ;-)?
Just in case you're wondering: the domainRelatedObject is present in the Active Directory schema.
I just found that, in order to add dynamic (per-instance) aux classes, the forest functional level of the domain must be 2003.
You may not have permission to set the objectClass attribute. See whether you can attach the auxiliary class after creation, through ADSI Edit. If you can't, fix the permissions first (check the Properties tab in the Advanced view of Security settings)
I could attach this specific class right now, onto a organizationalUnit object, as a domain admin; so in principle, this is possible.