Using ext/ldap I'm trying to add entries to an Active Directory. As long as I only use one single structural objectClass everything works as expected, but as soon as I try to add an entry with a second auxiliary objectClass, the server reports an error:
Server is unwilling to perform; 00002040: SvcErr: DSID-030F0AA0,
problem 5003 (WILL_NOT_PERFORM), data
0
The following code works:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'objectClass' => 'organizationalUnit',
'l' => 'location'
));
This doesn't:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'associatedDomain' => 'domain',
'objectClass' => array('organizationalUnit', 'domainRelatedObject'),
'l' => 'location'
));
The same happens if I try to add an auxiliary objectClass to an existing entry:
ldap_mod_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'associatedDomain' => 'domain',
'objectClass' => 'domainRelatedObject'
));
The corresponding error message is essentially the same
Server is unwilling to perform;
00002040: SvcErr: DSID-030508F8,
problem 5003 (WILL_NOT_PERFORM), data
0
As all other updating and adding operations work, I think the problem must be related to the objectClass attribute.
As I've not enough experience with Active Directories (I'm used to OpenLDAP):
Are there any known issues with objectClasses in Active Directory? Am I missing something here? Are there any restrictions that disallow adding e.g. domainRelatedObject to an organizationalUnit? What the heck 's going on here ;-)?
Just in case you're wondering: the domainRelatedObject is present in the Active Directory schema.
I just found that, in order to add dynamic (per-instance) aux classes, the forest functional level of the domain must be 2003.
You may not have permission to set the objectClass attribute. See whether you can attach the auxiliary class after creation, through ADSI Edit. If you can't, fix the permissions first (check the Properties tab in the Advanced view of Security settings)
I could attach this specific class right now, onto a organizationalUnit object, as a domain admin; so in principle, this is possible.
Related
Using Adldap2 package (https://adldap2.github.io/Adldap2/#/) and to be more accurate laravel version (https://github.com/Adldap2/Adldap2-Laravel) and having some issues with add/update some attributes after creation.
To be more specific, I will try to do this
Create user
$user = Adldap::make()->user([
'cn' => 'Vlad Test7',
'samaccountname' => 'vlad_test7',
'Company' => 'Company Name',
'givenname' => 'Vlad',
]);
$user->objectclass = [
'top',
'person',
'inetOrgPerson',
];
$user->save();
This will work.
But after if I will try to set another attribute like department, doing it as below
$user->setAttribute('Department', 'Information Systems');
$user->save();
I will get this error message
ErrorException : ldap_modify_batch(): Batch Modify: Insufficient access
at PATH_TO_PROJECT_ROOT\vendor\adldap2\adldap2\src\Connections\Ldap.php:386
I asked system admin about provided accounts permissions, and he told me that I have full access within OU for test user, that they have been created for me.
I suppose, that possibly can be something wrong with my config files, I have there as admin told me.
Here how config file (ldap.php) looks like
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'port' => env('LDAP_PORT', 389),
'timeout' => env('LDAP_TIMEOUT', 5),
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
'username' => env('LDAP_USERNAME', 'username'),
'password' => env('LDAP_PASSWORD', 'secret'),
Based on my search result, possibly error message on update can be related with dn (distinguished name), as I have something like that as base_dn
base_dn=OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
and when I'm creating a user, for new created user I'm getting new generated dn which is like below
dn=CN=Vlad Test7,OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
not sure, is this correct or not? Thinking also about possibility, that I can't perform operations using generated distinguished names,when I'm creating a new record, at least impression is that I have added CN=Vlad Test7 to base_dn, which is causing the error.
Any suggestions or thoughts about this issue?
Thanks
Answer is simple, it was a permission issue of the AD user, which I'm using here, as error message describes, insufficient access, so nothing related with coding here.
I want to add a column in order grid whose value come from another block.
The code I used in Grid.php are as given below :
$this->addColumn('sum_total', array(
'header' => Mage::helper('sales')->__('G.T.Used'),
'column_css_class' => 'a-right',
'type' => 'currency',
'currency' => 'base_currency_code',
'renderer' => 'Marketplace_Mpshippingmanager_Block_Adminhtml_Sumtotal'
));
Here is the code used in block :
class Marketplace_Mpshippingmanager_Block_Adminhtml_Sumtotal extends Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Abstract
{
public function input_render(Varien_Object $row)
{
//echo '$'.(float)($row['base_subtotal']-$row['base_grand_total']);
printf("$%.2f", ($row['base_subtotal'] - $row['base_grand_total']));
}
}
It work on localhost but make problem on server.
why?
If some one help is more appreciable.
Is localhost windows? Server Linux? I can't say for certain but I ran into this earlier in the week turned out Windows is case insensitive and Linux is case sensitive. The Varien Autoloader which parses all classnames and strings was throwing in '\' where I didn't want them and magento could not find my files.
I do not know if this helps but, it was so similar to my problem I figured I would put in my 2 cents. Here was my thread with the problem explained by a much smarter person. https://stackoverflow.com/questions/30085012/magento-mass-action-grid-does-not-update
foo_constants.php or fooConstants.php?
It seems laravel would do some name conversion when you use Config::get('...'), which one do you use?
foo.php
Why specify constants at all? Convention I've generally seen is single word filenames. I think in general most 'config' type settings will be constant in an environment even if it is variable between environments.
Take a look at the aws/aws-sdk-php-laravel composer package as an example. That file is named config.php in the package, but gets published to aws.php.
rydurham/Sentinel is another popular package. It also only has a single-word filename.
Update
In the situation you describe in your comment, I would do something like this:
<?php // File: foo.php
return [
'sheep' => [
'clothing' => 'wool',
'chews_on' => 'cud',
],
'wolf' => [
'clothing' => 'fur',
'chews_on' => 'sheep',
],
];
And you can access both of those via Config::get('foo.sheep') and Config::get('foo.wolf'), respectively. When they're defined on the server, they're still 'on the server' so to speak. If you wish to release the values stored in foo.sheep to the public you can, and you can do so without also exposing foo.wolf.
We are building a web application using Yii as the framework. Where would be a good location for us to put a version information array?
This version array is not the version of Yii but the version our application is on. This way we can use it global throughout the application. Example when deploy the application on our servers we can have a conditional that compares the required_php_version against the server's php version (phpversion()) to throw errors. This is just a simple example.
The array would consist of (with possibility to evolve later):
<?php
array(
'version' => '2.0.1',
'required_php_version' => '5.4.4'
);
?>
As far as I know, The best place to put your configurations in an application based on Yii, is main.php config file, which is situated in protected/config/main.php. But it is important to put your custom configurations in a right place. That is in params array. You can put your configs like below in config file:
'params' => array(
'webmaster' => 'YourEmail#example.com',
'required_php_version' => '5.4.1',
'my_app_version'=>'2.0.1.1',
'info_in_array'=>array(1,2,3,4,'so on ...')
// and so on
),
You can use these information in everywhere of your application like below:
Yii::app()->params['required_php_version'] //which returns 5.4.1 in this example.
I am trying to create a PHP page to launch cluster and add jobs to the jobflow.
$response = $emr->run_job_flow($nameOfRun, array(
'Ec2KeyName' => 'hadoop',
'HadoopVersion' => '0.20',
'KeepJobFlowAliveWhenNoSteps' => $clusterAlive,
'InstanceGroups' => array(
array( // Group #1
'InstanceCount' => $numOfMaster,
'InstanceRole' => 'MASTER',
'InstanceType' => $masterInstanceType,
'Market' => 'ON_DEMAND',
'Name' => 'Master',
),
array( // Group #2
'InstanceCount' => $numOfSlaves,
'InstanceRole' => 'CORE',
'InstanceType' => $slaveInstanceType,
'Market' => 'ON_DEMAND',
'Name' => 'Slaves',
)
),
'Placement' => array(
'AvailabilityZone' => 'us-east-1d'
)
));
The cluster is launched and I can see the job flow ID. But it starts to shut down immediately after launch. When I do a elastic-mapreduce --list, for that cluster the state is Failed.
Any known issues or anywhere I am doing wrong? Is AvailabilityZone may be causing the issue?
I checked from the AWS Console, it is giving this error - The given SSH key name was invalid
I checked, the access key and secret key I provided in config.inc.php are correct and working.
Regards,
Kartikeya Sinha
Looks like there are four different gotchas that might cause the error, as outlined in this AWS thread:
Specifying the exact keypair name from the console.
Specifying a keypair that exists in a different region than your the region of your endpoint.
Using a keypair for a different AWS service, instead of one for EC2.
Using a renamed keypair pem file, when it should match the keypair in the console (really a special case of 1).
If all that looks right, try deleting the keypair and making a new one.
Based on a reading of the PHP SDK docs, I think the problem is that you're specifying EC2KeyName at all (your comments suggest you don't want to tie a particular pem file to the EC2 instances; you rather just want access with a secret key and access key).
Ec2KeyName - string - Optional - Specifies the name of the Amazon EC2 key pair that can be used to ssh to the master node as the user called “hadoop.” [Constraints: The value must be between 0 and 256 characters, and must match the following regular expression pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\r\n\t]*]
This parameter refers to the pem keypair files you can associate with EC2 instances. Your comments suggest you're speaking specifically about AccessKeys and SecretAccessKeys, which are different concepts. The pem files give you ssh access to EC2 instances. The latter authorize you against the AWS API.
You should be able to kill that optional parameter and have the job work, although you won't be able to ssh into its affiliated EC2 instances without a pem file.
Where I was wrong: (This solved my case)
The name of the keypair of which access key and secret key are specified in the config.ini.php file of AWS SDK and the EC2KeyName to be supplied while launching a cluster should be the same.