FTP Server integration with LDAP - openldap

I'm trying to authenticate vsftpd from LDAP(openldap) logins which hosted remotely another server.
i.e.: We have a LDAP server and new users are created on them. I'd like to know if it is possible to use the same ldap users credential to authenticate and log in into the FTP server as I am unable to do that.
TIA

I have a scenario slightly different, but probably can work in you case.
In my case, we have a Windows Domain and we use SSSD to authenticate in the domain. There is no need any change in vsftpd.
My guess is if you set up the sssd authenticating to your LDAP server, it will work.
There is a tutorial here for Ubuntu: https://ubuntu.com/server/docs/service-sssd-ldap

Related

nginx basic auth backed on server

I know nginx provide a way to login using basic authentication (with a password file). I wanted to know if there is a way to delegate the authentication to a dedicated server.
Here is the process I want to pursue :
- The user try to access to the nginx server without auth.
- Nginx ask for username and password.
- Nginx request the dedicated server with the provided credentials.
- If ok, nginx create a new basic auth for the user, and let the user pass in.
Thank you

Redmine, publish with basic authentication behind Microsoft TMG

I've just installed Redmine on Windows 2008 R2 through the setup realized by Bitnami.
All works fine. Also SSL is working excellent.
Since today Redmine is in my DMZ, and I reach it directly, from internal network.
I arrive on login page and go.
Now I've published it on public IP with Microsoft TMG.
On TMG I use a listener that require authentication through radius.
TMG permits to pass credential to the web application by some different way, one is basic auth, one is NTLM....
I've found a redmine plugin that permit to use basic auth in redmine, so at login I don't see the redmine page but the classic http popup for credentials.
In this situation, like other published web application, TMG is configured to pass credentials on http basic auth but only redmine fails.
TMG pass credentials and these are refused by redmine, so TMG propose again credentials request.
Does anyone has a solution?
It could be a problem in the basic auth plugin, but it's the only one I've founded.
Thanks,
Mirko

Windows authentication with ActiveDirectoryMembershipProvider

I have an issue with my website authentication.
I'm building an website that needs to use the same single sign on as an intranet site.
My idea was to use windows authentication on the website to get the user credentials and then use LDAP to authenticate them against our client's Domain controller.
The website in question is hosted on a server outside the client's domain.
I've tried using the ActiveDirectoryMembershipProvider but i cannot get it to work with integrated authentication.
My issue is that my i cannot get windows authentication to use LDAP as a membership provider. At the moment, windows authentication gets the user credentials, tries to authenticate them against users on the computer and fails as the web server is not on the domain. I want to get the credentials and send them using LDAP to a domain controller that will authenticate them.
Is there a way i can do integrated authentication using and LDAP connection for authentication?
Updated
If your website is Hosted on the Server outside the Client's Domain then you can not get the User Authenticated.
Because when you send the Credential to the Hosted Server there is a Location object in the Domain Server, and it will try to find that specified User first locally where you have hosted your website and then to the Doamin Server that have been specified in location(though we can also set the priority)
If it doesn't found any user locally then
After that it will Send request to the Domain Server with those Credentials.
In your case First it will not found that Domain Server name in the location object to which you want it to communicate with.
For ex:
PrincipalContext pr = new PrincipalContext(ContextType.Domain, "corp.local", "dc=corp,dc=local", username, password);
Here Corp.Local is the Domain name which is in my Location object and Username and Password of that user which have administrative rights for Edit/Update/Delete any user in Domain server.
So the whole process goes again and when the specified Domain Server is found in the Location object then it will make communication with that Domain and generate a TOKEN
The Only Solution for your case is that you need to replicate all your user from Client Server to your Domain Server or else you need to make TRUST between two domain servers.
Hope this is what you are looking for.!!

How can I secure ELMAH for external access via the ELMAH-LogAnalyzer?

I have ELMAH setup on an ASP.NET site and I would like to use the elmah-loganalyzer on it remotely, while still keeping ELMAH secure from prying eyes. Basically, I want to be able to search the logs from home in an emergency without busting out the work-laptop and using the super-slow VPN.
I know I can secure ELMAH using forms authentication and/or IP addresses via the web.config as addressed elsewhere. The problem is that the elmah-loganalyzer can't login with forms authentication (that I know of) and I would want to check it from a dynamic IP address, so those options are out. The elmah-loganalyzer can login as a Windows user, but the website is not using that form of authentication.
Does anyone know of another way to secure ELMAH that the loganalyzer can use, or a way to secure just this one section of the site with Windows Authentication?
Just use it to connect directly to the database. Forms and Windows auth are used for protecting the web-based handler but the log analyser can connect directly to the DB (obviously with the appropriate credentials).

SqlException: Login failed for user

I use a dbml for my Data Access Layer to provide the data that i need in my app.
When i connect from the server explorer everything seems fine. I choose to use my windows authentication and the connection test shows everything works just fine. When i Build my solution and run it on my IIS it says that i'm using a login that is not working.
How to solve this issue?
The web site will be logging in to the SQL Server using the identity of the application pool of the web site, you have to grant that user (normally network service) access to the database.
When you try to connect from server-explorer and chose windows authentication, it uses currently logged in user to authenticate with the sql-server. You must be logged in as Administrator of the local system so it lets you in using windows authentication.
But when you run your application through IIS, and try to authenticate using windows authentication it uses local system aspnet_user account to authenticate which must not have authorization to access your database. You need to authorize aspnet_user to access your database and it will work.
A recommended practice is to not
authenticate using windows
authentication but to use sql server
authentication which will work in every context.
Did you define the appropriate connectionstring in your web.config?

Resources