I'm new to Zenoss and hired as a System Administrator somewhere that has lost all of their credentials to access Zenoss Control Center WebUI!
Now I've been assigned to find a way to reset admin (or any other user) password. I've checked the web thoroughly and came across zendmd, a python shell connected to Zenoss database. Using this link I tried to set the new password, but though it does not throw any errors, I still cannot login with the new credentials I've set.
Also I tried using zenpass which is a small script to set the new admin password, but still it seems that it has no effect.
I am familiar with python (fortunately) and I'm trying to understand how I can manipulate database to be able to login. But as this is a OO database and not a relational one, I cannot query it directy. So far, my attemps on fixing the issue have been unsuccessful. Part of it is because there are no documentation related to zendmd objects and classes, and I have to read developer comments to find out what is going on.
Is there any way to reset this? or at least find out what is going on here? I also suspect that the accounts are locked, but I've had no luck finding a way to check this.
New findings
I was able to send a reset password email using the following method in zendmd:
dmd.ZenUsers.user01.manage_resetPassword()
The password in the mail does not work. I guess my problem is not the password, but some other issue with the login...but no idea of what it can be. Any help is appreciated.
Well, after some research I found out that I was trying to log in into a wrong login interface! The Control Center is different from Zenoss WebUI (rookie mistake) and now it is OK.
All of the methods with zendmd work perfectly. Actually, this helped me learn a bit of zenoss python shell, which would definitely be useful in close future.
Related
This MUST be on here somewhere else, but try as I can, I just can't find it.
I'm trying to email from an R script. Following this tutorial I've been able to successfully send an email from my personal outlook.
So far so good right? Well when I run the line:
my_outlook <- get_personal_outlook()
It has me authenticate in with a window that popped open. Worked fine this first time I did it, but this will run daily on a shared drive that myself and another user have access to, and she might be the one running the R file. So it might be nice to have it already authenticated in with a token or something.
In the documentation it looks like something like this would work:
but I'm having a hell of a time getting it to work. I check the documentation for get_azure_token and it looks like a bunch of examples where I have to point it to a shiny app, etc..
Does anyone have any examples of code I could use to avoid a pop up window authentication so this R script can send emails?
I went through this tutorial and I'm trying to figure out how authorization works:
https://www.openshift.com/blogs/day-15-meteor-building-a-web-app-from-scratch-in-meteor
I see that client-side code is well written and that it handles privileges for logged in users through calls to
if(Meteor.userId())
but as far as I can tell nothing is handling client authorization in the server-side code in epollserver.js.
I tried to create a script that likes questions in a for loop but failed :) So I'm wondering if I'm missing something about the blog, something about the way metamagics work in meteor or if the tutorial actually results with unsafe code?
Meteor has a built in accounts functionality, so it has a login package called accounts-base that handles this for you.
The code is in the background and not in your main project files. You can view the package's contents here: https://github.com/meteor/meteor/tree/devel/packages/accounts-base.
Meteor is slightly different in the way security is handled. The tutorial you're using doesn't mention it much, perhaps this is why the question comes about.
Its slightly mentioned with the insecure package. In meteor you can't just update fields as you please in the database without corresponding .allow rules (docs: http://docs.meteor.com/#allow).
If you keep the insecure package in, installed by default, you can edit collections as you please. This is why the tutorial recommends removing it.
Allow rules and Publish
You can specify a rule that tells meteor that only certain users are allowed to alter the database.
Likewise when it comes to autopublish, you can control what database data is sent down from the server to the client.
Combined, these two are what make meteor secure in the same way as conventional web applications. You have a browser which can see html and js, but when it comes to what data it can see or what data it can update it is controlled in a secure fashion.
On client-side, you can use Meteor.userId() to manage display fo logged user or anonymous.
In fact you can think it's not secure, but in fact it's enough, if you think well your server-side code. Let's me explain :
In meteor Js, you manage collection through publish/subscribe and direct network call through Meteor.call. So you have to secure both, on server-side.
For the first one you have to remove insecure and autopublish.
Then use allow/deny on your collections to manage who can insert/update/remove data.
Then in your publish functions, that are only on server-side, you have to add :
if (!this.userId) return this.error(new Meteor.Error(403, 'unauthorized access'));
For the second one (Meteor.call) you just have to add in all required Meteor.methods (on server-side) :
if (!Meteor.userId()) throw new Meteor.Error(403, 'unauthorized access');
With those thing your application is "secure". Yes a user can hack your client code to try to display templates that should be available only for logged user, but in fact, this user will not be able to retreive any data, so yes it is secure !
Also don't forget to split your server and client code in different folder (server and client) or all the code will be downloaded by the client. And this is not secure !
Hope it helps you understand Meteor Js.
Actually, the tutorial does result with unsafe code since I managed to add a question through the JS console without being logged in, my initial hunch that the code lacks server-side checks was correct
I suspect three more if(Meteor.userId()) in epollserver.js would fix the issue, it's a basic authorization coding failure of not observing the mantra "protect from the server first, then from the client if necessary"
I'm a nascent coder creating a simple iOS app. I'm experimenting with coding push notifications for the first time and I have a simple question regarding the Parse Installation Object and a scenario where multiple users log on the same device (let's say a loner iPad at a library).
Based on the Parse documentation I've seen, when a user subscribes to a channel - let's say "The Giants" - it saves this info on the Installation Object. But if the user logs out and another user logs in, does Parse assume that we are to erase the previous channels? Should channels therefore be saved to the User class first, and only saved to Installation when a user logs in? And similarly how do we handle advanced targeting where I want to query Installation for a specific User objectId? Is the best practice to always leave the last user logged in listed as 'owner'/'user'?
If you find the library example impractical, also consider something like signing into your Spotify account on a friend's device in order to play a private playlist at a party. I know these are less common scenarios, but I want to make sure I know how to handle them.
I'm new to Push Notifications so I may be missing something fundamental here, but if any experienced developer can lend some advice as to how they handle this scenario, it would be greatly appreciated.
Store a reference to PFUsers when you save the installation. Add a field #"owner" and tag the pfuser to it.
After a user logs in, if they are not associated with the current installation, send an alert asking if they'd like to receive pushes on this device. If that's the case, resave and update the current installation. Otherwise leave it as is.
This is a tricky area, let me know what you come up with.
It's pretty rare that people will sign onto a service using someone else's phone, so I don't think its a huge issue if you want to just "see what happens" and if there's demand work it out.
I have 3 iOS apps using a single Parse application which supports push notifications for all 3 apps. I have a flag set on the project for the Release configuration for NDEBUG. I use #ifndef NDEBUG to set the boolean on a value I set on the current installation. This way it makes it easy to identify which installation that I can use for testing push notifications. I also use the appIdentifier value to filter to the application I am testing.
I also set other values as needed but these values are a good start.
if (debug) {
[currentInstallation setObject:[NSNumber numberWithBool:YES] forKey:#"debug"];
}
else {
[currentInstallation setObject:[NSNumber numberWithBool:NO] forKey:#"debug"];
}
I'm using the Organization Service URI to upload documents to our SharePoint site from notes and attachments. I'm using the code found here and all is working apart from where i set the organizationURI. I get an error of "metadata contains a reference that cannot be resolved". I have tried retyping the link in and everything i can think of but i always get this error.
The strange thing is that this was working a couple of days ago just fine, but when i tried it the next morning it refused to work and now wont do anything at all. Before this error i have now i was getting an error saying that the URI scheme is not valid. I don't know what could have caused this to stop working but i've tried all i can think of and need some help.
Thanks
EDIT: The error message has changed to "A proxy type with the name account has been defined by another assembly". Still not sure what it means, but i'm hoping this might be easier to fix
I'm not sure if this is the actual fix for this problem but i tried this and it seemed to work. So either it is the answer or i was just lucky and something else changed too, but anyway...
What i did was to change the way that i was connecting to the organization service. Before i was using user credentials, organization URI and home realm uri together to get the OrganisationServiceProxy in the form of OrganizationServiceProxy orgService = new OrganizationServiceProxy(organizationUri, homeRealmUri, cred, null);.
Now i'm using a longer method of first setting the discovery service with user credentials. Then together with them i set the discovery service proxy, which is then authenticated. Then i simply use a RetrueveOrganizationRequest / Response to get the organization service which i can then use in place of the original.
Hope that makes sense to people but if anyone wants i can put some code up showing what i did.
I have an ASP.Net application (on Win2K) that is using Windows authentication and impersonation. We are using the following code to change password:
Dim objDE As DirectoryEntry
'...
objDE.Invoke("ChangePassword", txtOldPassword, txtNewPassword)
This code works great, except it does not lock the account if there were multiple unsuccessful attempts. Is there any way to make this code to lock the account if incorrect passwords was provided multiple times (as specified in a policy). I can't elevating user privileges, because this potentially makes the system less secure.
I am not sure if a general user would have the permissions to directly lock their own account. However, one method to do such would be:
objDE.InvokeSet("IsAccountLocked", true)
For a great resource on .NET on Active Directory please see this article.
My appologies for the above link being in C#, if you need a good converter try this one.