So I am working with drupal and all the users are also connected to ldap. I want to know whats the best way to implement a password expiration for users who have had a password for X amount of time. Is there a way to achieve this solely through ldap or must we have a module accomplish this task through drupal side?
Password expiration is easily enforced by the LDAP server. With OpenLDAP look at the ppolicy overlay. With OpenDJ just start up dsconfig and let the menus guide you. Apache Directory Server has it as well as Fedora/389. What's your LDAP server again?
You'll need drupal to analyze LDAP response messages when a password policy kicks in. I'm no drupal user myself, so I don't know how well this is supported.
Related
I currently built a small WebApp for personal use. I want to push it online but not everyone should have access to it. I want to send the password to people which I will allow to access the site but I only want one password which can everyone use. I build the App with just Nuxt.js and firestore because I'm not familiar with backend technology.
I'm aware of the firebase authentication, but it only supports authentication with e-mail address.
Does someone know a simple Method how I can do this? Security is in this case not very import, I just want that not everyone can go on the site yet.
Thank you very much for your help.
As you mentioned, you're aware of firebase authentication, create a single account with email and password. For now, on login screen you can pass email hardcoded in input[type='hidden'] field.
You can use basic authentication for that. Not the most secure way of securing a site since the credentials are sent over with each request but If your site is under https you should be fine.
i would need assistance on how to configure LDAP in Drupal to connect to the Novell host. I have the parameters but i don't know how to use them. These are the steps i have made:
First i installed LDAP module for drupal
I enabled most of the LDAP
I went to server config but i'm lost.
Created the custom page.tpl i want to connect.
The Novell LDAP has an IP address and the web page is in another host. The only thing i want to do is that the Novell ask me the user and password when i access that page.tpl in drupal. Is it possible to achieve that? I would be grateful for your help. Thank you!!!
Connection with LDAP can be authorized and not authorized. If authorized, you must specify connection parameters user name and password to enter ldap.
I do not know Drupal and how to do it.
Setup
JBoss using LdapExtLoginModule to auth to Microsoft ADAM (Lightweight Directory Server)
Drupal using ldap_integration module to auth to the same Microsoft ADAM above
Url within JBoss realm that requires user to auth (again) using HTTP Basic Auth
Use Case
User logs in to Drupal , auth'ed by ADAM. At this point Drupal only knows the username (password is stored in Microsoft ADAM/LDAP)
User accesses secured URL within JBoss realm, and browser prompts for username and password. At this point we'd avoid the login prompt but how ?
Is there a way to link JBoss and Drupal session?
Hacky solution:
Remember the password that user entered into the password textbox while logging in to Drupal and use this to authenticate later.
Is there any better solution, maybe by introducing another security layer or something else?
Your hacky solution certainly seems to be the easiest. Have you looked into CAS?
http://drupal.org/project/cas
http://www.jasig.org/cas
I am using Plone and Sugar CRM. I want to allow users to only have a single username and password across both systems. When they change their password in Plone they should not have to change it in Sugar CRM. Is there a simple way to do this?
If you want single sign on, you can also look at Plone 4's mod_auth_tkt support. Basically, Plone will set a cookie that is compatible with the auth_tkt standard. Other systems (such as Apache or nginx as fronting web servers) can use the same cookie format to authenticate a user.
Configure both to authenticate against an LDAP server.
I have a web application that uses Integrated Windows Authentication to validate users. Most of them are remote and don't have access to a workstation to update their AD password.
Rather than manually managing passwords my self, I'd like to put together a script so they can change them on their own.
How would I update their windows password through ASP?
If you are going to offer this in a website, you should consider the security implications. A self-service password changing website is generally considered a major security risk and is not common.
You mention that your users are remote. If the site will be public, how will they authenticate through Integrated Authentication? They only way I know to make this possible is through VPN. Otherwise, they will have to use Basic Authentication to enter their username and password. This is very insecure, even over SSL.
Here are some recommendations:
Secure the site using client certificates. If this is not possible use SSL at a minimum.
I would strongly recommend that you implement the actual password-changing logic in a secure webservice. The ASP.NET page should call the webservice to request the change.
You should store an audit trail of password changes. DO NOT store the passwords, just an event log of the user, time, and IP address.
Test very thoroughly to ensure that the integrated security is recognizing your users properly. Make sure that users cannot accidentally change other users' passwords.
There is a function in the System.DirectoryServices namespace that seems to be able to handle this. You will need to add a reference to it in order to use it.
Here is the article on how to change user passwords:
http://msdn.microsoft.com/en-us/library/ms817839.aspx
http://support.microsoft.com/kb/555071
If you can set up IISADMPWD like this, you should be able to change passwords. This is actually an ASP application which relies on a COM component.
Note that IISADMPWD is obsolete and does not ship with IIS 7.0.