Is there a way in Phabricator to restrict which users can create a new project?
I have looke everywhere but cannot find the policy that will restrict this feature to select users.
Logon to Phabricator as administrator
Go to [1]: https://phabricator-URL/applications/view/PhabricatorProjectApplication/
The you should see this and config the policies:
https://i.stack.imgur.com/1crpW.png
Turns out I did not look hard enough.
This is possible by setting an entry in policy.locked through the command line:
./bin/config set policy.locked "{ \"project.create\" : \"admin\" }"
Related
I created a presto custom password authenticator plugin (internal) by making a copy of the LDAP plugin and modifying it. You can see that code here: https://github.com/prestodb/presto/tree/master/presto-password-authenticators/src/main/java/com/facebook/presto/password.
I created copies of the Authenticator, AuthenticatorFactory, and the config, and modified them to basically just take a user/password from the config and to only allow that user in. I also put the new class in the PasswordAuthenticatorPlugin registration code.
I can see the plugin loading when presto is started, but it doesn't appear to do anything despite no errors being present. What am I missing?
Note: I had already found a solution to this, I'm just recording it on SO as I originally came here and found no help.
To make a custom password plugin work, you actually need HTTPS enabled for communication with the coordinator. You can actually see this recommendation at the bottom of their documentation:
https://prestodb.github.io/docs/current/develop/password-authenticator.html
Additionally, the coordinator must be configured to use password authentication and have HTTPS enabled.
So, the steps to make it work are:
Make sure your main config.properties has "http-server.authentication.type=PASSWORD".
Make sure you add a password-authenticator.properties next to config properties with content like the sample in the link above. But make sure you use your string from your authenticator as the name, and that you add your configuration properties instead (user name and password).
Set up a JKS store or a real certificate (some instructions here from Presto for JKS: https://prestodb.github.io/docs/current/security/tls.html).
Add SSL config to your config.properties.
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/etc/presto-keystore/keystore.jks
http-server.https.keystore.key=password123
Set up your JDBC driver to use the same key store.
I wrote up a blog on it with a bit more detail as well if any of that doesn't make sense. But after doing all this, you should find that it does require a password and it does enforce your plugin.
https://coding-stream-of-consciousness.com/2019/06/18/presto-custom-password-authentication-plugin-internal/
It's my first time with LDAP, I want to import users from another LDAD (ldif file), but these have 3 attributes that I can not find in the objects of mine.
The attributes are:
roomNumber
associateNumber
memberOf
Viewing the old LDAP has an object called objectClass: inetOrgPerson, my question is how could I add this object to my LDAP without spoiling anything?
thank you very much for your attention.
Error example:
ERROR LDAP: error code 17 - associateNumber: attribute type undefined]
dn: uid=myuser,ou=Users,dc=mydomain,dc=com
Best regards
Just load the inetorgperson.schema into the server via the configuration.
It's missing the inetorgperson schema on your ldap. You can see the installation details on the link How To Configure OpenLDAP
Good lucky!!!
I have created a custom federated authenticator in WSO2-APIM/IS and have enable Just-In-Time Provisioning.
Since in API Manager when an application is created a corresponding service provider will be created as well. I want to have all service provider be using my custom authenticator as default which, I think, can be done by editing the file repository\conf\identity\identity-providers\default.xml
However I can not find the information in the documentation on the format of this file which I need to configure my custom federated authenticator and enable JIT Provisioning. Can anyone please guide me to the configuration detail of this file.
Below is the default repository\conf\identity\identity-providers\default.xml
<IdentityProvider>
<IdentityProviderName>default</IdentityProviderName>
<DisplayName>default</DisplayName>
<IdentityProviderDescription></IdentityProviderDescription>
<Alias></Alias>
<IsPrimary></IsPrimary>
<IsFederationHub></IsFederationHub>
<HomeRealmId></HomeRealmId>
<ProvisioningRole></ProvisioningRole>
<FederatedAuthenticatorConfigs></FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>
</DefaultAuthenticatorConfig>
<ProvisioningConnectorConfigs>
<!--<ProvisioningConnectorConfig>
<ProvisioningProperties>
</ProvisioningProperties>
</ProvisioningConnectorConfig>-->
</ProvisioningConnectorConfigs>
<!--<DefaultProvisioningConnectorConfig></DefaultProvisioningConnectorConfig>-->
<ClaimConfig></ClaimConfig>
<Certificate></Certificate>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
<JustInTimeProvisioningConfig></JustInTimeProvisioningConfig>
</IdentityProvider>
Thank you very much in advanced.
As per the code here, It should be in the following format.
<JustInTimeProvisioningConfig>
<UserStoreClaimUri></UserStoreClaimUri>
<ProvisioningUserStore>PRIMARY</ProvisioningUserStore>
<IsProvisioningEnabled>true</ProvisioningEnabled>
</JustInTimeProvisioningConfig>
Change the ProvisioningUserStore to reflect yours.
My desktop name is DOMAIN\MY-DESK. So the error is regard as to my desktop rather than my Windows credential.
I searched the web most of them are related to DOMAIN\UserName issue. The local report url is http://localhost/WebAdminOrion/Administrative/Reports
The report page is in a asp.net web application. I have the following code in the report page.
ReportParameter[] prm = new ReportParameter[Request.QueryString.Keys.Count - 1];
ReportViewer1.ServerReport.SetParameters(prm);
I get the error at the line of setting parameters.
By this, I think that the solution might be to configure the file. However the file C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config has 292 lines. One section is
<Authentication>
<AuthenticationTypes>
<RSWindowsNTLM />
</AuthenticationTypes>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
<EnableAuthPersistence>true</EnableAuthPersistence>
Not sure how to configure it.
Resolved it and shamed. The permissions granted to user 'servername/iusr-username' are insufficient for performing this operation. (rsAccessDenied)
You need to go into your SSRS ReportManager and configure the security settings.
Through Properties
-> Security -> New Role Assignment-> Then add the appropriate domain group. For my case, it needs to add by desk name as "DOMAIN\DESK$".
I can't figure out how to change the webdav password. I've done some searching, found many resources of how to add a new user to webdav, but nothing about changing password. Anyone know?
Passwords are stored in webdav.htpasswd file.
If you open it, you will see an entry like this
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e
That's the entry for user wampp: in realm XAMPP with WebDAV: with password which is encrypted.
To change password, you should use htdigest.exe.
See manual. It is used to create and update user authentication files. You should find in the bin directory of xampp installation.
To do that, do :
htdigest.exe "pathto/webdav.htpasswd" "XAMPP with WebDAV" yourusername
This will be returned:
Adding user yourusername in realm "XAMPP with WebDAV"
You will then be asked for the password for yourusername
New password: yourpassword
Re-type new password: yourpassword
Reference: http://www.apachefriends.org/f/viewtopic.php?f=16&t=38897
Replace the content of the file C:\Program Files\xampp\security\htpasswd.webdav with your username, a colon and the password. Note: Everyone who can see this file can see the password!
Assuming you're talking about doing a password change at the server from a client, I don't believe WebDAV supports such a transaction.
You'd use something like a shell logon or a Web-based admin page to do this.
This always struck me as odd for a lot of network services, for example FTP or email. It seems to be common though.