I am a system administrator of one ldap server.
As a sys amdin my aim is to inform all the users their uid's and password stored ldap directory. I am able to get the uid's of all the user, but I am not able to fetch the password for individual user.
Essentially, I want to query ldap server to get the password details of each user.
I am not able to find the solution for this.
Please share how can I achieve this.
Related
I would like to track anonymous user actions as if the user would be authenticated. The goal is to let users perform actions(normally reserved to authenticated users), save it in Database with a special status (not visible until user will log into the application).
For example,
an anonymous user reply to a comment.
The system detect that the user is not logged in, save the comment with special status 'waiting for authentication'.
The system ask user to log in, in order to complete the registration of the comment.
User log into the application.
The system check for 'waiting for authentication' status and update/associate entries to the user authenticated.
Have you any suggestions / experiences to implement this type of functionality? Maybe Symfony has already in feature/bundle for that?
What you are trying to do is simillar to Lazy Registration, which is a proven concept. It is well implemented here at stackoverflow. It allows you to post messages after providing an email address. It works similar to this one:
http://www.90percentofeverything.com/2009/03/16/signup-forms-must-die-heres-how-we-killed-ours/
However, if you really want to go your way, without asking user for an email address, I would recommend storing data at browser local storage. It would save you a lot of work on backend side. Data would be transferred to the backend only when user registers. This way you will also prevent database pollution with users who never registered. http://blog.teamtreehouse.com/storing-data-on-the-client-with-localstorage
You could use ip address but it won't be very effective because one user can access your website from many ip addresses (wifi, 3g/4g connection ...).
You can rely on cookies but once he logs in from another device you can't do anything about it.
IMO, you should save actions and link them to a uniq token that you send to the anonymous user, once he's authenticated he can provide the generated token and then you save actions for that user. Becareful to not forget removing saved anonymous-actions once they are "identified".
I used AWS Cognito to authenticate users in my iOS application. The users of the app will have to enter the email, phone number and their name in order to register and Amazon will be sending a SMS to authenticate the phone number.
All of these are working fine. I have few questions and they are :
1.) I want to know where these data are getting saved ? It's not there in the Dynamo DB (However, I found the list of users in AWS Cognito --> Federated Identities --> Users , but not in a Table inDynamoDB)
2.) Now, once the users are authenticated, I am allowing the users to interact with the application. The first task will be that the users will have to complete their profile. I want to know if in case if an user is NOT authenticated will he be able to complete his profile ? Ideally, he should not be allowed. But is this happening automatically ?
EDIT
1) You are correct, data is not stored inside dynamo for user profiles. Cognito has an internal data store in which user data is persisted. This can be viewed and edited (as an admin) through the 'Users' tab of your user pool.
2) They should not be able to, and it is not happening automatically. The only way to update attributes stored against a user is as an admin (which the user shouldn't be able to do) or with the token that they get from signing in, so what you're aiming for is very do-able.
I am newly working on openldap.
We have an application that will restrict users from deleting entities from ldap.
But if the user connects using python ldap module from console then there is no way of restricting.
Is it possible to restrict the users from executing "ldapdelete" directly?
We are using common user name(manager account) and password for all the users to connect to ldap. It is not possible to maintain different user accounts as there are 30000+ users and not possible to create separate accounts for all the users.
Please let me know how to go with this situation.
Thanks in advance.
Yes it's possible. You need to write an access control rule in the OpenLDAP comfiguration, that for example restricts deletion to admins. Building this sort of thing into an application is a waste of time while other applications and command lines exist. It must be configured at the server.
I am working on an old ASP.NET application whose end users authenticate with a local Windows account (no domain). We want to switch to using membership (via aspnet_regsql), and move the application to a new server. What's the best way to seamlessly do this?
My biggest concern is I don't want every single user to have to go through the "forgot password" process. Regarding passwords. As I understand, there's no supported way to get at the passwords in order to convert them to membership users. Is there an unsupported way to grab the passwords?
There are about 1000 users, and they log into the system rarely -- maybe a few times per year. Point being: there will be a huge % of users that won't log in until the old system is dead and gone.
My current thought is that we will need to implement two workflows:
Before migration to the new server, anyone that logs in will be authenticated with Windows, and their account automatically converted to a membership user. We will have their password from our custom login page.
After migration, anyone logging in that hasn't been converted to membership will have to go through the "forgot password" routine. We would present a message to them explaining why.
So bottom line: Is there a way to do this without requiring users to go through the forgot password process at all?
I would expect you cannot get the passwords from the windows accounts, you could import the users, create a password and send out an email to users with their new password or you could send a link for users to login and create a password or request a password reset given their email address?
How to give an admin access to the users who have logged in using ldap username and password after authentication. And should we store this $_POST values in drupal database.
If you are using the ldap_integration module after an LDAP user logs in for the first time a full local Drupal user is created for them. Install http://drupal.org/project/adminrole which lets you assign your users, even LDAP users, into an "Admin Role". This module gives all available permissions to users in this role.