I am trying to add a security domain in the web console of wildfly. So Configuration > Subsystems > System > Security > domain name. In the authentication, Authentication Module, Module Option you can add the options, but I can't add a module I need because it has a space in the option.
But I get the error "Invalid format: Add new properties as key =value pairs, the special character allowed in the value are - :#;=?!#$%&[]" due to the space.
I would be something like Module Options "test=testfirstpart secondpart"
I know it's likely the cli works for this operation, but I'm asking without using that.
Related
I am trying to migrate an older 2.x server to 3.x due to the LDAPS connectivity requirement for a new AD tree/domain that is being created. I had to upgrade not only Freeradius but the server OS to support newer versions of TLS. I roughly had the configuration I think correct in 2.x, but cannot be 100% certain as authentication to the new AD tree structure was not completely working because of the SSL/TLS incompatibility. I am having a harder time with the new module configuration layout in 3.x.
The current 2.x performs authentication for 2 methods:
1) LDAP to the existing AD tree using a redundant server setup
2) SQL/PERL via a custom module.
The new 3.x server I need to perform 3 authentication checks via 2 methods:
1) LDAP to the existing AD tree using a redundant server setup
2) LDAPS to the new AD tree (possible redundant server setup)
3) SQL/PERL via the custom module
I have read that this may require templates for the LDAP configuration, but have not found any examples for that. Any help/guidance would be greatly appreciated.
The config is all in the LDAP module configuration file, raddb/mods-available/ldap - the ldap attribute map is in there, too.
To connect to two different LDAP servers, create two instances of the ldap module, e.g. where you have
ldap {
...
}
add another copy of that config with
ldap ldap-new {
...
}
then you can call ldap or ldap-new as appropriate in the server where needed to query the required LDAP server.
Make sure you create the appropriate symlinks to enable the module, e.g. raddb/mods-enabled/ldap -> ../mods-available/ldap.
You can certainly use templates to save duplicating config, but to begin with it's a lot easier to just copy the ldap config file, change the instance name in the new file and then tweak from there. Templates are likely to make things more confusing unless you know what you're doing.
I followed the steps of this tutorial:
http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/doc/ega_docs/dialog_ega.shtml#ega_getstart_setup
until the step 3h (Account validation), which leads to following error:
“Client error – 407 Proxy Authorization required”.
(I am behind a company proxy)
I use Eclipse Mars 4.5.2 and IBM Bluemix Tools 1.0.10.v20160406_1758.
What i have already done:
-Of course I have Bluemix account that works perfectly fine.
-I have filled in the HTTP and HTTPS info within the Eclipse proxy settings (General->network settings) and cleared the SOCK-field. I can therefore install new software and use the eclipse marketplace for instance.
-Set the proxy at the http_proxy/https_proxy at the Windows system variables, therefore I can use the Bluemix command line tool and login to Bluemix.
-Experimenting with adding various lines at the eclipse.ini as in the following:
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provi der.filetransfer.httpclient
-Dhttp.proxyPort=8080
-Dhttp.proxyHost=YYY.com
-Dhttp.proxyUser=uid123
-Dhttp.proxyPassword=XXX
-Dhttps.proxyPort=8080
-Dhttps.proxyHost=YYY.com
-Dhttps.proxyUser=uid123
-Dhttps.proxyPassword=XXX
-Dhttp.nonProxyHosts=localhost|127.0.0.1
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.closeTimeout=3000
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.readTimeout=3000
The command "nslookup api.ng.bluemix.net" returns:
Server: AAA.de Address: aa.bbb.cd.ef
Not authorized answer:
Name: ng.bluemix.net Address: 75.126.70.44 Aliases: api.ng.bluemix.net
Any suggestions how to successfully use the Eclipse Bluemix Plugin?
Based on the error, it looks like you have authentication error on accessing the proxy itself. The Bluemix Tools does not use the command line interface (CLI) to communicate with the Bluemix server. Therefore, proxy settings are not setup in Eclipse even if you have it working using the CLI.
In Eclipse, all the proxy settings can be done from the Preference page. There is no need to change eclipse.ini so you can restore the eclipse.ini file to the original before changing the preference setting. You can find the corresponding preference page in Window>Preferences>General>Network Connection. Then, change the "Active Provider" to "Manual" and edit the HTTP and HTTPS port proxy settings as needed.
In the Edit Proxy Entry dialog, you can input the proxy authentication information by selecting Requires Authentication checkbox and input the user/password.
I am trying to script an openam deployment using ssoadm, and want to know what will be the fastest and fool proof way to get the attribute names for ssoadm?
Right now, i login to the console and "view html source" for the attribute i am interested in, and use that via ssoadm. But, this approach is time consuming, plus with openam13 the attribute names are not available in the source.
Are you interested in any configuration or service in particular?
For most configurations and services (such as datastores, auth modules, server properties, etc...) there is an ssoadm command that will give you the current values from where you can grab the property names and use the in your script.
For example if you have a Datastore called OpenDJ in your top-level realm you can get the current configuration values using the following command:
ssoadm show-datastore -u amadmin -f /tmp/amadmin.pwd -e / -m OpenDJ
Typically it's just a matter of finding the right ssoadm command. Another option will be to look at the service definition. All these definitions are kept in xml format in your configuration store inside ou=Services.
Hope this helps.
I think the easiest approach is probably to look up the service XML files. At the time of the configuration, the service XML files are all copied over to ~/<OPENAM_HOME>/config/xml folder, so normally you can just try to grep for certain strings (like dynamic), but even then that may not work well.
If you know what service you are dealing with, then things get a bit easier. Are you trying to change an Authentication configuration? It must be defined in amAuth.xml then. The service name to be used for the ssoadm command is defined in the <Service> element under the "name" attribute. The service attribute names are defined under <AttributeSchema> elements with "name" attribute.
Yet another alternative would be to just read the documentation as most of the property names are already documented:
http://openam.forgerock.org/doc/bootstrap/admin-guide/index.html#auth-core-realm-attributes
I am using the Remote System software on Eclipse. I can successfully log in to my FTP account but when I try to view the directories, I get the following message:
Message: Operation failed due to network I/O error
'java.net.SocketException: Connection reset by peer: socket write
error'
Any ideas are welcome.
Looks like there could be some negotiation issue.
Try following solution:
I've got the same exception and in my case the problem was in a
renegotiation procecess. In fact my client closed a connection when
the server tried to change a cipher suite. After digging it appears
that in the jdk 1.6 update 22 renegotiation process is disabled by
default. If your security constraints can effort this, try to enable
the unsecure renegotiation by setting the
sun.security.ssl.allowUnsafeRenegotiation system property to true.
http://www.oracle.com/technetwork/java/javase/overview/tlsreadme2-176330.html
Setting the System Properties/Mode Configuration The various modes are
set using the corresponding system properties, which must be set
before the SunJSSE library is initialized. There are several ways to
set these properties:
From the command line:
% java -Dsun.security.ssl.allowUnsafeRenegotiation=true Main Within
the application:
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
true); In the Java Deployment environment (Plug-In/Web Start), there
are several ways to set the system properties. (See Java Web App and
Next Generation Web Browser Plugin for more information.)
Use the Java Control Panel to set the Runtime Environment Property on
a local/per-VM basis. This creates a local deployment.properties file.
Deployers can also distribute a enterprise-wide deployment.properties
file by using the deployment.config mechanism. (See Deployment
Configuration File and Properties.)
To set a property for a specific applet, use the HTML subtag
"java_arguments" within the tag. (See Java Arguments.)
To set the property in a specific Java Web Start application or applet
using the new Plugin2 (6u10+), use the JNLP "property" sub-element of
the "resources" element. (See Resources Element.)
I'm following this tutorial:
http://www.mkyong.com/google-app-engine/google-app-engine-python-hello-world-example-using-eclipse/
I created a project and tried to run it locally. It didn't work but when I ran it on the Google appengine launcher it worked just fine.
I noticed that eclipse doesn't create .project and .pydevproject files in the project
here is the console contents:
WARNING 2012-11-28 07:48:10,265 rdbms_mysqldb.py:74] The rdbms API is not available because the MySQLdb library could not be loaded.
Invalid arguments
Runs a development application server for an application.
dev_appserver.py [options] <application root>
Application root must be the path to the application to run in this server.
Must contain a valid app.yaml or app.yml file.
Options:
--address=ADDRESS, -a ADDRESS
Address to which this server should bind. (Default
localhost).
--clear_datastore, -c Clear the Datastore on startup. (Default false)
--debug, -d Use debug logging. (Default false)
--help, -h View this helpful message.
--port=PORT, -p PORT Port for the server to run on. (Default 8080)
--allow_skipped_files Allow access to files matched by app.yaml's
skipped_files (default False)
--auth_domain Authorization domain that this app runs in.
(Default gmail.com)
--backends Run the dev_appserver with backends support
(multiprocess mode).
--blobstore_path=DIR Path to directory to use for storing Blobstore
file stub data.
--clear_prospective_search Clear the Prospective Search subscription index
(Default false).
--clear_search_indexes Clear the Full Text Search indexes (Default false).
--datastore_path=DS_FILE Path to file to use for storing Datastore file
stub data.
(Default c:\users\gideon\appdata\local\temp\dev_appserver.datastore)
--debug_imports Enables debug logging for module imports, showing
search paths used for finding modules and any
errors encountered during the import process.
--default_partition Default partition to use in the APPLICATION_ID.
(Default dev)
--disable_static_caching Never allow the browser to cache static files.
(Default enable if expiration set in app.yaml)
--disable_task_running When supplied, tasks will not be automatically
run after submission and must be run manually
in the local admin console.
--enable_sendmail Enable sendmail when SMTP not configured.
(Default false)
--high_replication Use the high replication datastore consistency
model. (Default false).
--history_path=PATH Path to use for storing Datastore history.
(Default c:\users\gideon\appdata\local\temp\dev_appserver.datastore.history)
--multiprocess_min_port When running in multiprocess mode, specifies the
lowest port value to use when choosing ports. If
set to 0, select random ports.
(Default 9000)
--mysql_host=HOSTNAME MySQL database host.
Used by the Cloud SQL (rdbms) stub.
(Default 'localhost')
--mysql_port=PORT MySQL port to connect to.
Used by the Cloud SQL (rdbms) stub.
(Default 3306)
--mysql_user=USER MySQL user to connect as.
Used by the Cloud SQL (rdbms) stub.
(Default )
--mysql_password=PASSWORD MySQL password to use.
Used by the Cloud SQL (rdbms) stub.
(Default '')
--mysql_socket=PATH MySQL Unix socket file path.
Used by the Cloud SQL (rdbms) stub.
(Default '')
--persist_logs Enables storage of all request and application
logs to enable later access. (Default false).
--require_indexes Disallows queries that require composite indexes
not defined in index.yaml.
--search_indexes_path=PATH Path to file to use for storing Full Text Search
indexes (Default c:\users\gideon\appdata\local\temp\dev_appserver.searchindexes).
--show_mail_body Log the body of emails in mail stub.
(Default false)
--skip_sdk_update_check Skip checking for SDK updates. If false, fall back
to opt_in setting specified in .appcfg_nag
(Default false)
--smtp_host=HOSTNAME SMTP host to send test mail to. Leaving this
unset will disable SMTP mail sending.
(Default '')
--smtp_port=PORT SMTP port to send test mail to.
(Default 25)
--smtp_user=USER SMTP user to connect as. Stub will only attempt
to login if this field is non-empty.
(Default '').
--smtp_password=PASSWORD Password for SMTP server.
(Default '')
--task_retry_seconds How long to wait in seconds before retrying a
task after it fails during execution.
(Default '30')
--use_sqlite Use the new, SQLite based datastore stub.
(Default false)
--port_sqlite_data Converts the data from the file based datastore
stub to the new SQLite stub, one time use only.
(Default false)
--[enable|disable]_console Enables/disables the interactive console.
(Default enabled if --address is unset,
disabled if --address is set)
There are 2 run configurations that I managed to run the project localy with.
right click project --> Python Run
in main tab
Project text field browse to project
In Main Module path to appserver C:\Program Files (x86)\Google\google_appengine\dev_appserver.py
in Arguments tab
Program arguments "${project_loc}/src" make sure you put the ""
in Working directory check Other ${project_loc:/selected project name}
bellow
apply
run
right click project --> PyDev Google App Run
in main tab
Project text field browse to project
In Main Module path to appserver ${GOOGLE_APP_ENGINE}/dev_appserver.py
in Arguments tab
Program arguments "${workspace_loc:HelloWorld/src}" make sure you put the ""
in Working directory check Other ${workspace_loc:HelloWorld}
next time you can just click the configuration
To upload to the cloud appengine run configurations.
right click project --> PyDev Google App Run
in main tab
Project text field browse to project
In Main Module path to appserver ${GOOGLE_APP_ENGINE}/appcfg.py
in Arguments tab
Program arguments update "${workspace_loc:HelloWorld/src}"
make sure you put the ""
make sure update is outside the ""
in Working directory check Default ${project_loc:/selected project name}
To whom it might concern an IDE should shield the developer from the Idiosyncratic nature of the command line I spent 7 hours trying to run a project using faulty tutorials