Let's say I have 10,000 usernames in the RDBMS database which will use the XMPP chat service like Ejabberd or MongooseIM that I will put manually in the database. Now every 1000 usernames in the above 10,000 have fixed prefix in their JID usernames like:
1-1000 usernames start with aa__ (Example - aa10001, aa10002 , ...)
1001-2000 usernames start with bb__ (Example - bb10001, bb10002, ...)
2000-3000 usernames start with cc__ (Example - cc10001, cc10002, ...)
and so on ... total of 10 different prefix usernames
Now I just want that these 10 different pairs must not know others prefix usernames pairs and must not be able to send any type of stanza (like message, presence, IQ) to other pair (having a different prefix)
Possibilities:
If I can use some regex in the block policy then that would be great instead of blocking the individual.
I know u may suggest of using a different Virtual host for each pair. But managing so many Virtual hosts can be difficult because in the above example 10K is just a small example of a bigger picture.
Please let me know if question is not clear to you?
I just want that these 10 different pairs must not know others prefix usernames pairs and must not be able to send any type of stanza (like message, presence, IQ) to other pair (having a different prefix)
First of all, play with mod_filter. Looking at its example configurations, probably you can accomplish what you want using it:
https://github.com/processone/ejabberd-contrib/tree/master/mod_filter
Maybe you can define ACL based in the usernames patterns ("aa*" or something like that), and this way you can have all users in a single vhost.
In case the only solution requires having a vhost for each user group, some ideas:
Now every 1000 usernames in the above 10,000 have fixed prefix in their JID usernames like:
As you mentioned, you can define a vhost in ejabberd for each user group: 10001#aa.example.com... Or in order to not change existing usernames: aa10001#aa.example.com...
Maybe if I can use Virtual host in some way that it is easy to manage (adding new pairs frequently) without adding a new database for each then that will be a best-ever solution
Right, you can have all the vhosts in a single database, if you configure ejabberd like this and use the apropiate *.sql file when creating the database:
new_sql_schema: true
Can I add a virtual host dynamically in the config without stopping the server?
Yes, it should work (it's a recent feature). Edit ejabberd.yml as you wish, and reload it with:
$ ejabberdctl reload_config
Related
I'm working on a tool to generate SPF TXT records and I am trying to get a loop for scanning the domain for the relevant hosts A records. All I get is just a single entry when I supply the domain name as the domain to check. The other hosts in the domain don't return entries...
Any ideas on how to do this?
Did some research and it seems that you need to do a zone transfer to get the records, as allowing a random IP to access the whole domain has too many security vectors. So no real way to do what I was wanting... Sorry for wasting time!
So I'm sending all users through apache with mod_auth_kerb. All users come in with a default userRolesHeader of users.
I'd like to add extra roles for specific accounts, but I'm not seeing a good way to do that. If you could define the users in realm.properties and it would combine with the userRolesHeader, that would be useful.
Is there another way to do this? I don't see how it can be done with apache alone since REMOTE_USER isn't available during if/else logic processing.
#rundeck
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles
#apache
RequestHeader set "X-Forwarded-Uuid" %{REMOTE_USER}s
RequestHeader set X-Forwarded-Roles users
Internally Rundeck gets only one method once, if you configure Rundeck to get the users from the realm.properties file, Rundeck seeks the roles from that file. Currently You can combine methods but the user/role in different methods doesn't.
A page in author with UUID(jcr:uuid) is activated and its content is replicated onto the 3 associated publish servers.
The content available in all the 3 publish servers has different UUIDs. So, considering the same content across all the 4 instances on AEM (1 author + 3 publish), how to associate with something unique?
I'm implementing a solution where I need to associate a unique id that can be mapped to the individual content across all the instances.
Approaches that I've tried till now:
Used the content path - to generate a unique id - by removing the '/' & '-' in the path.
The issue faced - For some paths this can be more than 128 chars which is the limit for the service to accept a unique id.
If I generate a unique id programmatically it will work, but how can I try to use that to track the back content? As I cannot store this programmatically created id on the jcr:content and activate the page.
Issues - If I replicate the page, it will change the activation date as well- which is also important metadata for the content.
What can be the most feasible solution for the use case? Kindly help with suggestions and possible solutions.
You could use a hash of the content path. Easiest way to get a hash is using hashCode(). For compactness, use the Base64 representation of the hash bytes and truncate after a predetermined number of chars.
Product Use Case - Our product has a typical use case where we will be having n no of users. Each user will have n no of workflows and each workflow can be run at any time(n of time).
I hope this is a typical use case of any workflow product.
can I use a domain to differentiate users (I mean to say that creating a domain per user)?
Can I create one WorkflowClient per user to serve all his workflow executions? Or for each request should I need to create one WorkflowClient? which one is a recommended approach?
What is the recommended approach in creating Worker objects to poll task list?
Please don't mistake me If I have asked anything meaningless
can I use a domain to differentiate users (I mean to say that creating a domain per user)?
Yes, especially when these users are working in different teams or product, using different domain will avoid workflowName/IDs conflicting each others, and also assign independent number of quotas for managing traffic.
Can I create one WorkflowClient per user to serve all his workflow executions? Or for each request should I need to create one WorkflowClient? which one is a recommended approach?
Use one WorkflowClient for each domain, but let all WorkflowClients on the same instance share the same TChannelService to save the TCP connection.
I would start with a single namespace (domain) for all users. Unless your users directly operate their workflow implementations it doesn't buy you much to use multiple namespaces.
I'm running an ejabberd server where I need users whose name applies to a specific pattern will have a fast shaper assigned to them. For example, if I have these users:
A123
A222
B892
C123
I would like to make all the users use the "normal" shaper, but if the user name is "A*", I want it to get the "fast" shaper. I'm trying to avoid configuring a group and manually adding all the "A*" users to that group.
Ideas?