LDAP auth for MongoDB with Pam - mongodb

I am working to get MongoDB (using the Percona distro) to authenticate using Pam. I can see lots of info about using SASL, but the company standard is pam and I'm not able to change that. I see a project from 2011 in GitHub (pam_mongodb) that says it works, but given the age I'm hoping for a better solution. I have RHEL 7.5, Mongo 3.6.5, and and have cyrus-sasl 2.1.26 installed, but not configured.
Any suggestions? I am completely new to LDAP and trying to fumble my way through, so pointers to web pages are also helpful.
Thanks...

Related

How can we access Bluemix hosted "Compose for MongoDB" service from "outside"?

Situation:
Have created today a new Compose for MongoDB Service instance in Bluemix
Need:
I have to access this MongoDB DIRECTLY with tools (eg. Mongo Managemant Studio Pro, mongo.exe, etc.) for bulkloading, testing, ad-hoc data fix, etc.
Problem:
I have not found any docs, samples nor a CLEAR statement that
a) gives me some confirmation that THIS is possible
b) gives me COMPLETE information (not just some technical fragments that might have worked year ago) how to do it.
Maybe I am looking to the wrong places or do not know the right people. However I am stuck on this, and before quitting Bluemix MongoDB maybe somebody has a copy/past solution or handson step by step manual.
Any help welcome. Thanks!
Connecting to MongoDB service in Bluemix from an application is possible. For this answer I have used the application "Robo3T" and here are the steps:
Access your MongoDB Service on you Bluemix account. Usually under
"Cloud Foundry Services"
Open section "Manage", from "Connection Settings" copy from "HTTPS" the connection address and port. In this example "sl-eu-lon-2-portal.5.dblayer.com" and "20651"
In Robo3T create a new connection with the connection address from previous step
In tab Authentication configure database name, username and password
. The credentials are found as in step 1
From "Connection Settings" copy the SSL Certificate into a text file and save locally.
In Robo3T Add the certificate to the connection in the "SSL" tab
Test the connection and save the settings
Answer
YES, Bluemix hosted Compose for MongoDB instances can be connected from the mongo Shell and some updated DB Managment tools.
However, you have to make sure, that in case you are running the newest DB versions, that your tools (shell and DB management GUIs) comply with the newest DB features such as encryption etc.
Origin of the Problem
My problem was due to older and therefore incompatible versions of the mongo shell and DB-managment tools running against the newest MongoDB versions with their specialities on encription and multiple servers to be handled in the URI.
At least two DB managment tools are not compatible with the newest DB version and will take their time to get fixed. The problem is, that both will not tell you about this. They just do not not connect. No logs on either side. Period.
So my advise here: look for tool providers who express dedicated compliance with the specific version of your DB.
Advise to the Bluemix Team
It might not take much time to provide some sample connection strings for the most common tools like the mongo shell, MongoBooster, etc. to take the hassle and guesswork out of interpreting the Environment variables and figuring out what is needed for specific connection strings and what is not.
For instance MongoDB Atlas hosting provides for every cluster readymade connection strings for many tools you can just copy/past and done!
Connecting to Atlas took me 5 Minutes. For Bluemix I have lost hours! Not because it is complex, but because the documentation and the generated Info is somehow incomplete and messy - at least for the ones who do not connection strings for their living!

Powershell Grant IIS_IUSRS access to SMTP metabase

Ok I am attempting to transfer a manual change to powershell,
Attempting to grant IIS_IUSRS access to /LM/SmtpSvc/ and /LM/SmtpSvc/1/ nodes in the IIS Metabase.
I have googled extensively and can not find an example of what i am looking for.
I have been trying to play with
$smtp = [wmiclass]‘root\MicrosoftIISv2:IIsSmtpServerSetting'
But I am in a little over my head with WMI.
Any help would be appreciated. This setting is required for resolving
This.
Not an exact answer, but the best I have so far. Following the Guide here I chose option 1 and changed the app pool to network service. I will still work on a way to do the permissions settings with powershell.
Update (solution untested)
I found this answer on another post that details how to do it using scripts in the iis6.0 resource toolkit. To get these scripts on server 2012 you have to install the IIS6.0 resource toolkit, the only way i can find to do a silent install of this one was located here from there you can call the scripts using cscript.exe. I stuck with the changing user on the app pool option because it fits in with other things as well.

configure users using opensips 1.11(Ubuntu 14.04)

After installing opensips(It will be better if i won't have to use opensips control panel) how can add users and can make test call.
Note:
I am a newbie, and following this guide for installation.
http://www.opensips.org/Documentation/Install-CompileAndInstall-1-11
Instead of using the Control Panel, you can use opensipsctl in order to add new subscribers. All you need to do is:
opensipsctl add liviu#opensips.org mypassword
For more help on the opensipsctl, simply type:
opensipsctl
For any user that's trying to install the package under Ubuntu by instructions from official manual, please make sure that you also read setup manual from github page, section [C] and [D]
https://github.com/OpenSIPS/opensips/blob/master/INSTALL
I've tried to do a fresh setup of opensips on a virtual machine to test the functions. The provided packages on Jessie branch of Debian (which is supported by Ubuntu 14.04) is not included MySQL database deployment.
For a quick test I'm using the DBText as DB engine, and using command to add user will not succeed. Because the DBText engine requires email field, however the opensipsctl interface doesn't understand, so we should add some subscribers by adding some lines to Subscriber table, basically is located under path /usr/local/etc/opensips/dbtext, e.g:
1:brian:192.168.186.129:password:123456:xxx:xxx:xxx
2:julia:192.168.186.129:password:123456:xxx:xxx:xxx
Example above using the ip which is the virtual machine ip.
Good luck.

Install MongoDB and give access only to groups in Linux Ubuntu Server

I have created a user group and I would like to know how can I install MongoDB on Ubuntu 12.04.4 LTS such that only read/write access is given to certain users in a user group. Thanks.
The users you define on the OS side has nothing to do with the users inside Mongodb, take a look at this http://docs.mongodb.org/manual/core/access-control/. You need to setup users inside the db itself to restrict access. You can check the security related topics here, that documentation contains detailed description of the concepts and explanation how to do the setup.

Accessing Appfog MongoDB service

How can I acces MongoDB service running on Appfog from my local? I want to use it with gui application. Is it possible?
I am assuming that you are using an AppFog MongoDB add-on and that the GUI tool you want to use is running locally on your machine, is that correct?
It's not clear to me what GUI application you're trying to use, but chances are it accepts a MongoDB URI of the form "mongodb://[user]:[pass]#[host]:[port]/[dbname]" You can use this info to connect through the db shell, too. Or if your tool doesn't take a URI, you can cut&paste specific values from the URI according to the format.
If you are using an AppFog MongoDB addon, then you can get the value for your URI from the Env Variables section of your app page at the AppFog portal. You can also get that value in your code, per something like https://docs.appfog.com/add-ons/mongolab.
You should also keep in mind that MongoDB services often have their own management UI that you can use. If you go to the Addons section of your application page on AppFog, scroll to your provider and click "Manage" you can access their tools as well.
Good luck, and let me know if I have misunderstood your question.
Sincerely,
Eric