I would like my code to be FIPS compliant but the default username and passwords in Orient 2.2.13 are not. I tried specifying the user name and password when I get an OrientGraphFactory but that didn't fix the problem. I'm trying to log on as admin with my own 16 char password but it looks like Orient reverts to using admin : admin.
How can I configure a user before the database is created to make OrientDB FIPS compliant?
You can set a user through the config/orientdb-server-config.xml configuration file, in the <users> element, like below:
<users>
<user name="root" password="{PBKDF2WithHmacSHA256}55F3DEAE:DLJEJFDKY8:65536" resources="*" />
<user name="guest" password="{PBKDF2WithHmacSHA256}B36E7993C961:C8C8B36F3:65536" resources="connect,server.listDatabases,server.dblist" />
</users>
Hope it helps
Regards
Related
I am using JBOSS EAP 6.3, working with domain mode, I have installed and create user admin with passowrd xxx. I am able to login management console
Now I want to enable Role-Based Access Control (RABC) in JBOSS. I have modified domain.xml to enable RABC
<management>
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
Now the problem is I am trying to open management console using same user and passoword but it shows below error
what should be default credential for RBAC profile or I need to add user again after enabling RBAC?
In order to bypass this error, you have to define a role-mapping from the groups or users defined in the realm to the desired roles.
For example, to grant SuperUser access to the user admin you have already created, use the following JBoss CLI command:
/core-service=management/access=authorization/role-mapping=SuperUser/include=user-admin:add(type=USER,name=admin)
You will see the following result in the domain.xml:
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="admin"/>
</include>
</role>
</role-mapping>
I'm attempting to create a logon token using the BOE BI Platform RESTful SDK v4.1 (using RESTClient).
A GET request to http://server:6405/biprws/logon/long/ returns:
<attrs xmlns="http://www.sap.com/rws/bip">
<attr name="userName" type="string" />
<attr name="password" type="string" />
<attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secEnterprise</attr>
</attrs>
A POST to http://server:6405/biprws/logon/long/ with a single header of Content-Type: application/xml and a payload of
<attrs xmlns="http://www.sap.com/rws/bip">
<attr name="userName" type="string">myAccount</attr>
<attr name="password" type="string">myPassword</attr>
<attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secWinAD</attr>
</attrs>
returns:
<error>
<error_code>FWM 00006</error_code>
<message>Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName#DNS_DomainName, and then try again. (FWM 00006)</message>
</error>
I've also tried attr name="userName" type="string">myAccount#mycompany.org</attr>, but with the same results.
A POST to http://server:6405/biprws/logon/adsso returns:
<error>
<error_code>RWS 00057</error_code>
<message>Method not allowed (RWS 00057)</message>
</error>
The credentials work with BI Launchpad and the CMC.
What am I missing?
First, a disclaimer -- I've only done REST WinAD with SSO, not manual logon. So I can't be absolutely sure that my suggestions below will fix your problem.
The call to /biprws/logon/adsso requires a GET not a POST, but that will likely not work until you have SSO working.
There are a few settings that are required for WACS to use WinAD, with or without SSO. The file is here:
SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\pjs\services\RestWebService\biprws\WEB-INF\web.xml
You will see a section commented out, starting with:
<!-- Kerberos filter section starts
Uncomment this section. Then set the following parameters:
idm.realm
idm.princ
idm.keytab
idm.kdc
idm.allowUnsecured
The values for these parameters should equal what was set in your system for BI launch pad. This is in:
SAP BusinessObjects\tomcat\webapps\BOE\WEB-INF\config\custom\global.properties
The format of the file is different (global.properties is a simple properties file, but web.xml is xml). So you can't just copy/paste the section, but you can copy the individual values. For example, in global.properties, you might see:
idm.keytab=C:/WINDOWS/bosso.keytab
This would be done in web.xml as:
<init-param>
<param-name>idm.keytab</param-name>
<param-value>C:/WINDOWS/bosso.keytab</param-value>
<description>
The file containing the keytab that Kerberos will use for
user-to-service authentication. If unspecified, SSO will default
to using an in-memory keytab with a password specified in the
com.wedgetail.idm.sso.password environment variable.
</description>
</init-param>
Couple of references:
http://myinsightbi.blogspot.com/
https://techwriter79.wikispaces.com/file/view/sbo41sp5_bip_rest_ws_en.pdf
I'm new in XMPP, recently I have installed and configure openfire admin control by defining IP (localhost), port (5222) and new database named: openfire in MySql.
But my usernames and their passwords are in another database, is there any steps to configure in openfire so that it can check the user authentication in my own created database instead of checking it's(openfire) own created usertable ofuser.
I'am Adding TAGS here,
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9099</port>
<securePort>9091</securePort>
</adminConsole>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>com.mysql.jdbc.Driver</driver>
<serverURL>jdbc:mysql://localhost:3306/openfire?rewriteBatchedStatements=true</serverURL>
<username encrypted="true">87d776abae54f5b4c95c78b78420a6967a9429e9e6d7a5c0</username>
<password encrypted="true">7a1603cafdfe1383ea0e284360172ca8c94b37314dbd5390</password>
<testSQL>select 1</testSQL>
<testBeforeUse>false</testBeforeUse>
<testAfterUse>false</testAfterUse>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<jdbcProvider>
<driver>com.mysql.jdbc.Driver</driver>
<connectionString>jdbc:mysql://localhost:3306/mydb?user=root;password=root</connectionString>
</jdbcProvider>
<provider>
<auth>
<className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
</auth>
<user>
<className>org.jivesoftware.openfire.user.JDBCUserProvider</className>
</user>
</provider>
<jdbcAuthProvider>
<passwordSQL>SELECT upwd FROM users WHERE uname=? and usertype=2 and delflag=0</passwordSQL>
<passwordType>md5</passwordType>
</jdbcAuthProvider>
<jdbcUserProvider>
<loadUserSQL>SELECT CONCAT(ufname,ulname) AS name,uemail as email FROM users WHERE uname=? AND usertype=2 AND delflag=0</loadUserSQL>
<userCountSQL>SELECT COUNT(*) FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</userCountSQL>
<allUsersSQL>SELECT uname FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</allUsersSQL>
<searchSQL>SELECT uname FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</searchSQL>
<usernameField>uname</usernameField>
<nameField>ufname</nameField>
<emailField>uemail</emailField>
</jdbcUserProvider>
<setup>true</setup>
</jive>
Here is a official openfire documentation for exact your case:
https://www.igniterealtime.org/builds/openfire/docs/latest/documentation/db-integration-guide.html
First, editing openfire.xml wont make any expected change with your openfire. even after you restart it.
You should edit that configuration from SERVER -> System Properties . OR you can directly modify database in ofproperty values.
but be carefull.. none of my JDBC authentication seems work if use my own user table. even if i set it to PLAIN password. and their MD5 looks different than standart md5 hashing method
Installer installs windows service.
I provide form to user to select one of accounts to start the service:
Local service
Local System
Network System
User account
When I select User and enter Domain\Administrator account + pwd during the installation, service cannot be started.
When I select Local Service it started ok. After this I can change manually account to the same Domain\Administrator account and it started ok.
Why such different behavior?
How I can start service during the installation under any users' account?
Take a look at the Util Extensions User element. You can set the CreateUser attribute to no, the Name attribute to the [PROPERTY] that you are using in your UI for UserName Input and the LogonAsService attribute to yes. This will instruct WiX to grant your user the LogOnAsService right without having to write a custom action to call ntrights.exe.
Here's a sample as requested:
<?xml version="1.0" encoding="utf-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<Product Id="*" Name="Setup" Language="1033" Version="1.0.0.0" Manufacturer="test" UpgradeCode="5c6b0f52-d024-4f1b-bfae-2dbb96b3ef15">
<Package InstallerVersion="200" Compressed="yes" InstallScope="perMachine" />
<MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed." />
<MediaTemplate EmbedCab="yes" />
<UIRef Id="WixUI_Minimal" />
<Feature Id="ProductFeature" Title="Setup" Level="1">
<ComponentRef Id="serviceComponent" />
</Feature>
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="ProgramFilesFolder">
<Directory Id="INSTALLFOLDER" Name="Setup">
<Component Id="serviceComponent" Guid="380bbddd-daa7-0744-517b-37da768f5570">
<File Id="serviceFile" Source="$(var.WindowsService.TargetPath)" KeyPath="yes" />
<ServiceInstall Id="serviceInstall" Name="WindowsService" DisplayName="WindowsService" Start="auto" Type="ownProcess" ErrorControl="ignore" Account=".\serviceaccount" Password="p2Ekutrekac34ph2" />
<ServiceControl Id="serviceControl" Name="WindowsService" Start="install" Stop="both" Remove="both" Wait="no" />
<util:User Id="user" CreateUser ="yes" Name ="serviceaccount" Password="p2Ekutrekac34ph2" LogonAsService="yes" UpdateIfExists="yes" RemoveOnUninstall="yes" PasswordNeverExpires="yes" FailIfExists="no" Domain="[ComputerName]" CanNotChangePassword="yes" Disabled="no" PasswordExpired="no"/>
</Component>
</Directory>
</Directory>
</Directory>
</Product>
</Wix>
You need to make sure that the selected user account has the right to log on as a service. It doesn't matter if you are an Administrator, you cannot install services for an user without giving him the log on right.
If setting this policy works, you also need to do it dynamically during install. A solution is to use ntrights.exe as a custom action. This custom action can use your custom properties which contains the user account information.
In case anyone wonders why the code from #Christopher Painter his answer didn't work. I had similar code that didn't work with error 1923.
Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
MSI (s) (10:08) [15:55:00:161]: Product: '' (64 bit) -- Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
Until I found that services.msc dialog needs to be closed during installation.
No idea why, but it works.
During development services.msc was open all the time, so I never noticed.
I have setup a Continuous Integration environment using CruiseControl.Net. I want to know how an email can be sent to a person at the time of a build failure.
Thanks in Advance.
You can use an <email> block within your <publishers> block.
Our system looks like this:
<publishers>
<xmllogger />
<email from="cruise#ourcompany.com" mailhost="mail.ourcompany.com" includeDetails="TRUE" mailport="25" useSSL="FALSE">
<users>
<user name="Mr Happy" group="buildmaster" address="mrhappy#ourcompany.com" />
<user name="Mr Strong" group="buildmaster" address="mrstrong#ourcompany.com" />
</users>
<groups>
<group name="buildmaster" notification="change" />
</groups>
<converters>
<regexConverter find="$" replace="#ourcompany.com" />
</converters>
<modifierNotificationTypes>
<NotificationType>Failed</NotificationType>
<NotificationType>Fixed</NotificationType>
</modifierNotificationTypes>
</email>
</publishers>
NB, we use an <svn> source control block to get latest source and trigger a build. The <regexConverter> section takes the svn user and adds "#ourcompany.com" to the end to form an email address.
You will need the details for an SMTP server to send the email. I believe it is possible to use gmail for this, but our company has its own SMTP server.
With this system, the "build masters" (Mr Happy and Mr Strong) will get an email whenever the build status changes, and anyone who has committed code into SVN will get an email when the build their code causes fails or is fixed.
The <xmllogger/> section is necessary as by default (if you have no <publishers> section), there is an XML logger publisher. This logs the information for the web interface.