Requires upload user information from Active Directory.
I found on the Internet a few additions that provide this opportunity: multicorn and ldap_fdw.
The problem is that I can not figure out how to filter the result
For example multicorn allows you to specify the directory where to search (path) and the object of the search (objectClass). But this is not enough. It is necessary to restrict the people who are in a particular group.
How to do it?
Postgres uses LDAP only to check password. You must still create roles with proper Postgres options, heritage and grants.
To create roles dynamically from LDAP rather than creating them manually without password, you can use a tool like ldap2pg.
Using ldap_fdw or multicorn should not be useful for this. These extensions are meant to expose foreign data to APP, not to extend Postgres internals.
Cheers,
Related
I am trying to create a users model for my application sign in with Mongoose / MongoDB. Based on how I see it when I deploy to Atlas or Mlab, it auto generates a users collection but for the purpose of database authentication - like this user has read access, write access, admin, etc. What is the convention for creating application users? Do I also use the same users collection but add additional schema properties or do I make a different one altogether like app_users. Thanks!
Are you using the test or admin database? You should create a new database for your application. When you create a new database it will not come with any predefined collections or such, so you can start blank (which is what I assume you want?).
You don't need to explicitly create a new database. Just point your driver to a database name you want for your app. Or in the mongo CLI type use myAppDb and you can start adding collections there.
More details here https://docs.mongodb.com/manual/mongo/#working-with-the-mongo-shell
Being new to perfect server side swift, I cannot find any packages that help with role based access authorization. In Spring there is for example,
.antMatchers("/homePage").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.antMatchers("/adminPage").access("hasRole('ROLE_ADMIN')")
Is there something already existing in perfect to help with this? Is there a recommended way of handling access control in perfect?
As you use perfect server, you may take a look at:
PerfectlySoft Perfect-Authentication
perfect.org authentication
perfect.org Turnstile
Perfect provides system level of authentication.
Firstly, you can go to github and search PerfectlySoft/Perfect-LocalAuthentication for user identity validation, however, it doesn't contain the role control as you asked.
It can be done in other approaches. For example, you can use Perfect-LDAP to access an LDAP server for all kinds of roles and groups.
I am working on an application where I need to setup identity server 4. I have an api as resource. and a web forms application as client.I have few roles like teachers, students, parents in my database. How can I use this custom database and perform authentication and authorization without using identity?
Please suggest.
From your other question here I get a better idea of what you want.
I think one solution for what you want would be to setup identityserver4 in a seperate project with its own seperate database. I noticed the tag identityserver3, but I think it is quite safe to go for identityserver4. It shouldn't make a difference for the client/user since they are conceptually compatible.
1) Give your application a client/secret (which you configure in identityserver) in order to identify your application and grant access to the resource api. Here is some information: http://docs.identityserver.io/en/dev/quickstarts/1_client_credentials.html
You'll only need to configure one client to protect your resource from the outside. The only way to access the resource api is through your application, since your application is making the actual calls. This is also the drawback, you cannot expose the token to the outside world.
Since your client isn't the actual user, you'll need to identify the user. You can use any mechanism based on your current model as you like. A simple user/pass (with or without asp.net identity) could be enough to determine the roles. But please keep in mind that your application has full access to the resource api.
2) However, since identityserver is available, why not use it? Why don't you want to use the identitymodel? I think you should consider to seperate the identity information and your datamodel. Your datamodel shouldn't be aware of the security. And the security has nothing to do with your datamodel.
When you create a seperate database for identityserver you have one place to configure the identity users. All you need is a reference (sub) to the user in the datamodel. http://docs.identityserver.io/en/dev/quickstarts/2_resource_owner_passwords.html
Add claims or roles and everything is in place and you'll see there is no need to keep identity data in your custom database. The structure of your custom database stays intact, including the user table but without the identity data.
I think this is a safer solution and considering the good documentation and sample projects it may even turn out to be a quicker solution.
Previously I was using databases from BaaS (Backend as a Service) - Parse, Backendless, Firebase - this services has everything I need to manage users of my webapps: tokens handling, owner policies etc.
How do I manage webapp users in own database? (PostgreSQL 9.4)
Is it suppose to be just a regular table, which will contain columns "login", "password" etc. or there are specific tools to implement that?
How should I handle tokens? Should I store it somehow in database, or tokens suppose to be stored in my server and are not bind to database at all?
How do I implement owner policies? Are there some specific tools in Postgres for this, or I should simply create the column "ownerId" in each table and use it as Foreign Key?
If you know good articles on this topic - please, post a links - it will be very helpful!
I would search for it in google, but I've found nothing but articles about database users handling. I assume, this is not what I'm looking for.
Regular table or postgrsql ROLE system
Usually tokens are on application side
Postgres 9.5 have row security policies but you can implement owner policy by yourself. Hard to say what database features you have to use without
assumptions of the project.
I am trying to simulate an intranet CMS and installed the eu_ldap extension for typo3. Unfortunately the downloaded guide is out of date, and the current manual is of very little use to a typo 3 beginner.
Is it possible to create nodes from within the extension or it has to be defined in the ldap server? Or can users can be created within typo3 then be authenticated via ldap or whether it has to be done on the OS. I'd like to build an intranet system and create users who can create resources using other extensions but I would like to structure access control also. In short I don't understand which functionalities are delegated to the extension and which have to be structured on the server side.
At the moment my best guess as to how to create the domains is to create a domain object with each page that acts as a domain root which will correspond to a node within the ldap (e.g. ou=Members) then create an ldap server object in typo 3 on that page, assuming this works (if it is the way to go about it) how can users be created and given acls? then added to this domain for instance?
The extension just provides the authentication service. So can connect the TYPO3 to your ldap by providing the connection data in the extension and then every login attempt is not checked on the TYPO3 side, but redirected to the ldap system. This just sends back whether the user is allowed to login and may provide some more information about the user and the assigned groups.
The ldap system does not know anything about the structure inside your TYPO3, but you can use the groups for access restrictions.
Most of the ldap extensions work like that and depending on whether you want to provide login to frontend, backend or both, there may also be better extensions for your case. You have to be a little more specific on
I'd like to build an intranet system and create users who can create resources using other extensions but I would like to structure access control also.
What kind of resources do you want them to create? Does that mean frontend or backend? What exactly do you want to have an access control for? Pages or content or plugins/extensions or backend modules?