I am trying to simulate an intranet CMS and installed the eu_ldap extension for typo3. Unfortunately the downloaded guide is out of date, and the current manual is of very little use to a typo 3 beginner.
Is it possible to create nodes from within the extension or it has to be defined in the ldap server? Or can users can be created within typo3 then be authenticated via ldap or whether it has to be done on the OS. I'd like to build an intranet system and create users who can create resources using other extensions but I would like to structure access control also. In short I don't understand which functionalities are delegated to the extension and which have to be structured on the server side.
At the moment my best guess as to how to create the domains is to create a domain object with each page that acts as a domain root which will correspond to a node within the ldap (e.g. ou=Members) then create an ldap server object in typo 3 on that page, assuming this works (if it is the way to go about it) how can users be created and given acls? then added to this domain for instance?
The extension just provides the authentication service. So can connect the TYPO3 to your ldap by providing the connection data in the extension and then every login attempt is not checked on the TYPO3 side, but redirected to the ldap system. This just sends back whether the user is allowed to login and may provide some more information about the user and the assigned groups.
The ldap system does not know anything about the structure inside your TYPO3, but you can use the groups for access restrictions.
Most of the ldap extensions work like that and depending on whether you want to provide login to frontend, backend or both, there may also be better extensions for your case. You have to be a little more specific on
I'd like to build an intranet system and create users who can create resources using other extensions but I would like to structure access control also.
What kind of resources do you want them to create? Does that mean frontend or backend? What exactly do you want to have an access control for? Pages or content or plugins/extensions or backend modules?
Related
I'm developing an extension for TYPO3 8.7 that queries an API for some data.
The frontend part works, although the API is called live at the moment.
Now I'd like to build a little backend module in which the integrator can at least manage the API credentials. Maybe also storage PIDs and other settings.
I guess storing data like these is usually done using TypoScript(?), but it would be nice to have a interface for storing settings of all kinds.
I rather guess I could create a database table and access it in the backend and frontend on a low level.
But before I do so I'd like to ensure that there is no other, designated way to do so. Maybe interact with the settings array somehow or whatnot.
I thought that storing configuration data would be a common usecase for backend modules. But I could not find any example for this.
Am I mislead about the usage of backend modules somehow?
TYPO3 Provides a Lot of Configuration Options.
in the Extension Manager
this allows you to set settings on a Systemwide Basis.
allows you to Set extension settings. using the ext_conf_template.txt this is easy for extension developers. and only accessible by admins. https://docs.typo3.org/typo3cms/CoreApiReference/ExtensionArchitecture/ConfigurationOptions/Index.html
Typoscrip Contants
this allows you to set configuration on a page basis, this is a great choice if you setup different settings on diffrent pages. or have a mutlipe sites in one TYPO3 Installation. there is an Interface "Constants Editor" in the Template Module which allows editors to set the settings of the constants.
Plugin / Flexform
the most common way an editor configures some settings. but they have to repeat them for every plugin.
Backend Modules
Backend modules are Designed for mor Complex task like manageing a News workflow. or giving inside-view into some process (status reports etc.) of cours they could be used to just store some simple settings. but its uncommen. and clutters the TYPO3 Backend Interface.
AdditionalConfiguration.php / ext_localconf.php this allows you to set very Low Level Configuration. if your configuration needs to be Availible only to Developer or needs to be Present in an Eary Bootstrapping Phase of TYPO3 this is a good choice
I your case, I would create a simple backend module and store the credentials in the Registry. This is easy to explain to the customer and you have the possibility to give access to that module to special user groups. By using the registry there's no need to create custom Tables.
Guide on how to create a backend module : https://docs.typo3.org/typo3cms/ExtbaseFluidBook/10-Outlook/2-Backend-modules.html
Guide on the Registry: https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/SystemRegistry/Index.html
I am working on an application where I need to setup identity server 4. I have an api as resource. and a web forms application as client.I have few roles like teachers, students, parents in my database. How can I use this custom database and perform authentication and authorization without using identity?
Please suggest.
From your other question here I get a better idea of what you want.
I think one solution for what you want would be to setup identityserver4 in a seperate project with its own seperate database. I noticed the tag identityserver3, but I think it is quite safe to go for identityserver4. It shouldn't make a difference for the client/user since they are conceptually compatible.
1) Give your application a client/secret (which you configure in identityserver) in order to identify your application and grant access to the resource api. Here is some information: http://docs.identityserver.io/en/dev/quickstarts/1_client_credentials.html
You'll only need to configure one client to protect your resource from the outside. The only way to access the resource api is through your application, since your application is making the actual calls. This is also the drawback, you cannot expose the token to the outside world.
Since your client isn't the actual user, you'll need to identify the user. You can use any mechanism based on your current model as you like. A simple user/pass (with or without asp.net identity) could be enough to determine the roles. But please keep in mind that your application has full access to the resource api.
2) However, since identityserver is available, why not use it? Why don't you want to use the identitymodel? I think you should consider to seperate the identity information and your datamodel. Your datamodel shouldn't be aware of the security. And the security has nothing to do with your datamodel.
When you create a seperate database for identityserver you have one place to configure the identity users. All you need is a reference (sub) to the user in the datamodel. http://docs.identityserver.io/en/dev/quickstarts/2_resource_owner_passwords.html
Add claims or roles and everything is in place and you'll see there is no need to keep identity data in your custom database. The structure of your custom database stays intact, including the user table but without the identity data.
I think this is a safer solution and considering the good documentation and sample projects it may even turn out to be a quicker solution.
I have two databases in my postgesql, one for the client and another one for the administration, we have these legal texts created in the administration database. What I need to do is to create a button "synchronize" in the client side to allow him to add new legal texts (if there is new legal texts) to his database. I don't know how to do it, or how to access another database from the current one.
you may want to take a look at this page Web service api odoo provid you with a couple of webservice allow you to performe search or read data or create or update almost everything you need in here so if you want to create some record in the other odoo instance use xml-rpc and you can create or update anything you want if you have acces rights.
https://www.odoo.com/documentation/9.0/api_integration.html
read it carefully it's so easy to understand and the example works fine in the online version you need it
I want to set up an intranet that can be accessed in more than one location.
I want the server to be located in one location and be accessed in another. For example it would be at the users home, or in one of our many offices. At the moment I can't see more than 7 people using it, so we won't need anything large to start off with.
I use Wampserver for building our webpages, but I don't think Wampserver will be enough to do what we need. As if I set up Wampserver it is only accessible from the building we are in. I do not want to open the firewall to put it online as the pages that we will be serving will not be for the public.
The typical way of doing this is to set up and configure a VPN solution for your home users. You could do this yourself or use a third party solution. Normally, you would allow VPN users access to specific resources, such as your intranet server.
The other alternative is to allow public access to the intranet server, but implement authentication on the intranet server so only your users can access the content.
I would normally go for the former as a more secure solution, but it depends on your environment and requirements.
I'm building a web application that will have access to PeopleSoft's database via jdbc.
Is it possible that I can use PeopleSoft's id/password for my custom application, so users accessing my website will not have to have another username/password?
Peoplesoft stores user details in the table PSOPRDEFN.
You will be able to verify the username against: PSOPRDEFN.OPRID.
The password field is: OPERPSWD.
Unfortunately the encryption function used for this field: hash() is available only from within peoplecode.
If you want to use a single sign on you should be able to do so by customizing the USERMAINT.gbl component perhaps in the saveprechange peoplecode, to save the password in a second field of your choice with an encryption algorithm that you can implement from JDBC as well.
If you want to reuse PeopleSoft security, you'd need to connect at a higher level than JDBC straight into the database. You could look at a component interface (codeable in Java) or send a SOAP message into PeopleSofts Integration Gateway - both methods would authenticate you against peopleSoft using its own security mechanisms.
The old way was to customize psuser.c to your needs and recompile as a new dll, used it your program, assuming you're on a Microsoft platform. As mentioned above, you could have a peoplesoft developer create a component interface ( or use the one that is delivered ). You can export wrapper Java or C/C++ code from a CI, a template. This code can then be used in an external program to call the CI. one way or the other, you have to interface with peopletools to call their decrypt for passwords.
Depending on how dynamic your business is, whether you add lots of employees each day, you could export psoprdefn using app messaging to another database. On the send, you could encrypt passwords however you like. But as you can surmise, this would not be real-time.
One thing I remember doing long ago was have a peoplesoft tech person develop a page the sole functionality of which was to call my java class and which obtained user/pswds as needed. Once I had them, I was good to go.
You can use the psjoa.jar , in that way you can signon via app.server using the same users and passwords in the psoprdefn table.
PeopleSoft has an LDAP integration ability but it has to be configured. If you are accessing via a Java wrapper around a component interface, a special account can be set up in PeopleSoft with access only to the underlying component, but the login/password would have to be passed into the component interface. This can be encrypted or sent over https.
PeopleSoft also has what it calls "row level" security - the ability to partition data sets so that for example your code could only access employee data within a specific business unit or accounting info for a particular line of business. This is all controlled within the PeopleSoft online security application.