I managed to get my Active Directory up and running, and now I want to integrate my MS-AD into my Moodle server. I followed the steps from the Moodle docs as close as I can.
This is the error message I get when trying to log into my Moodle server with an Active Directory User:
LDAP-module cannot connect to any servers: Server: 'ldap://europe.domain.com/', Connection: 'Resource id #16', Bind result: ''
And here is my LDAP server configuration within Moodle:
LDAP server settings
Host URL: ldap://europe.domain.com/
Version: 3
Use TLS: No
Bind settings
Distinguished name: cn=ldap-user,dc=europe,dc=domain,dc=com
User lookup settings
User type: MS ActiveDirectory
Contexts: ou=moodleusers,dc=europe,dc=domain,dc=com
Thats what I have done so far:
Created "moodleusers" OU
Created ldap-user AD user account & set the password to "Password never expires."
What have I done wrong?
There's a possible answer here in the Moodle forums
https://moodle.org/mod/forum/discuss.php?d=427908#p1722336
Bind result normally refers to two things.
Your bind user is entered incorrectly (perhaps an expired or changed password)
Your bind user does not have the necessary permissions on the OU referenced in the context.
Maybe also try one of the LDAP tools to test the connection outside of Moodle
https://ldap.com/ldap-tools/
For example
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
Related
I just installed Mongo DB on my Linux Server. Now I want to create an main admin user.
I followed the offical docs, but every time I run the command I get:
uncaught exception: Error: couldn't add user: command createUser requires authentication: _getErrorWithCode#src/mongo/shell/utils.js:25:13 DB.prototype.createUser#src/mongo/shell/db.js:1386:11 #(shell):1:1
I really don't know what I should do to fix this error.
Inside the /etc/mongod.conf config file authentication is disabled:
security:
authorization: "disabled"
Thanks for help!
To create the first user, you need to have authentication enabled and use the localhost passthrough: open mongoshell (the mongo command) from the same server in which the database is running.
Note that the passthrough is valid only when you connect via localhost and when no users have yet been created (once you create the first user, you will need to authenticate to perform any tasks). If you already created a user but don't remember the password, you will need to delete the entire dbPath folder, restart mongod and then use the passthrough to create the first user.
BACKGROUND
The user is defined in Azure AD and in Azure SQL.
test.user#company.com is defined and active in Azure AD. I’m able to log in with this user in Azure portal.
I have created a contained database user with the clause "from external provider" in the Azure SQL database and added the user to the db_datareader system role. The commands commits without error. I have compared the Asset ID in Azure AD and the SID in database and they match. I have tried with different users.
I am able to login as an AD User assigned to the SQL servers assigned "Active Directory Admin"
SQL Server users also login without any issue
Login test in SSMS
I have set default database to the specific database I’m trying to log into (Options-Connect to database).
I have tried with different Authentication modes:
“Azure Active Directory – Universal with MFA” and
“Azure Active Directory – Password”
When I try to login with SSMS I get
Error: 18456, state 1, class 14.
When I query [sys].[event_log] it returns
[event_systype]= 4, [event_subtype_desc] = login_failed_for_user.
PROCESS FOLLOWED
I have a user defined in Azure AD. (test.user#company.com)
In my Azure SQL database, I have set an Active Directory administrator.
I have created a user in SSMS test.user#company.com with the following syntax:
CREATE USER [test.user#company.com] FROM EXTERNAL PROVIDER;
I have assigned the user to the db_datareader role with the following syntax:
ALTER ROLE db_datareader ADD MEMBER [test.user#company.com]
ISSUE: When I try to connect as test.user#company.com, the connection fails and I get this error:
Login Failed for user test.user#company.com
Details of error contains:
Error Number: 18456, State: 1, Class: 14
I have tried to find an answer on learn.microsoft.com, googled my ass off and found some useful resources on this, but none that actually helps me with pinpointing what to do to resolve the issue. If anybody have an Idea of what I'm doing wrong, ref "PROCESS FOLLOWED" I'd be forever grateful :)
I solved it by a workaround, setting up a new database.
I did not find the cause of the problem, but it must be related to database setup "DTU"-"Basic" or some setting that I have managed to set without remembering.
Anyways, my process works when I set up a new database with "DTU"-"Standard" Configuration.
It seems to be some kind of encoding problem. After almost giving up and using a different DB, I tried creating a new one, but without some special characters. And suddenly, it worked.
If you can't change your database's password, you can just edit the connection string in another editor and it works as well (Notepad, VS code, etc).
i am developing a windows application that uses a database "MSSQL Server" installed in my pc.
the application has two interface : manager and user
the user will be located in different countries which is mean different network.
the network that my PC is connected to has a high level of security and my PC has local IP address.
what is the best and secure way to share the database and let the users located in network X access my database?
for example: should i use online database or azure or share point or DNS?
if any one has an experience in this kind of connection please advice.
Here is the solution for that!
Go to MySQL server
Type the following code to grant access for other pc
mysql > grant all privileges on . to 'root'#'%' identified by 'root_password'; mysql> flush privileges;
Replace ‘%’ with the IP you want to grant access for!
This worked for me!
In that case just use localhost and follow this steps:
mysql -u user -p
or
mysql -hlocalhost -u user -p
If you cannot login with this, you must find out what usernames (user#host) exist in the MySQL Server localy. Here is what you do:
Step 01) Startup mysql so that no passwords are require no passwords and denies TCP/IP connections
service mysql restart --skip-grant-tables --skip-networking
Keep in mind that standard SQL for adding users, granting and revoking privs are disabled.
Step 02) Show users and hosts
select concat(''',user,'''#''',host,'''') userhost,password from mysql.user;
Step 03) Check your password to make sure it works
select user,host from mysql.user where password=password('YourMySQLPassword');
If your password produces no output for this query, you have a bad password.
If your password produces output for this query, look at the users and hosts. If your host value is '%', your should be able to connect from anywhere. If your host is 'localhost', you should be able to connect locally.
Make user you have 'root'#'localhost' defined.
Once you have done what is needed, just restart mysql normally
service mysql restart
If you are able to connect successfully on the macbook, run this query:
SELECT USER(),CURRENT_USER();
USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in MySQL
Let us know what happens !!!
Login to the remote server and repeat Step 1-3
See if any user allows remote access (i.e, host in mysql.user is '%'). If you do not, then add 'user'#'%' to mysql.user.
I don't know how to create a database into Parallels Plesk Panel, so I tried it going to the PhpMyAdmin creating the database and modifying the admin user password from there, but now the system is showing me the next error:
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
What can I do to fix it?
Try to connect to psa database:
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
In case you cannot connect, try to update admin user for mysql with this password. After that Plesk should be able to connect with this database.
I also add this problem, for me the above solution didnt work. it appears plesk has been evolving it's password protection (e.g. .psa.shadow is now aes-cbc encrypted)
this kb article worked for me - i'm using plesk 11.09
http://kb.parallels.com/112492
I got myself into this situation when i got a cloud vm instance where i couldnt log into mysql. so i mysqld_safe and updated the admin password to what it was supposed to be, which meant i could log in but I also broke plesk. this kb got plesk back on its feet again
One thing I found; after following these steps I am not able to login to the plesk 'admin' user on the command line, even with the password i specified in the env variable ! so before resetting the admin password as per this kb article, create another mysql user with all privileges. then use the new user so you dont have the problem of sharing a user with plesk
as to why this happens i dont know, i'm interested if someone does. what appears to be happening is that the ch_admin_passwd of psa starts mysql with security disabled, does some operation on the password (obfuscate?, encrypt?, add salt?) and sets that password for the admin user. whatever that interim operation means that while plesk can log into mysql as admin because it's consistent with itself, the cleartext version of the password specified to ch_admin_passwd does not work on the command line with mysql
I have 2 users in my AD installation with the same CN
CN=jack,CN=Users,DC=xyz,DC=com and
CN=jack,OU=abc,DC=xyz,DC=com
When I try to authenticate to the AD Server using the Apache Directory Studio client and give the following credentials
User: jack
Password: <password>
the authentication fails. The following credentials work
User: CN=jack,CN=Users,DC=xyz,DC=com
Passwprd: <password>
When I have only a single user CN=tom,DC=xyz,DC=com with a given CN
I am able to login with
User: tom
Password: <password>
without having to specify the entire DN (CN=tom,DC=xyz,DC=com) .
I need to write a module to authenticate users against an AD installation. I have with me only the usernames and passwords and not the fully qualified BASE DNs. I cannot bind to the AD server to be able to use filters like (&(objectCategory=person)(objectClass=user)(sAMAccountName=jack)). How do I do this as the problem it seems happens when there are more than one user with the same CN ?
EDIT: Can I configure the AD server to bind against mail address/sAMAccountName of the users instead of CN ? This would solve my problem as these are unique while CN's are not
I found the attribute I was looking for --> userPrincipalName (UPN) . This has a unique value in Active Directory and can be supplied as the user name while attempting to authenticate. So now I need a list of UPNs and the corresponding passwords for login.
Check here too.
What kind of login are you doing in your 'module'? If you cannot bind and do an ldap query, then what interface are you logging in with? You need to configure whatever that is to use sAMAccountName as that is the only guarenteed unique per domain name. Of course if you have more than one domain in the forest then they only have to be unique per domain, so that may not work so well.
If you are only able to do an LDAP bind as the user, and not query. Perhaps you could try to connect as sAMAccountname=jack as you pass credentails.