Background:
KDE4
global change application/xml (all users)
For application xml in "services preference order" the default
is that konqueror use "KHTML (khtml)" profile (see service preference order) on top in local provice file associations.
But where is this default stored on the system and where can I change it?
I do not want to change it for every user in .config oder .local (mimeapps.list). I have to do this for all users. I did not find this mimetype in any other global mimeapps.list.
aim:
Every users should have the "Embedded Advanced Text Editor (katepart)" as default on top for application/xml.
Related
Our organization stores signing certificates in Active Directory. We are using anonymous bind to search for them at a base DN (e.g. OU=MY ORG,dc=mydc,dc=org). I have been trying to use the Spring LdapTemplate to look them up, but no matter what method I use, I get the cryptic InterruptedNamingException.
Assuming a cert subject of cn=mycert.myorg.com
My code looks like this
LdapContextSource contextSource = new LdapContextSource();
contextSource.setUrl(String.format(LDAP_URL_FORMAT, ldapCertStoreParameters.getServerName(),
ldapCertStoreParameters.getPort()));
contextSource.setBase(ldapCertStoreParameters.getBaseDn());
contextSource.setAnonymousReadOnly(true);
contextSource.afterPropertiesSet();
LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
ldapTemplate.setIgnorePartialResultException(true);
ldapTemplate.afterPropertiesSet();
X500Principal principal = x509CertSelector.getSubject();
Object obj = ldapTemplate.lookup(new LdapName(principal.getName()));
The X500 principal's name is the whole dn. cn=mycert.myorg.com,OU=MY ORG,dc=mydc,dc=org
I have also tried the search using just the cn.
We have verified that the DN exists on the server using Apache Directory Studio.
• I would suggest you to please remove the call altogether or set the ‘userSearchBase’ either to an empty String (“”) as per the given example in the below community thread: -
Configure Spring security for Ldap connection
As in the ‘AbstractContextSource’, set the base suffix from which all operations should origin. If a base suffix is set, you will not have to (and, indeed, must not) specify the full distinguished names in any operations performed. Since you specified the full DN for the userDN/filter, you must not specify the base.
AD servers are apparently unable to handle referrals automatically, which causes a ‘PartialResultException’ to be thrown whenever a referral is encountered in a search. To avoid this, set the ‘ignorePartialResultException’ property to true. There is currently no way of manually handling these referrals in the form of ‘ReferralException’, i.e., either you get the exception (and your results are lost) or all referrals are ignored (if the server is unable to handle them properly). Neither is there any simple way to get notified that a ‘PartialResultException’ has been ignored.
For more details regarding the LDAP template search for Active Directory stored certificates, kindly refer to the link below: -
https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/core/LdapTemplate.html
• Also, please try to refer to the below documentation for configuration of Springboot LDAP template configuration through certificates stored in Active Directory: -
https://www.baeldung.com/x-509-authentication-in-spring-security
Currently we are using OpenLDAP Version 2.4, From what I know is default password storage scheme is SSHA.
But is there anyway by which I can view it on console, I need to send screenshot where it is mentioned that password storage scheme of our OpenLDAP is SSHA.
UPDATE : olcPasswordHash attribute is not specified in any ldif files present under cn=config folder
Depending on the configuration mode, you can check if it's set :
Using slapd.conf file :
grep password-hash slapd.conf
Using on-line configuration (OLC) :
slapcat -n 0 -a olcPasswordHash=*
olcPasswordHash attribute is defined at the database level (like in olcDatabase={<n>}<name>,cn=config), so you won't find it directly in cn=config.ldif but in the corresponding ldif file. That's why you have better to use slapcat.
A password policy may also require cleartext passwords to be hashed. The ppolicy overlay enables this behavior via the ppolicy_hash_cleartext flag (cf. slapo-ppolicy) :
ppolicy_hash_cleartext : Specify that cleartext passwords present in Add and Modify requests
should be hashed before being stored in the database.
In this case, SSHA is used if no password storage scheme is explicitly set via password-hash or olcPasswordHash, so you would just check for the flag :
Using slapd.conf file :
grep ppolicy_hash_cleartext slapd.conf
Using on-line configuration (OLC) :
slapcat -n 0 -a olcPPolicyHashCleartext=*
If the attribute is not set : How do you set password-hash for OpenLDAP ?
Disclaimer: I am very new to all of this, so please be patient. :)
My aim is to create a directory schema extension targeting the User resources of my O365 company directory. The extension is very simple with just 3 string fields. The idea is that every user in the directory should have this extension applied to their User object with specific values for the 3 fields it contains.
For this, I used the Graph Explorer, where I used my Admin tenant account to create a simple (domain verified) directory schema extension (domain_schemaname) with 3 fields, targeting the User resource.
I can confirm that the directory schema extension is created with status Available, using /v1.0/schemaExtensions.
After I updated the directory, I executed a Graph Explorer query to get the Extensions for myself (i.e. /v1.0/me/extensions), as well as of other users in the directory, however, the value of extensions node always returns an empty/null value([]).
I am confused, since I was under the impression that once I create a directory schema extension for a particular resource target (i.e. the user resource), the schema extension would appear immediately in the properties of any existing or new instance of a user resource. Then, I would be able to PATCH the specific user with the values for the directory schema extension.
The issue is that when I try to add an extension to a User instance, through the Graph Explorer, it always creates an openTypeExtension type of extension, whereas I just want to assign the User just the contents of a directory schema extension already created in the schemaExtensions for my organization.
So, it seems that I am not able to use Graph Explorer to apply a directory schema extension to a specific User object.
Am I using the wrong tool for the job ?
Can you advise how do I populate all the users in my O365 directory with the particular directory schema extension and assign a unique value for every user ?
Do I need to use Microsoft Graph Client library and MSAL/ADAL to create a console app to create my directory schema extension and apply it to every user in my directory, and then update its value for every different user ?
Thank you for your help.
I can confirm that the directory schema extension is created with status Available, using /v1.0/schemaExtensions.
After I updated the directory, I executed a Graph Explorer query to get the Extensions for myself (i.e. /v1.0/me/extensions), as well as of other users in the directory, however, the value of extensions node always returns an empty/null value([]).
After creating the schema extension, we need to update the value of extension property before we can get its value.
For example, I register an schema extension like request below:
POST: https://graph.microsoft.com/v1.0/schemaExtensions
Content-type: application/json
authorization: bearer {access_token}
{
"id": "coursesforuser",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"User"
],
"properties": [
{
"name": "courseId",
"type": "Integer"
},
{
"name": "courseName",
"type": "String"
},
{
"name": "courseType",
"type": "String"
}
]
}
Then I update this property on the specific user:
PATHCH:https://graph.microsoft.com/v1.0/me
Content-type: application/json
authorization: bearer {access_token}
{
"exte5t2z4fr_coursesforuser":{
"courseId":"123",
"courseName":"New Managers",
"courseType":"Online"
}
}
After that, we can get this property using the $select parameter:
GET: https://graph.microsoft.com/v1.0/me?$select=exte5t2z4fr_coursesforuser
authorization: bearer {access_token}
More detail about the schema extension, you can follow link below:
Add custom data to groups using schema extensions
I have a webform with a file field configured to private files. When I'm logged in as a superuser (uid=1) and trying to download the file, I get access denied.
I was trying to debug this, and this is what I noticed.
All private files served by the file_download() function that is called in the system.module. This function validates if the file exists and request the file headers using file_download_headers() function that triggers hook_file_download().
In the webform_file_download() function the module determines whether the file was a webform upload and grant or deny file access based on access to the submission. It validates access permission by calling webform_submission_access(). When I run dpm($account) in this function, I get an anonymous user when I'm trying to access the private file. When I browse recent log messages I have the entry below:
access denied 06/02/2015 - 11:23 system/files/webform/cv-uploads/cv.pdf Anonymous
When I change the URL to file that doesn't exist, I get this:
page not found 06/02/2015 - 11:26 system/files/webform/cv-uploads/cv.FDP admin
As you can see for some reasons when the module is trying to get access to the file that does exist, I get access denied and the user is anonymous. When the file doesn't exist, I get page not found and the user is a logged in user.
Any ideas why this happens?
UPDATE
I've added the following code to my index.php but I still get anonymous user when I'm trying to access the file.
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
+ global $user;
+ watchdog('user', '<pre>'. print_r($user, TRUE) . '</pre>');
menu_execute_active_handler();
I've copied over the whole site including database and files to my local machine, and I'm not experiencing this issue. There's should be some settings that does this on the live site.
UPDATE 2
I've noticed that on the live site we have a list of disabled functions that I'm not aware of. Maybe it will help somehow.
disable_functions = apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, xmlrpc_entity_decode, parse_ini_file,show_source,shell_exec
The problem was caused by the Varnish on the server. Below is the settings for Varnish.
# Always cache the following file types for all users. This list of extensions
# appears twice, once here and again in vcl_fetch so make sure you edit both
# and keep them equal.
if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
unset req.http.Cookie;
}
So I have an app that takes a form, and sends and e-mail address to somebody, but I want a way to stick and activation URL generated by Django into that e-mail, and not have the form data commit to the database until that activation link is clicked. Is there any way to do this?
Based on the comments on my first answer, here's a reworked one more suited to your needs.
Create a model, e.g. ServiceHours, that next to the data you want to collect (hours done, supervisor_email, ...), has the following fields:
activation_key=models.CharField(_('activation key'), max_length=40, null=True, blank=True)
validated=models.BooleanField(default=False)
I'd suggest adding a post_save signal to the Model, so that whenever a new ServiceHours instance is created (by saving the form), the email to the supervisor is sent.
# Add this to your models file
# Required imports
from django.db.models.signals import post_save
from django.utils.hashcompat import sha_constructor
import random
def _create_and_send_activation_key(sender, instance, created, **kwargs):
if created: # Only do this for newly created instances.
salt = sha_constructor(str(random.random())).hexdigest()[:5]
# Set activation key based on supervisor email
instance.activation_key = sha_constructor(salt+instance.supervisor_email).hexdigest()
instance.save()
# Create email
subject = "Please validate"
# In the message, you can use the data the volunteer has entered by accessing
# the instance properties
message = "Include instance hours, volunteer's name etc\n"
# Insert the activation key & link
messsage += "Click here: %s" % (reverse("validate_hours", kwargs={'id': instance.id, 'activation_key':instance.activation_key})
# Send the mail
from django.core.mail import send_mail # Move this import to top of your file ofcourse, I've just put it here to show what module you need
send_mail(subject, message, sender, recipients)
post_save.connect(_create_and_send_activation_key, sender=ServiceHours)
Define a view to validate service hours based on an activation key
# in views.py
def validate_hours(request, id, activation_key):
# find the corresponding ServiceHours instance
service_hours = ServiceHours.objects.get(id=id, activation_key=activation_key)
service_hours.validated = True
service_hours.save()
In your urls.py, define an url to your validate_hours view:
urlpatterns += patterns('',
url(r'^validate-hours/(?P<id>[0-9]+)/(?P<activation_key>\w+)', validate_hours, name='validate_hours'),
This has all been off the top of my head, so please excuse any errors. I hope you get the gist of the process and can extend according to your exact needs.
You might want to set/unset the is_active flag on the user.
Conceptually:
When a user registers succesfully, be sure to set the flag to False;
Autogenerate a unique string that is tied to the user's ID and send the activation url via email;
In the activation view, decompose the key into the user ID and set the is_active flag to True;
In your login view, check whether the user trying to log in has is_active is True.
Then you'll be sure that users who are logged in have a confirmed email address.
The page in Django's documentation on user authentication provides all necessary information. For a sample login view, the chapter "How to log a user in" has one.
If you'd prefer to use a reusable app, django-registration might fit your needs perfectly.
(Post-reply addition:) why not commit the data to the database? The "waste" of having unactivated users residing in your database does not outweigh the effort you'd need to implement a solution that does not commit the data to the database. Moreover, it might be more than interesting to have an idea of the amount of unactivated users (and act accordingly).