I'm trying to connect my ldap with the geonetwork database but every time I log in it doesn't show the administrator button. Then I check the database and it is empty. I am using GeOrchestra 13.09 in a localhost enviroment, the geoserver and mapfishapp are running well and they log in without a problem.
My config-security.properties is
Core security properties
logout.success.url=/index.html
passwordSalt=secret-hash-salt=
# LDAP Connection Settings
ldap.base.provider.url=ldap://localhost:389
ldap.base.dn=dc=geobolivia,dc=gob,dc=bo
ldap.security.principal=cn=admin,dc=geobolivia,dc=gob,dc=bo
ldap.security.credentials=geobolivia
ldap.base.search.base=ou=users
ldap.base.dn.pattern=uid={0},${ldap.base.search.base}
#ldap.base.dn.pattern=mail={0},${ldap.base.search.base}
# Define if groups and profile information are imported from LDAP. If not, local database is used.
# When a new user connect first, the default profile is assigned. A user administrator can update
# privilege information.
ldap.privilege.import=true
ldap.privilege.export=true
ldap.privilege.create.nonexisting.groups=false
# Define the way to extract profiles and privileges from the LDAP
# 1. Define one attribute for the profile and one for groups in config-security-overrides.properties
# 2. Define one attribute for the privilege and define a custom pattern (use LDAPUserDetailsContextMapperWithPa$
ldap.privilege.pattern=
#ldap.privilege.pattern=CAT_(.*)_(.*)
ldap.privilege.pattern.idx.group=1
ldap.privilege.pattern.idx.profil=2
# 3. Define custom location for extracting group and role (no support for group/role combination) (use LDAPUser$
#ldap.privilege.search.group.attribute=cn
#ldap.privilege.search.group.object=ou=groups
#ldap.privilege.search.group.query=(&(objectClass=posixGroup)(memberUid={0})(cn=EL_*))
#ldap.privilege.search.group.pattern=EL_(.*)
#ldap.privilege.search.privilege.attribute=cn
#ldap.privilege.search.privilege.object=ou=groups
#ldap.privilege.search.privilege.query=(&(objectClass=posixGroup)(memberUid={0})(cn=SV_*))
#ldap.privilege.search.privilege.pattern=SV_(.*)
ldap.privilege.search.group.attribute=cn
ldap.privilege.search.group.object=ou=groups
ldap.privilege.search.group.query=(&(objectClass=posixGroup)(memberUid={1})(cn=EL_*))
ldap.privilege.search.group.pattern=EL_(.*)
ldap.privilege.search.privilege.attribute=cn
ldap.privilege.search.privilege.object=ou=groups
ldap.privilege.search.privilege.query=(&(objectClass=posixGroup)(memberUid={1})(cn=SV_ADMIN))
ldap.privilege.search.privilege.pattern=SV_(.*)
# Run LDAP sync every day at 23:30
# Run LDAP sync every day at 23:30
#ldap.sync.cron=0 30 23 * * ?
ldap.sync.cron=0 * * * * ?
#ldap.sync.cron=0 0/1 * 1/1 * ? *
ldap.sync.startDelay=60000
ldap.sync.user.search.base=${ldap.base.search.base}
ldap.sync.user.search.filter=(&(objectClass=*)(mail=*#*)(givenName=*))
ldap.sync.user.search.attribute=uid
ldap.sync.group.search.base=ou=groups
ldap.sync.group.search.filter=(&(objectClass=posixGroup)(cn=EL_*))
ldap.sync.group.search.attribute=cn
ldap.sync.group.search.pattern=EL_(.*)
# CAS properties
cas.baseURL=https://localhost:8443/cas
cas.ticket.validator.url=${cas.baseURL}
cas.login.url=${cas.baseURL}/login
cas.logout.url=${cas.baseURL}/logout?url=${geonetwork.https.url}/
<import resource="config-security-cas.xml"/>
<import resource="config-security-cas-ldap.xml"/>
# either the hardcoded url to the server
# or if has the form it will be replaced with
# the server details from the server configuration
geonetwork.https.url=https://localhost/geonetwork-private/
#geonetwork.https.url=https://geobolivia.gob.bo:443
#geonetwork.https.url=https://localhost:443
The geonetwork.log shows these results:
2014-03-11 13:41:00,004 DEBUG [geonetwork.ldap] - LDAPSynchronizerJob starting ...
2014-03-11 13:41:00,006 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap context on server 'ldap://localhost:389/dc=geobolivia,dc=gob,dc=bo'
2014-03-11 13:41:00,008 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'resourceManager'
2014-03-11 13:41:00,026 DEBUG [geonetwork.ldap] - LDAPSynchronizerJob done.
2014-03-11 13:41:26,429 INFO [geonetwork.lucene] - Done running PurgeExpiredSearchersTask. 0 versions still cached.
2014-03-11 13:41:56,430 INFO [geonetwork.lucene] - Done running PurgeExpiredSearchersTask. 0 versions still cached.
and the that appear in the geonetwork.log is
2014-03-11 13:44:06,426 INFO [jeeves.service] - Dispatching : xml.search.keywords
2014-03-11 13:44:06,427 ERROR [jeeves.service] - Exception when executing service
2014-03-11 13:44:06,427 ERROR [jeeves.service] - (C) Exc : java.lang.IllegalArgumentException: The thesaurus external.theme.inspire-service-taxonomy does not exist, there for the query cannot be excuted: 'Query [query=SELECT DISTINCT id,uppc,lowc,broader,spa_prefLabel,spa_note FROM {id} rdf:type {skos:Concept},[{id} gml:BoundedBy {} gml:upperCorner {uppc}],[{id} gml:BoundedBy {} gml:lowerCorner {lowc}],[{id} skos:broader {broader}],[{id} skos:prefLabel {spa_prefLabel} WHERE lang(spa_prefLabel) LIKE "es" IGNORE CASE],[{id} skos:scopeNote {spa_note} WHERE lang(spa_note) LIKE "es" IGNORE CASE] WHERE (spa_prefLabel LIKE "***" IGNORE CASE OR id LIKE "*") LIMIT 35 USING NAMESPACE skos=<http://www.w3.org/2004/02/skos/core#>,gml=<http://www.opengis.net/gml#>, interpreter=KeywordResultInterpreter]'
The version of GeoNetwork currently used in geOrchestra does not show the "administration" button on its first page. You have to fire a search, then in "other actions" menu on the top right, you should be able to get to the administration interface. We know that it is not very intuitive, but it should change in the next months (we recently planned an upgrade of GeoNetwork before the end of the year).
Did you solve it? I think in your config-security.properties, at this place ldap.base.dn.pattern=uid={0},${ldap.base.search.base}
you need to replace {0} with the username typed in the sign-in screen of geonetwork
Related
git url:https://github.com/jonathanIckovich/realtyKing.git
im trying to change my thymleaf prefix to the assigned value
I followed this tutorial on how to merge react with thyme leaf
URL:https://dev.to/arpan_banerjee7/run-react-frontend-and-springboot-backend-on-the-same-port-and-package-them-as-a-single-artifact-14pa
up to the controller part everything worked fine now this happens. please note if you want to run it for privacy reasons in application i * some passwords. just replace with your account for gmail and mysql if you want.
application.properties
##for crud application
# DATASOURCE (DataSourceAutoConfiguration & DataSourceProperties)
spring.datasource.url=jdbc:mysql://localhost:3306/realtyking?useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false
spring.datasource.username=root
spring.datasource.password=********
## dont know what this one does
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# Hibernate
# The SQL dialect makes Hibernate generate better SQL for the chosen database
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5InnoDBDialect
# Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto = update
logging.level.org.hibernate.SQL=DEBUG
logging.level.org.hibernate.type=TRACE
##for log in
spring.jpa.show-sql=true
spring.thymeleaf.prefix=file:C:/Users/Jonathan/Documents/realtyKing/realtyKing/target/classes/static/
spring.thymeleaf.suffix: .html
spring.thymeleaf.cache= false
## Spring view resolver set up
spring.mvc.view.prefix="/WEB-INF/view/"
spring.mvc.view.suffix=.jsp
## for session management
spring.session.store-type=jdbc
server.servlet.session.timeout=10800s
spring.session.jdbc.initialize-schema=always
##for error file pointer
spring.messages.basename=classpath:/message.properties
##spring thymleaf email set up
#gmail
spring.mail.default-encoding=UTF-8
spring.mail.host=smtp.gmail.com
spring.mail.username=realtyking66#gmail.com
spring.mail.password=********
spring.mail.port=587
spring.mail.protocol=smtp
spring.mail.test-connection=false
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
##for geolocation
spring.jpa.database-platform=org.hibernate.spatial.dialect.postgis.PostgisDialect
I want to get all details of AD users which are being deleted .
As per my info when users are deleted from Active Directory they are stored in container with CN=Deleted Objects
Now When i search Users with searchBase = "DC=domain, DC=local".Everything works fine and i get data for all users with their name , mobile etc.
But when i apply searchBase ="CN=Deleted Objects,DC=azdomain, DC=local" i get error as
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Deleted Objects,DC=azdomain, DC=local'
what does this error means ? , Also i am not able find any post related to same issue on internet .
Please help me with this .
Trying to enable user account and getting below error. If I go to directly to that windows machine after creating user (using java api) and update password (manually using UI on windows machine) like "password1" and then try to enable password using java it works fine.
Here is how I am setting password while creating user
BasicAttribute basicAttribute1=new BasicAttribute("userPassword","password1".getBytes(StandardCharsets.US_ASCII));
context.setAttribute(basicAttribute1);
Then trying to change useraccount control to 512 and getting
"errorMessage": "[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\u0000]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\u0000]; remaining name 'CN=SachinVTendulkar,OU=SDCWASD001,OU=Users,OU=Mycity,OU=Enterprise Support'"
Seems I am not setting password correctly while creating user with java - I am creating user with userAccountControl-514 and with password along with other attributes like names etc (first I want to create in disable mode)
Then when I just try to enable user, getting this problem. And for same user if I go to windows machine and update password and then try to enable with java it works fine - so that rule out other issues like ldaps etc.
Logs when I create user for reference:
log of creating user : creating new user : JohnSmith , in DN : CN=JohnSmith,OU=SDCWASD001,OU=Users,OU=MyCity,OU=Enterprise Support , with context: org.springf.ldap.core.DirContextAdapter: dn=CN=JohnSmith,OU=SDCWASD001,OU=Users,OU=MyCity,OU=Enterprise Support {mail=adsadsa51#test.com, Description=Test account, CN=JohnSmith, objectclass[0]=top, objectclass[1]=Person, objectclass[2]=organizationalPerson, objectclass[3]=user, userPassword=summer01, sAMAccountName=adsadsa51, userPrincipalName=adsadsa51#test.com, givenName=John, displayName=JohnSmith, name=JOHNSMITH, physicalDeliveryOfficeName=0, sn=Smith, userAccountControl=514}
Then to enable user, I do following and getting that error (I do this in seperate call)
ModificationItem[] mods=new ModificationItem[1];
mods[0]=new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl",Integer.toString(512)));
ldapTemplate.modifyAttributes(dn, mods);
Try setting the unicodePwd value on the account. Something like:
final byte[] quotedPasswordBytes = ('"'+password+'"').getBytes("UTF-16LE");
container.put(new BasicAttribute("unicodePwd", quotedPasswordBytes));
Resolution is to use SSL for password attribute updates.
Can you be more specific about what this entails?
Setting up JanusGraph i noticed the following in the console:
09:04:12,175 INFO ReflectiveConfigOptionLoader:173 - Loaded and initialized config classes: 10 OK out of 12 attempts in PT0.023S
09:04:12,230 INFO Reflections:224 - Reflections took 28 ms to scan 1 urls, producing 2 keys and 2 values
09:04:12,291 WARN GraphDatabaseConfiguration:1445 - Local setting index.search.index-name=entity (Type: GLOBAL_OFFLINE) is overridden by globally managed value (janusgraph). Use the ManagementSystem interface instead of the local configuration to control this setting.
09:04:12,294 WARN GraphDatabaseConfiguration:1445 - Local setting index.search.backend=solr (Type: GLOBAL_OFFLINE) is overridden by globally managed value (elasticsearch). Use the ManagementSystem interface instead of the local configuration to control this setting.
09:04:12,300 INFO CassandraThriftStoreManager:628 - Closed Thrift connection pooler.
and then i see the following:
Exception in thread "main" java.lang.IllegalArgumentException: Could not instantiate implementation: org.janusgraph.diskstorage.es.ElasticSearchIndex
How do i stop using elasticsearch and switch to Solr?
My properties file is as follows:
index.search.backend=solr
index.search.directory=/path/to/directory/for/solr/index/something
index.search.index-name=something
index.search.solr.mode=http
index.search.solr.http-urls=http://127.0.0.1:8983/solr
storage.backend=cassandrathrift
storage.hostname=127.0.0.1
cache.db-cache = true
cache.db-cache-clean-wait = 20
cache.db-cache-time = 180000
cache.db-cache-size = 0.25
The answer to this basically the same as this one for Titan. JanusGraph was forked from Titan.
You are probably trying to connect to an existing graph that was previously configured to use Elasticsearch. By default, the keyspace is named janusgraph.
1) You could connect to a different keyspace by updating conf/janusgraph-cassandra.properties
gremlin.graph=org.janusgraph.core.JanusGraphFactory
storage.backend=cassandrathrift
storage.hostname=127.0.0.1
storage.cassandra.keyspace=mygraph
2) You could drop the existing keyspace. If you used bin/janusgraph.sh start from the quick start directions (which starts a single node Cassandra and a single node Elasticsearch),
bin/janusgraph.sh clean
Or if you have a standalone Cassandra installation:
$CASSANDRA_HOME/bin/cqlsh -e 'drop keyspace if exists janusgraph'
Then you would be able to connect with the default conf/janusgraph-cassandra.properties.
I'm adding some attributes from live to staging for testing purposes, I'm using ldifde:
D:\Shared>ldifde -i -v -f attr3.ldf -j .
Connecting to "myDomain.com"
Logging in as current user using SSPI
Importing directory from file "attr3.ldf"
Loading entries
1: CN=myAttribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
Entry modified successfully.
1 entry modified successfully.
The command has completed successfully
D:\Shared>
But when I try to update it using vbs, I got:
C:\Users\update.vbs(8, 1) Active Directory: The requested operation did not
satisfy one or more constraints associated with the class of the object.
Please notice that other attributes, the original ones, are able to be updated, this issue is only for the ones I'm importing.
So, I wonder if I'm missing some step like link or detach the new attribute after imported.
This is attr3.ldf
#attr3.ldf
#adding my new attribute
dn: CN=myAttribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
changetype: add
objectClass: top
objectClass: attributeSchema
cn: my-Attribute
distinguishedName: CN=my-Attribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
instanceType: 4
whenCreated: 20100401175340.0Z
whenChanged: 20100401175341.0Z
uSNCreated: 24154
attributeID: 2.16.840.1.113805.111
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
rangeLower: 0
rangeUpper: 1
uSNChanged: 24163
showInAdvancedViewOnly: TRUE
adminDisplayName: my-Attribute
adminDescription: my-Attribute
oMSyntax: 64
searchFlags: 0
lDAPDisplayName: myAttribute
name: my-Attribute
schemaIDGUID:: tonVW6suWUu1Gev/D1pI9Q==
isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=myDomain,DC=com
#The following attributes were removed because I was getting:
#Add error on entry starting on line 1: Unwilling To Perform
#The server side error is: 0x20e7 The modification was not permitted for security
#reasons.
#The extended server error is:
#000020E7: SvcErr: DSID-03152D2C, problem 5003 (WILL_NOT_PERFORM), data 0
#objectGUID:: eTKYtnXbCE2fPMgc8UIe0w==
#attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
And this is the vbs code,
'update.vbs
Set objUser = GetObject("LDAP://CN=John Lennon,CN=Users,DC=myDomain,DC=com")
objUser.myAttribute="someValue" 'Also tried with integers but not luck
objUser.SetInfo
Thanks,
m0dest0.
Thank you JPBlanc, you are right, I was missing to add the attr to the class and then refresh the schema,
Register the dll, regsvr32 schmmgmt.dll
Open Run and type mmc.exe
Add Active directory schema snap-in
Right click on the class, properties and hit the Add button and so on.
Finally, refresh the schema:
C:\Users>admod -sc refreshschema
AdMod V01.17.00cpp Joe Richards (joe#joeware.net) March 2011
Modifying ROOTDSE...
DN Count: 1
Using server: myServer.myDomain.com:389
Directory: Windows Server 2008 R2
Modifying specified objects...
DN: ROOTDSE...
The command completed successfully
Regards,
Adding an attribute to the Schema is not enought, you must also add the attribute to the user class (in the schma) if you want to use it in a user object. You must modify your LDIF file:
# Define your attribute
# Reload the schema
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
# modify user class
Have a look to your Schema using Microsoft MMC (registering schmmgmt.dll)
If you still have trouble, I can help again tomorow morning.