D3 Connection issue using mvsp java api - database

I am trying to connect to D3 Database with MVSP java api. So far:
I have downloaded the mvapi.jar
added it in project lib folder
written the sample code for connection inside main method
String url = "jdbc:mv:d3:hostname:portNo";
Properties props = new Properties();
props.setProperty("username", "");
props.setProperty("password", "");
String account = "AGCO";
String password = "";
MVConnection connection = null;
try {
// Getting error at this point
connection = new MVConnection(url,props);
MVStatement mvStatement = connection.createStatement();
connection.logTo(account,password);
MVResultSet results = mvStatement.executeQuery(query);
}
com.tigr.mvapi.exceptions.MVException: server error with errorCode 1023.
I checked the console but I'm not able to figure out the actual cause or whether I am entering the wrong username, password.
Please suggest what I am doing wrong.

First, you have to set a breakpoint or trace which function is throwing the errors. Then check the routes, (FileName) probably you will have much more experience than I do, but keep in mind that giving the full route ("account,filename," where the last comma is important) is never a bad idea while keep you safer and is mandatory if the filename is in a different account that you are logged to.
And like always please verify these things:
You have enough licenses. Try to close any terminal you have opened for testing your queries. Yes you know is true. One connection one license. Sometimes MVSP let you two under the same IP but chek this.
MVSP service is running. See Pick D3 documentation.
Your USER and ACCOUNT are both ENABLED to access in the MVSP server otherwise you won't be able to access these files or login with the user through the API. See the documentation to enable in the MVSP.Menu account.
I hope this helps.

Related

LDAP Error: The user has insufficient access rights. : LdapErr: DSID-0C09099D, comment: Error processing control,

I want to get incremental changes from Active Directory using C# and for that I am trying to build a solution as mentioned in the following article (using DirSync Control).
https://learn.microsoft.com/en-us/windows/win32/ad/polling-for-changes-using-the-dirsync-control
However, I am facing following problems:
When using following code, I am getting exception that The user has insufficient access rights. The user is part of administrators group.
What more permission needs to be given to that account? And how?
LdapConnection connection = new LdapConnection("adfs.fed.zzz.com");
connection.SessionOptions.ProtocolVersion = 3;
connection.Credential = new System.Net.NetworkCredential("adfsfed\\username", "password");
connection.AuthType = AuthType.Basic;
connection.Bind();
var filter = "(&(objectClass=*))";
var searchRequest = new SearchRequest("", filter, SearchScope.Subtree, properties);
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(null, DirectorySynchronizationOptions.None);
searchRequest.Controls.Add(dirSyncRC);
var response = connection.SendRequest(searchRequest) as SearchResponse;
If I am using below code, then I am not getting any exception but getting empty result in cookie.
String[] properties = { "objectGUID", "sAMAccountName", "displayName", "mail", "member" };
String filter = "(|(objectClass=group)(objectClass=user))";
DirectorySearcher directorySearcher = new DirectorySearcher(myLdapConnection, filter, properties);
var dSynch = new DirectorySynchronization(System.DirectoryServices.DirectorySynchronizationOptions.None);
directorySearcher.DirectorySynchronization = dSynch;
directorySearcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
var results = directorySearcher.FindAll();
var cookie = dSynch.GetDirectorySynchronizationCookie();
Considerations:
I have only one Domain Controller
I am system admin. So, I can assign appropriate permissions to the user.
Please help.
• Your user ID will need the "Replicating Directory Changes" permission and should be a member of ‘Domain Administrators’ group to use the DirSync LDAP control extension. But please note that it pretty much can read anything in the directory partition, regardless of standard permissions. Though they cannot change anything.
However - you may have some attributes that are sensitive in your directory. Please refer the powershell script in the below link and execute it with the user ID after giving appropriate permissions using C#. It is a dirsync code that will retrieve even attributes like ‘userAccountControl, userparameters, msexchuseraccountcontrol, pwdlastset, unicodePwd (BLANK, So no hashed domain password is returned), lockouttime, accountexpires, unixuserpassword(Its Hash is returned).
http://dloder.blogspot.com/2012/01/powershell-dirsync-sample.html
Based on the response given by #KartikBhiwapurkar-MT, I figured out the bug.
The error The user has insufficient access rights is completely misleading (User had already Replicating Directory Changes rights and was part of Domain Administrators group). The error was happening in System.DirectoryServices.Protocols is that I was passing out "" as first parameter (distinguishedName)
new SearchRequest("", filter, SearchScope.Subtree, properties);
but it should have been passed as
new SearchRequest("DC=adfs,DC=fed,DC=zzz,DC=com", filter, SearchScope.Subtree, properties);
I was getting empty cookie in System.DirectoryServices because of bug in latest nuget package (6.0.0). At the time of writing this answer, the bug is still open.
Reference to bug

ValidateCredentials LDAP server unavailable

Currently I am using PrincipalContext class to call the ValidateCredentials method to check for user credentials. It was working fine with our 2 environment until a rather 'strange' error occurred.
var configuration = ConfigurationManager.GetSection("PrincipalContextConfiguration") as PrincipalContextConfigurationSection;
var principalContext = new PrincipalContext(configuration.ContextType, configuration.Name, configuration.Container);
principalContext.ValidateCredentials(userName, password);
configuration.ContextType = "Domain"
configuration.Name = "example.local"
configuration.Container = "CN=Users,DC=example,DC=local"
Above are the sample of our current code, simplified for easier viewing. As above, everytime we need to validate credential, we will create a new PrincipalContext.
The error that we have is this validate credential works fine if we provide a valid username and password. But for a specific machine, that throws this error, whenever invalid username and password is supplied, exception is thrown with a message "LDAP server is unavailable".
Could anyone point me to where I should start to find the root cause of this. It is strange to us that the method is only throwing that exception when username and password is incorrect. we verify this by using PowerShell to call the method.
And I am not that expert in AD. Thanks.

Windows Phone 7 Silverlight Service References CommunicationException: "Server returned an error: Not Found"

I am developing an application for Windows Phone 7. I am trying to use services which are provided by the web site I am trying to get information from. I am using an asynchronous request. So if I try to get information from a web site without any authentication I use this code:
EventSrv.EventSrvSoapClient client = new EventSrv.EventSrvSoapClient();
client.GetAppointmentsAsync();
client.GetAppointmentsCompleted += new EventHandler<EventSrv.GetAppointmentsCompletedEventArgs>(events_completed);
and it works fine. But as soon as I want to use a service from a web site which requires authentication I get a
CommunicationException: _innerException:"Server returned an error: Not Found"
at
public L2P.DocumentsService.GetDocumentsResponse EndGetDocuments(System.IAsyncResult result)
{
object[] _args = new object[0];
//Between this line
L2P.DocumentsService.GetDocumentsResponse _result = ((L2P.DocumentsService.GetDocumentsResponse)(base.EndInvoke("GetDocuments", _args, result)));
//and this line
return _result;
}
I am passing the credentials the following way:
DocumentsService.BaseServiceSoapClient docClient = new DocumentsService.BaseServiceSoapClient();
docClient.ClientCredentials.UserName.UserName = Variables.username;
docClient.ClientCredentials.UserName.Password = Variables.password;
docClient.GetDocumentsCompleted += new EventHandler<DocumentsService.GetDocumentsCompletedEventArgs>(getDocumentsCompleted);
docClient.GetDocumentsAsync();
It actually doesn't matter if I pass the credentials or not, I get the same exception. I don't really know what the problem is, maybe it has nothing to do with the authentication. I've read all the articles here on CommunicationException but they couldn't solve my problem.
Any help will be appreciated!
I've finally figured it out! The server uses Basic Authentication and the header is set to "POST" by default. So I needed to modify the Header, set it to "Basic" and add the credentials as well. Furthermore the
CommunicationException: "Server returned an error: Not Found"
always appear if there is any unhandled exception. So you need to debug and check the _innerException for more information.

PowerBuilder application login

I am using PowerBuilder PFC library to login to the database.
n_cst_appmanager/ pfc_open:
IF this.of_LogonDlg() > 0 THEN
Open(w_myapp_frame)
END IF
n_cst_appmanager/ pfc_logon:
SQLCA.DBMS = "ODBC"
SQLCA.AutoCommit = False
SQLCA.DBParm = "ConnectString='DSN=mytestdb;UID=" + as_userid + ";PWD=" + as_password + "'"
connect using SQLCA;
Now, once the user is logged in, there are few situations that I will need to connect to another database (for example, to copy some data there), so I would like to connect to the other database automatically, without displaying the login window again, therefore I would need to save the username and password of the user.
How can I save it? Do I need to save in the registry? Can you give some example please?
For example, I can get the user id in following way:
s_userid = gnv_app.of_GetUserID()
But I can not get the password. Can someone please help me how i can do it? Thanks a lot.
Actually, now that I'm paying attention to what you need instead of what you asked for <g>, and riffing off of Hugh's answer, why not just copy the transaction object?
n_cst_String lnv_String
ltr_NewConnect.DBMS = SQLCA.DBMS
ltr_NewConnect.AutoCommit = SQLCA.AutoCommit
ltr_NewConnect.DBParm = lnv_String.of_GlobalReplace (SQLCA.DBParm, "mytestdb", "myotherdb")
If I were doing this, I'd code a copy of all the transaction object fields, just in case the means of defining the connection changes.
I'm assuming the other database is the same type of database in order for this to make sense (so that it uses the same type of DBParm), but either way the principle may apply.
Good luck,
Terry.
There's nothing built into PFC and there's nothing automagic in PowerBuilder that will help you with this. Just create an instance variable and a function to access it. Maybe grab the n_cst_LogonAttrib from the Message.PowerObjectParm immediately after the call to of_LogonDlg() and grab the value from there. Or, further extend your n_cst_AppManager.pfc_Logon event. Or extend of_LogonDlg(), and model the capture after the way PFC does the user id.
Note that storing the password anywhere permanent and visible to other processes like the registry would be a security violation that many companies would not allow. Not a direction you want to go.
Good luck,
Terry.
You can parse them out of SQLCA.DBParm.
string ls_userID, ls_password
n_cst_string stringSrv
ls_userID = stringSrv.of_getKeyValue(SQLCA.DBParm, "UID", ";")
ls_password = stringSrv.of_getKeyValue(SQLCA.DBParm, "PWD", ";")
However, a good case can be made for capturing them in the appmanager if you know you will need them.
Having the same login credentials for different databases is a security concern. It's the sort of thing that leads to your company being in the news for the wrong reasons.

Need help debugging a custom authentication plugin for Moodle

I'm trying to authenticate against the user db of my website (CMS based) and it uses a slightly different approach at storing hashed passwords. It uses a randomly generated salt for each user. The salt is stored in the user db along with the hashed passwords. Hence, direct field-mapped authentication (as the External DB plugin does) won't work for me.
To start off, I just mirrored the DB plugin and modified the user_login() procedure to read the hashed password and the salt from the database and then hash the entered password again with the salt and match it up with the password in the database. Here's the code for my user_login() function
function user_login($username, $password) {
global $CFG;
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
$extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
// normal case: use external db for passwords
// Get user data
$sql = "SELECT
*
FROM {$this->config->table}
WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ";
$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
// No DB Connection
if ( !$rs = $authdb->Execute( $sql ) ) {
$authdb->Close();
print_error('auth_dbcantconnect','auth');
return false;
}
// No records returned
if( $rs->EOF ) {
$rs->Close();
$authdb->Close();
return false;
}
// Get password
$db_password = $rs->fields['user_password'];
$salt = $rs->fields['user_salt'];
// Close DB Conn
$rs->Close();
$authdb->Close();
// Return match
return sha1( $extpassword . $salt ) == $db_password;
}
But when I try to login, username / passwords corresponding to the website (CMS) database are failing. However, the password (for the same user) that was stored in Moodle earlier on (before I tried using this custom plugin) is getting me through.
That means, either my authentication routine is failing or moodle's internal db based auth mechanism is taking precedence over it.
I've enabled ADODB debug mode - but that isn't helping either. When I enable the debug output from Server settings, the error messages are being sent prior to the page headers. Thus the login page won't display at all.
I have all other forms of authentication turned off (except for Manual which can't be turned off) and my own.
Any ideas on how to solve this issue?
Can you confirm the order that the authentication pluggins are displayed? This will determine the order in which they are used. See..
http://docs.moodle.org/en/Manage_authentication
Either way, the behaviour you're seeing suggests that your code is returning false and the fall through logic described here...
http://moodle.org/mod/forum/discuss.php?d=102070
... and here...
http://docs.moodle.org/en/Development:Authentication_plugins
... is kicking in.
Have you tried returning "true" always from your plugin to ensure that it's being called. Then, you can start returning "true" based upon other things (hard coded usernames etc). This approach will allow you to get to the point where you are either continuing to fail or seeing more targetted failures. Are you sure, for example, that it's the user_login function and not the subsequent call to update_user_record that is failing?
Finally, are you sure you're generating the salted password in the exact same way that it was created in the first place? This would be, for me, the most likely cause of the problem. Can you take control of the creation of the salted password so that you own both creation of new users and authentication of users - this would ensure that you were in sync with how the salted password and hash were generated.

Resources