As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I wonder if I could authenticate Nagios to LDAP, and if the answer is positive to this question. In what way could I do it?
Yes, you can. Authentication is handled by your web server so you will need to configure it there. I use LDAP authentication in Apache for my Nagios server. Here is how I have it configured:
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
Require valid-user
AuthLDAPUrl ldap://ldapserver.example.com:3268/DC=example,DC=com?sAMAccountName?sub
AuthLDAPBindDN CN=binduser,OU=IT,DC=example,DC=com
AuthLDAPBindPassword bindpassword
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
</Directory>
Note: you will need the same configuration for your /usr/local/nagios/share directory! Don't forget!
The last five directives are what are important. Make sure that Apache has the authnz_ldap module loaded and enabled otherwise you will get an error. The AuthLDAPUrl should be a URL for your LDAP server and what you want to check. I am using the sAMAccountName field in MS Active Directory. My LDAP server also requires that I bind to it with a valid user before I can make a query. I specify that user with the AuthLDAPBindDN and AuthLDAPBindPassword directives. Keep in mind that if you want to restrict Nagios logins to just a few users, you can use the Require directive to list the approved users such as:
Require user1 user2 user3
...and so forth.
I'm not an LDAP expert so I can't really advise you on how to change the LDAP string, but I hope this will help you enough to make it work.
If you mean authenticate Nagios users trough LDAP then click here.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
My boss wants to not hash any of the user passwords. He wants to be able to view all the passwords and resend the forgotten ones.
Is this a good practice?
Also - how can I turn off the password hashing in CakePHP 1.3 Auth?
Don't store plain text passwords anywhere. If there is any form of security breach the passwords that your user probably uses elsewhere will be easiliy accesuible. You should encrypt and add a salt, or hash.
Your boss wants to know everyones password, I couldn't care less : my password is secret. Why not post their password up here and see how he/she likes unknown people knowing their secret password.
Don't resend forgotten passwords, send out a link where you can change password.
This is basic security 101.
Of course not, this is the very bad practices.
if some one forget his password, the password should be reset. And the application should have
the ability to do so. ability to retrieve password is a big risk and no one can have responsibility of his password.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm developing an MVC 3 application, and thought about using ASP.NET's default users, roles and profiles implementation. I created the aspnetdb database and can authenticate users very quickly - no problem.
The problem begins when I want to associate things with users. For instance, I want users to upload images - each image should be associated to the user who uploaded it.
If the aspnet_Users table wasn't in a different database, I would have just added a UserId column to the Images table, set the appropriate foreign key and not worry about it anymore. That's the straightforward way used in Django as well. Unfortunately, SQL Server 2008 doesn't support foreign key constraints between databases.
I can create all the ASP.NET tables in my main database, but I'm not sure of the downside.
This issue is probably encountered by anybody creating an ASP.NET application. What's the best practice?
You should be adding the asp.net membership provider tables to your main database. The only reason I can think that you wouldn't do this is if they are self contained (e.g. you're creating an access control project).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm looking for a step-by-step tutorial how to use Scribe with GWT/GAE. Is there any usefull manual?
First you need to understand difference between OAuth server and client flow. In server flow your server will directly get authorized to OAuth resource, while with client flow only client (browser) will get authorized. The basic difference is who gets to receive token.
For client flow in GWT see gwt-oauth2
For server flow it seem you will need to roll your own. Basically you'll need to implement a callback handler. Note: the server-flow is done via browser redirects, so it's a bit cumbersome to work with in GWT which does not like page reloads.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Not to be confused with Shared hosting providers supporting RavenDB or other similar questions. I do not need a web host, nor want to deploy RavenDb in Embedded or Web Site mode...
Question: Are there any cloud service providers for RavenDB, like MongoHQ and MongoLab for the MongoDB platform?
Edit: RavenHQ and Cloudbird are two providers, but they are not in production - answers should only include those that are currently available.
After a lot of searching, conversations with RavenDB folks on Jabbr.net and speaking to some provider companies we have a answer:
RavenHQ.com and Cloudbird.net provide such services. RavenHQ is ready for production and in the US East zone, while Cloudbird is in beta and in the EU West zone.
http://www.ravenhq.com should be live any day as Ayende mentioned in the latest RavenDb videos on tekpub
UPDATE
RavenHq is now live on AppHarbor
http://blog.appharbor.com/2012/02/17/hosted-ravendb-on-appharbor
http://www.cloudbird.net/ I've seen this mentioned but same as http://www.ravenhq.com/ they don't give much detail. I also don't know who the authors of cloudbird are.
Otherwise, you could just use an EC2/Azure to host it? (I've seen Azure and RavenDB talked about on Twitter, there is some github projects with instructions)
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I heard LDAP is a learning curve. If I wanted to go with a LDAP Directory solution because I want to use the LDAP protocol, and I already know Active Directory, wouldn't that be quite easy to setup?
Active Directory uses the LDAP protocol, so it isn't as different as you may think.
You might want to read this very popular SO question:
What are the differences between LDAP and Active Directory?