vTiger AD authentication - vtiger

I was trying to authenticate vTiger CRM 6.5 with my existing Active Directory services, but it's not working. Looks like this is getting response from my AD server but not going anywhere. After using correct credential the page will just refresh, but once you enter wrong credential, it says - "wrong username or password". I am using "http://adldap.sourceforge.net/" for AD authentication. And my log says -
03/28/17 15:24:50,105 [632] DEBUG user - Entering Users() method ...
03/28/17 15:24:50,105 [632] DEBUG VT - Entering getColumnFields(Users) method ...
03/28/17 15:24:50,105 [632] DEBUG VT - in getColumnFields Users
03/28/17 15:24:50,105 [632] DEBUG VT - Prepared sql query being executed : SELECT tabid, name, ownedby FROM vtiger_tab
03/28/17 15:24:50,110 [632] DEBUG VT - Prepared sql query being executed : SELECT tabid, fieldname, fieldid, fieldlabel, columnname, tablename, uitype, typeofdata, presence
FROM vtiger_field WHERE tabid in (?)
03/28/17 15:24:50,110 [632] DEBUG VT - Prepared sql query parameters : [29]
03/28/17 15:24:50,122 [632] DEBUG VT - Exiting getColumnFields method ...
03/28/17 15:24:50,122 [632] DEBUG user - Exiting Users() method ...
03/28/17 15:24:50,123 [632] DEBUG user - Using Active Directory authentication
03/28/17 15:24:51,361 [632] DEBUG VT - Prepared sql query being executed : SELECT id from vtiger_users where user_name=? AND deleted=0
03/28/17 15:24:51,361 [632] DEBUG VT - Prepared sql query parameters : [pritamkumar]
03/28/17 15:24:51,436 [632] DEBUG VT - Prepared sql query being executed : SELECT * FROM vtiger_tab
03/28/17 15:24:51,448 [632] DEBUG VT - Prepared sql query being executed : SELECT fieldname,modulename,tablename,entityidfield,entityidcolumn from vtiger_entityname
03/28/17 15:24:51,453 [632] DEBUG VT - Prepared sql query being executed : INSERT INTO vtiger_loginhistory (user_name, user_ip, logout_time, login_time, status) VALUES (?,?,?,?,?)
03/28/17 15:24:51,453 [632] DEBUG VT - Prepared sql query parameters : [pritamkumar,::1,0000-00-00 00:00:00,2017-03-28 15:24:51,Signed in]
03/28/17 15:24:51,818 [632] INFO VT - PearDatabase ->ADODB disconnect
03/28/17 15:24:52,438 [632] DEBUG VT - Login is required:#0 E:\xampp\htdocs\vtiger\includes\main\WebUI.php(186): Vtiger_WebUI->checkLogin(Object(Vtiger_Request))
#1 E:\xampp\htdocs\vtiger\index.php(18): Vtiger_WebUI->process(Object(Vtiger_Request))
#2 {main}
03/28/17 15:24:52,653 [632] INFO VT - PearDatabase ->ADODB disconnect
03/28/17 15:24:54,160 [632] INFO VT - PearDatabase ->ADODB disconnect
03/28/17 15:24:55,028 [632] INFO VT - PearDatabase ->ADODB disconnect

To test adLDAP, write a small php script than doing it directly with vTiger CRM. Just create adldap_test.php file, in the same directory where adLDAP.php resides, with following content:
<?php
require_once(dirname(FILE) . '/adLDAP.php');
try {
$adldap = new adLDAP();
} catch (adLDAPException $e) {
echo $e;
exit();
}
$authUser = $adldap->authenticate('user-to-authenticate', 'users-password');
if ($authUser == true) {
echo "User authenticated successfully";
} else {
// getLastError is not needed, but may be helpful for finding out why:
echo "\n";
echo $adldap->getLastError();
echo "\n";
echo "User authentication unsuccessful";
}
echo "\n";
$result=$adldap->user()->infoCollection('ldap', array("*"));
echo "User:\n";
echo $result->displayName;
echo "Mail:\n";
echo $result->mail;
?>
Replace user and password for the user you want to test authentication for and execute it. It should give success and output the username and mail address if available. Hope this helps you to solve your problem.

You must enable php-ldap extension on your server. please check adldap project
requirements
https://github.com/adldap/adLDAP/wiki/Apache-configuration
you can use the following links for install ldap on your server
Ldap configuration on xammp
Using php-ldap in Centos 6.3
Unable to enable PHP LDAP even though I have edited php.ini and php_ldap.dll is in the right place?

Related

Akka Persistence: No Sufficient Working Example for JDBC MySQL

I have been trying to get my EventSourceBehavior to write to MySQL and am getting following error, what could be the issue? Error is very generic and it is hard to see what is the root cause. Is there a way to test wether my JDBC is correctly configured via Akka, ex connectivity etc, Thanks
2020-11-20 00:48:57,999 WAR HikariConfig slick.db - using dataSourceClassName and ignoring jdbcUrl.
2020-11-20 00:48:57,999 WAR HikariConfig slick.db - using dataSourceClassName and ignoring jdbcUrl.
2020-11-20 00:48:58,002 INF HikariDataSource slick.db - Starting...
2020-11-20 00:48:58,002 INF HikariDataSource slick.db - Starting...
2020-11-20 00:48:58,041 INF HikariDataSource slick.db - Start completed.
2020-11-20 00:48:58,042 INF HikariDataSource slick.db - Start completed.
2020-11-20 00:49:18,293 ERR Main$ Supervisor StopSupervisor saw failure: Exception during recovery from snapshot. PersistenceId [first]. Circuit Breaker Timed out.
akka.persistence.typed.internal.JournalFailureException: Exception during recovery from snapshot. PersistenceId [first]. Circuit Breaker Timed out.
application.conf
akka {
loglevel = DEBUG
persistence {
journal.plugin = "jdbc-journal"
snapshot-store.plugin = "jdbc-snapshot-store"
}
}
slick {
profile = "slick.jdbc.MySQLProfile$"
db {
dataSourceClass = "slick.jdbc.DriverDataSource"
driver = "com.mysql.cj.jdbc.Driver"
url = "jdbc:mysql://localhost:3306/"
user = nilu
password = "password"
}
}
In general, with Akka Persistence JDBC, you'll need to specify the database to use, not just the DBMS (server) to connect to. So if the DB was called my_akka_persistence, the JDBC URL would be something like jdbc:mysql://localhost:3306/my_akka_persistence.

WSO2 Analytics Hostname

API Manager 3.0.0 and Analytics 3.0.0
Actually API-M I changed to hostname with any problems. When I change to hostname of Analytics some erros to login:
Only I change in [API-Analytics]/conf/dashboard/deployment.yaml
deployment.yaml
## Authentication configuration
auth.configs:
type: apim
ssoEnabled: true
properties:
adminScope: apim_analytics:admin_carbon.super
allScopes: apim_analytics:admin apim_analytics:product_manager apim_analytics:api_developer apim_analytics:app_developer apim_analytics:devops_engineer apim_analytics:analytics_viewer apim_analytics:$
adminServiceBaseUrl: https://myhostname:9443
adminUsername: admin
adminPassword: admin
kmDcrUrl: https://myhostname:9443/client-registration/v0.15/register
kmTokenUrlForRedirection: https://myhostname:9443/oauth2
kmTokenUrl: https://hostname:9443/oauth2
kmUsername: admin
kmPassword: admin
portalAppContext: analytics-dashboard
businessRulesAppContext : business-rules
cacheTimeout: 900
baseUrl: https://myhostname:9643
grantType: authorization_code
publisherUrl: https://myhostname:9443
#storeUrl: https://myhostname:9443
If I have this error in terminal, after to start dashboard server.
<ip adress> != <localhost>
But I change myhostname to localhost no sends this errors but in login page of Dashboard sends:
https://localhost:9443/oauth2/authorize?response_type=code&client_id=VACHtG8hNxzG2au1EcA3sNmmXooa&scope=apim_analytics%3Aadmin%20apim_analytics%3Aproduct_manager%20apim_analytics%3Aapi_developer%20apim_analytics%3Aapp_developer%20apim_analytics%3Adevops_engineer%20apim_analytics%3Aanalytics_viewer%20apim_analytics%3Aeveryone%20openid%20apim%3Aapi_view%20apim%3Asubscribe&redirect_uri=https%3A%2F%2Flocalhost%3A9643%2Flogin%2Fcallback%2Fanalytics-dashboard%2Flogin
So, how fix or changed hostanem correctly?
Edit:
I change only kmTokenUrlForRedirection,kmTokenUrl and baseUrl from deplymento.yaml and dashboard page I have:
I search the error and found this link https://apim.docs.wso2.com/en/latest/troubleshooting/troubleshooting-invalid-callback-error/
But I try put somo regexp similar to:
regexp
regexp=(https://myhostname:9643/analytics-dashboard/login|https://myhostname:6443/analytics-dashboard/logout)
But nothing.
My new question is:
Where is a correct form of regexp of dashboard?
Change your analytics_dashboard sp's regex to following and try.
regexp=(https://myhostname:9643/login/callback/analytics-dashboard/login|https://myhostname:9643/analytics-dashboard)

Unable to authenticate iRedmail Ldap mail accounts with Redmine application

I have two different servers for iRedMail and Redmine applications. iRedMail is using OpenLDAP internally to create email accounts.
I would like to authenticate Redmine application with iRedMail OpenLDAP mail accounts.
I have done the below LDAP settings but Login fails in Redmine application when i try to login with iRedMail email and password and displays a message as "Invalid UserId and Password"
iRedMail LDAP skeleton
dc=example,dc=com
-- o=domains
---- domainName=example.com
------ ou=Users
---------mail=testuser1#example.com
---------mail=testuser2#example.com
DN for testuser1: mail=testuser1#example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com
DN for testuser2: mail=testuser2#example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com
Redmine application LDAP configuration
Name - LdapRedMail
Host - IpAddress
Port - 389
LDAPS - No
Account - cn=Manager,dc=example,dc=com
Password - ******
Base DN - domainName=example.com,o=domains,dc=example,dc=com
LDAP filter - (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=inetOrgPerson)(objectClass=mailUser)))
Attributes
Login attribute - mail
Firstname attribute - givenName
Lastname attribute - sN
Email attribute - mail
So would anyone help to resolve this issue?
After long search, i am able resolve the issue as shown below,
Name - LdapRedMail
Host - IpAddress
Port - 389
LDAPS - No
Account - cn=vmail,dc=example,dc=com
Password - <vmail password from settings.py>
Base DN - o=domains,dc=example,dc=com
LDAP filter - <empty>

Jenkins send email with part of log line

I have SOAPUI project with 10 test cases in Jenkins. I set up Jenkins to send me email with information from console output (log). I have set up email notification content as HTML (text/html).
I have this log in console output in Jenkins:
07:25:05,957 INFO [SoapUITestCaseRunner] Running SoapUI testcase [Login with username and password]
07:25:05,957 INFO [SoapUITestCaseRunner] running step [Clear access token]
07:25:05,957 INFO [log] Environment URL: url.test.environment
07:25:05,958 INFO [SoapUITestCaseRunner] running step [Retrieve accessToken]
07:25:05,959 DEBUG [HttpClientSupport$SoapUIHttpClient] Stale connection check
07:25:05,960 DEBUG [HttpClientSupport$SoapUIHttpClient] Attempt 1 to execute request
07:25:05,960 DEBUG [SoapUIMultiThreadedHttpConnectionManager$SoapUIDefaultClientConnection] Sending request: POST /api/v2/path HTTP/1.1
07:25:06,010 DEBUG [SoapUIMultiThreadedHttpConnectionManager$SoapUIDefaultClientConnection] Receiving response: HTTP/1.1 200
07:25:06,011 DEBUG [HttpClientSupport$SoapUIHttpClient] Connection can be kept alive indefinitely
07:25:06,017 INFO [SoapUITestCaseRunner] Assertion [JsonPath Existence Match] has status VALID
07:25:06,017 INFO [SoapUITestCaseRunner] Assertion [Valid HTTP Status Codes] has status VALID
07:25:06,017 INFO [SoapUITestCaseRunner] Assertion [JsonPath Existence Match 1] has status VALID
07:25:06,017 INFO [SoapUITestCaseRunner] Assertion [JsonPath Existence Match 2] has status VALID
07:25:06,017 INFO [SoapUITestCaseRunner] running step [Pass accessToken]
07:25:06,019 INFO [SoapUITestCaseRunner] Finished running SoapUI testcase [Login with username and password], time taken: 51ms, status: FINISHED
I have set up Jenkins to send email just with this line from log:
07:25:06,019 INFO [SoapUITestCaseRunner] Finished running SoapUI testcase [Login with username and password], time taken: 51ms, status: FINISHED
To that I use this regex to find just that line:
<pre>${BUILD_LOG_REGEX, regex="Finished running SoapUI testcase \\[Login with username and password\\]", showTruncatedLines=false}</pre>
But I want to have in email notification just parts of that line, something like this:
"Login with username and password: FINISHED"
or
"Login with username and password: FAILED"
Is there any way to send email with just part of that line?
Thanks to Aaron I found a solution.
Now I use this regex:
<b>Login with username and password: </b> <font color="green">${BUILD_LOG_REGEX, regex=".*Finished running SoapUI testcase \\[Login with username and password\\].*status: FINISHED", showTruncatedLines=false, substText="SUCCESS"}</font>
<font color="red">${BUILD_LOG_REGEX, regex=".*Finished running SoapUI testcase \\[Login with username and password\\].*status: FAILED", showTruncatedLines=false, substText="FAILED"}</font>
E-mail notification now looks like this:
Login with username and password: SUCCESS
or this:
Login with username and password: FAILED
"SUCCESS" text has green color and "FAILED" text has red color
It seems like you can use a substText argument to define a replacement pattern :
<pre>${BUILD_LOG_REGEX, regex="Finished running SoapUI testcase \\[Login with username and password\\].*status: ([A-Z]+)", showTruncatedLines=false, substText="Login with username and password : \\1"}</pre>
This will match only the lines such as the last one from your sample, select the success/failure status in the first capturing group which will be referred in the replacement pattern.

Configure WSO2 Identity Server with Active Directory?

I am trying to stand up WSO2 Identity Server 5.0.0 with Active Directory as the primary user store. I have connectivity, LDAPS, working database, etc. and can login to the admin console as the admin user I have chosen, and can successfully search for AD users and see roles.
However, if I try to show the details of a user, or change their password, I receive errors. For example, when attempting to change password, I see in the logs:
TID: [0] [IS] [2016-04-15 16:14:15,135] ERROR
{org.wso2.carbon.user.mgt.ui.UserAdminClient} - User testuser does
not exisit in the user store
{org.wso2.carbon.user.mgt.ui.UserAdminClient}
org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException:
UserAdminUserAdminException
but I have looked up this user and clicked the "change password" link in the resulting display, so it was able to at least find that user in the search.
I suspect that the AD roles of the user that I have configured for the LDAP connection are not sufficient to perform these tasks, but am unsure. Am I on the right trail, and if so, what are the requirements for this user? Or, is there something else to troubleshoot related to these errors?
UPDATE 4/18/2016:
OK when I added the debug suggested in an answer (log4j.logger.org.wso2.carbon.user.core=DEBUG), I noticed that the tool was searching for the user by CN and not finding it:
TID: [0] [IS] [2016-04-18 10:19:42,394] DEBUG {org.wso2.carbon.identity.mgt.IdentityMgtEventListener} - Pre update credential by admin is called in IdentityMgtEventListener {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
TID: [0] [IS] [2016-04-18 10:19:42,394] DEBUG {org.wso2.carbon.identity.mgt.IdentityMgtEventListener} - Updating credentials of user astudent16 by admin with a non-empty password {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
TID: [0] [IS] [2016-04-18 10:19:42,394] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user astudent16 {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:19:42,409] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=astudent16)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:19:42,472] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for astudent16 is null {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:19:42,472] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: astudent16 exist: false {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:19:42,487] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} - User astudent16 does not exisit in the user store {org.wso2.carbon.user.mgt.ui.UserAdminClient}
org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException: UserAdminUserAdminException
I referred back to documentation, and the vendor documentation suggests that for Active Directory, the UserNameAttribute in user-mgt.xml be set to CN - we had this set to sAMAccountName.
So, we changed to CN, and now the error is different:
TID: [0] [IS] [2016-04-18 10:30:46,338] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user A Student16 {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:30:46,354] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=A Student16)) in SearchBase: {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:30:46,354] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for A Student16 is CN=A Student16,OU=2016,OU=Students,OU=Accounts,DC=some,DC=org {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:30:46,354] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: A Student16 exist: true {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager}
TID: [0] [IS] [2016-04-18 10:30:46,463] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} - value after escaping special characters in A Student16 : A Student16 {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager}
TID: [0] [IS] [2016-04-18 10:30:46,463] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} - Can not access the directory service for user : A Student16 {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager}
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=some,DC=org'
]; remaining name 'CN=A Student16'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
Add following the line to <IS_HOME>repository/conf/log4j.properties file, and try the scenario which failed. Also attach wso2caron.log file to analyze the issue.
log4j.logger.org.wso2.carbon.user.core=DEBUG
Also attach user-mgt.xml file.
I think I am having the same problem you are. I was able to get the password recovery to work for a user by changing the UserSearchBase so it fully referenced the OU for the user.
In our case we have users in:
OU=FacStaff,OU=People,DC=SomeCollege,DC=edu
OU=Students,OU=People,DC=SomeCollege,DC=edu
OU=Sysusers,OU=PrivUsers,DC=SomeCollege,DC=edu
By specifying the full OU, the password recovery works for users in that OU, but users in any other OU cannot even log in.
I want to have my UserSearchBase set to DC=SomeCollege,DC=edu so it can search our whole tree, and this does work for authentication, but not anything where it has to write to Active Directory.
I can replicate the error by doing an ldapmodify with an ldif that leaves out part of the DN for a user, so I suspect the problem lies in the updateCredentialByAdmin function in that it is attempting to use the CN and UserSearchBase where it should be using the full DN.
I have also tried using multiple UserSearchBase entries, separating them with the hash character. Again, it works for authentication, but not updates.