i am using UnboundID LDAP SDK for ActiveDirectory management, and i want to create new user. I am able to create connection to ActiveDirectory and add new user with some attributes, but i dont know how to work with attribute userAccountControl. This attribute is used by ActiveDirectory to store some flags, and i don't know how to set these flags using UnboundID LDAP SDK. Thank for any help.
Some information about attribute userAccountControl
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx
I found out that i had some path wrong, here is code for modification userAccountControl
Modification mod = new Modification(ModificationType.REPLACE, "userAccountControl", usr.getUAC().toString());
ModifyRequest req = new ModifyRequest(userCN + userOU, mod);
LDAPResult modResult = connection.modify(req);
The userAccountControl is a bit mask so it is necessary to set is as an integer.
We have some of the values and information documented here:
http://ldapwiki.willeke.com/wiki/User-Account-Control%20Attribute%20Values
Might help if you said what you were trying to set in userAccountControl and provided the code you are using.
Related
I am trying to write an application which would offer user to manage users on LDAP system. One feature of this is the functionality "Forgot Password".
User uses my app to Reset his password
I ask some security questions and if they are correct, I redirect him to new screen - new password screen.
User provides new password only (as he has forgotten his old one)
I use admin Context and reset the user password (using modifyAttributes(..)).
The LDAP system, set pwdReset to true indicating that password was changed by admin and must be changed by user.
Now, I do want to set this to false, coz I don't want user to change his password again (as he already did in above steps), so I explicitly modify it to false. But I get error
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Object Class Violation]; remaining name 'cn=XXXX,ou=XXXXOU,O=XXXX'
What is the way around ? Is there some other alternative ?
For refernce, the code to reset pwdReset is as under:
List<ModificationItem> modsList = new ArrayList<ModificationItem>();
BasicAttribute attribute = new BasicAttribute(ATTR_PASSWORDRESET, "false");
modsList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute));
ModificationItem [] modsArr = modsList.toArray(new ModificationItem[modsList.size()]);
modsArr = modsList.toArray(new ModificationItem[modsList.size()]);
this.adminCtx.modifyAttributes(userName, modsArr);
And here is my pwdPolicy
I've just spent two weeks proving to myself that OpenLDAP doesn't actually do step #5 at all, despite what the wording of the RFC draft appears to mean. I als found a message in the OpenLDAP Mail archives confirming that they think it isn't supposed to do that. So what is happening is that there is no pwdReset attribute to set to false, so you're getting a schema violation trying to add it with that value. So, all you have to do is nothing.
It would probably be safer just to set pwdReset to null, which removes it completely, or just remove it with DirContext.REMOVE_ATTRIBUTE. My code doesn't use ModificationItem, which is another clue, more like:
BasicAttributes attributes = new BasicAttributes(ATTR_PASSWORDRESET, null);
this.adminCtx.modifyAttributes(userName, attrs);
The above also means that if you want it set to TRUE you have to do so yourself.
I've been making a tool to create dummy documents on Lotus Notes using the Java API.
So far I've been successful creating the documents using the NotesFactory create session method
NotesFactory.createSession(serverUrl, username, password);
And later creating the document using the Database class createDocument() method.
However, regardless of the user I put when I'm creating the session, the created document always has "Administrator" as the document originator.
Is there any way to override this behavior?
EDIT 8/24/2016:
Here is the code I'm using to create documents
Session session = NotesFactory.createSession(serverUrl, username, password);
Database db = session.getDatabase(session.getServerName(), "docLibra.nsf");
Document doc = db.createDocument();
// Set document properties
doc.replaceItemValue("Subject", "Sample Subject");
RichTextItem bodyItem = doc.createRichTextItem("Body");
bodyItem.appendText("Sample content");
doc.save();
doc.recycle();
db.recycle();
session.recycle();
I created several users (i.e. user1, user2) and I'm able to get a Session with the credentials of those, but when the document is saved. The originator is set as Administrator, even tough the Administrator credentials are nowhere on the code and the code is executed on an external computer.
Well, that means that your code is running under the identity of someone name "Administrator". That could be you, or the person who re-signed the code before allowing to run on the server. Get in touch with that person.
Now, what are you trying to do ? Impersonnating someone else ? On Domino ? No way.
Writing code that any user can run ? There are many ways.
Generating documents that can be read, or maybe modified, by all users or by a definite subset of them ? There are plenty of ways. Look for Access Control List, for the concept of Role, and for the special types of fields Author and Reader.
I find a way to implement twitter login with github twitter4j but I want to implement it without using any third party library. With the twitter document, I am not able to understand what should I do for it. From where I can get oauth_nonce, oauth_timestamp & oauth_signature's value? Please suggest me a good way to implement twitter login in web.
Please suggest me a good way to implement twitter login in web.
The Twitter developer documentation says this:
"Most developers will not need to work with the details of OAuth, since Twitter Client Libraries already implement the protocol. It is strongly recommended to use one of these libraries. "
If you choose to ignore that advice, then the same page has links to other pages that explain OAuth, explain various ways to get tokens, and explain how to ad authentication details to your requests.
I am myself the developer of a ThirdParty library and I will definitely advise to use them. Twitter authentication has multiple problems to consider.
Anyway here is an answer for you.
// oauth_nonce
var oauth_nonce = new Random().Next(123400, 9999999).ToString(CultureInfo.InvariantCulture);
// oauth_timestamp
TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
var oauthTimestamp = Convert.ToInt64(ts.TotalSeconds).ToString(CultureInfo.InvariantCulture);
Signature is a bit more complicated. You need to extract all the params of your query. Order them by name, Append all of them into a string separated with '&' (lets call it URL_PARAMETERS).
Then create a string as followed {HTTP_METHOD}&{BASE_URL}&{URL_PARAMETERS}
Now you simply have to compute the Hash of the previous value with the oauth_secret_key (from Twitter app).
And not you can simply do oauth_signature = Http.UrlEncode(Convert.ToBase64(<HASH>)).
Also don't forget
var oauth_signature_method = "HMAC-SHA1";
I'm working with a Google Apps application. Actually, I want to the access another id without using a password for that. I used OAuth and it's working well. But I am not able to share the particular person's calendar. I tried the following code.
GoogleOAuthParameters oauthParam=new GoogleOAuthParameters();
oauthParam.setOAuthConsumerKey("xxxx.com");
oauthParam.setOAuthConsumerSecret("xxxxxxxxxxxxxxxxxxx");
oauthParam.setScope("http://www.google.com/calendar/feeds/");
URL feedUrl = new URL("http://www.google.com/calendar/feeds/default/owncalendars full?xoauth_requestor_id=user#example.com");
CalendarService service=new CalendarService("calendar");
service.setOAuthCredentials(oauthParam,new OAuthHmacSha1Signer());
AclEntry entry = new AclEntry();
entry.setScope(new AclScope(AclScope.Type.USER,"any.user"));
entry.setRole(CalendarAclRole.READ);
AclEntry insertedEntry = service.insert(feedUrl, entry);
For this code I got the error:
com.google.gdata.util.InvalidEntryException: Bad Request
Calendar entry does not contain title
at com.google.gdata.client.http.HttpGDataRequest.handleErrorResponse(HttpGDataRequest.java:558)
at com.google.gdata.client.http.GoogleGDataRequest.handleErrorResponse(GoogleGDataRequest.java:563)
Inserting ACL entries instead of Calendar entries into the own calendars feed is not a good idea. Also, this API is now deprecated, use http://code.google.com/apis/calendar/v3/getting_started.html for the reference.
I'm developing one web application project using java for education industry.In this Admin have all rights to access the google services of other users like A,B,C..... for this is use OAuth.Then i tried Admin want to share user A's calendar to user B using OAuth.But i got stuck in this step. Is it possible Plz Help me
Thanks
Regards
Sharun
I believe you want to use Access Control Lists (ACLs), see the docs. The Java example code at this URL for the task you mention is pretty simple:
AclEntry entry = new AclEntry();
entry.setScope(new AclScope(AclScope.Type.USER, "jdoe#gmail.com"));
entry.setRole(CalendarAclRole.READ);
URL aclUrl =
new URL("http://www.google.com/calendar/feeds/jo#gmail.com/acl/full");
AclEntry insertedEntry = service.insert(aclUrl, entry);
and what it does is, and I quote:
This code allows jdoe#gmail.com to
have read-only access to
jo#gmail.com's calendar.
There's more where this came from (e.g., upgrading a user's role in an ACL above the read-only access granted in this example), and I think it's a good idea to read the whole page.