I am trying to setup ejabberd as IM solution for my project, which will be mobile app + backend. I am using SQL auth (and SQL store for all modules also), using MSSQL via ODBC. I have some questions I didnt find answered in docs.
Do I understand correctly, that ejabberd is multi-tenant (since it can support multiple domains). If so, how are users assigned to particular tenant (domain)? In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
I want to create XMPP accounts on ejabberd automatically (user doesnt need to know anything about underlaying service) - do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
Create a new database for each vhost, and use the host_config option in ejabberd.yml to tell which database to use for each vhost:
https://docs.ejabberd.im/admin/configuration/#database-and-ldap-configuration
Or you can enable the new SQL schema, see https://blog.process-one.net/ejabberd-18-03/
do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
Both are acceptable. In the second case, there are chances that some task performed at account registration is missing in your server, but I don't remember any module that performs any task at account registration. So, it looks OK.
Related
I have created a database with two tables on my phpMyAdmin account, and I'm using 000webhost for a web hosting. Once I logged out of my account, and re logged in, everything was deleted. Does anyone know how I can save the database I have re added? thanks so much
Normally a database would persist across login sessions. The only possible exception would be if you log in as different users (which could be different usernames or if you use fine-grained IP-based access controls, for instance, two different users both with username natasha, one host 192.0.2.1 and another with host 192.0.2.50). If those users don't have full access, they might not be able to see the database owned by the other user.
Other than that, I can't think of any reason your data wouldn't persist and suggest you contact your hosting provider's support for further assistance.
I'm planning a multi tenancy app with nodejs and sequelize(mysql dialect). I'm gonna have a single app and multiple databases for each client. I'd need to connect to a client database after authentication (with passport.js). So there is a classic master database with clients info and db user,host and pwd, and then after the successful login the app connects to the specific client db. How could i do something like this? I was thinking to use sessions...maybe a middleware that for each request fetch the session and then passes the data to sequelize config object? Could anyone share with me how he/she manage to do something similar? I'm stuck in a logical trap ! Thank you
You're very close.
When you look up the user in your master db, in order to validate the username/password, you will also look up the connection string to the user-specific database. Then youu can create a simple express middleware function to open up the specific connection at the beginning of each request.
You will need usernames and passwords for the databases. For best security, they should not be the same as the users' usernames and passwords: If somebody cracks your web app and user table, you don't want them to have all the passwords.
But, what you propose is not classic multitenancy. Multitenancy is creating a single database, in which the various tables have columns mentioning which user they are for. Then once passport tells you the user's id, you can put it into your queries (for example, SELECT .... WHERE user_id = <<value>> AND ....
Your proposal will work tolerably well for a few dozen users. But what happens if you get tens of thousands of users? That will be a lot of separate databases.
I need to store data for each user in ejabberd.How can I do this ? I mean I need to add one more field to user table and I should update this data whenever.
How can I do this ?
This is what I am doing.
During registration process in my Android Chat application, I post data like the desired userid (jabberid), password, email, display name, gender, mobile etc. to my PHP API. The PHP code validates if userid already exists and if it doesn't then it creates the user first in an external mysql database, storing all the fields received in post, and then creates the real user in ejabberd by executing the ejabberdctl register command. There will be some permission issues executing the command inside apace\PHP which I successfully resolved using this answer here. Now I can access the user data using my PHP API.
The idea is that I am not overloading the mnesia database with rarely accessed or modified data. IMHO, this helps if you don't want to switch ejabberd to odbc\mysql mode and lose potential benefits of mnesia or if you are planning to run mnesia in "RAM Only" mode. All this I am saying with limited knowledge of ejabberd, hence don't take my word as gospel.
I would like to create a MySQL user with permissions to create and remove other users, but prevent my own (superuser) account from being deleted or modified.
The user seems to need CREATE USER to be able to manage users, and this seems to allow deletion of all accounts.
Goal is to provide MySQL as a service with the possibility to do some user management, while keeping an administrative user on the database protected from users.
Edit: Users will be connecting to MySQL directly using the CLI mysql client or a third party database tool. Of course this problem could be eliminated by providing the user a custom system to do user management and do custom access control in there, but I'd prefer to give direct access to the DB.
MySQL does not provide this level of control over user management. But I can imagine a small application of your own that would let your authorised users to manage only users you allow.
Only the application would connect to the database as a privileged user.
Only the application would issue the actual CREATE USER and DROP USER statements, and only on accounts that you allow.
Having manipulated these actual MySQL system users via this application, these accounts would become available for direct connection.
how to connect database table with the local username id and password of the system?. When user logs into the machine. opens up the software, he gets only the assets alloted to him. asset information is contained in the database table..anyone has any idea on how to implement this.I'm using mySQLdb with pyqt4.(creating an asset manager, user gets only the assets alloted to him )
As has been stated in the comments, the tables should not be any different between users. Also, there is no way to get the users password without them entering it again. And once you do have them enter it, you would have to use some method to authenticate them, such as checking it against an LDAP server.
Otherwise, if you simply want to base the delivery of database information of the current logged user and assume that them being logged in is enough of an authentication, you could simple get the login name with os.getlogin()
Most likely what you would just be doing is selecting on your table, data that has that username as matching criteria of some column. You wouldn't be using any sort of database-level authentication to filter the data. The authentication comes from some other earlier layer.
In pseudo-code: select * from assets where user is <result of os.login()>
With regards to the reason you are getting downvotes... People would like to see more context about your problem to understand the solution you are after. What is the structure of your database tables? Are you associating asset records with users? Is there a specific need for security or simply automatically identifying a user that is running the software? People on SO that take a little more time to outline their problem, the context, and what they have tried, tend to get better responses and upvotes.