I could find a way to change the password for system generated admin only. How can I change this option enable for all the authorities in jhipster? As the given answer here I tried to find a change password method in UserResource.java. But couldn't find it. Now I could find it inside the password.state.js file. Still it not works for other roles though. After changing the AccountResource.java that also worked.
If you use the default change password method generated by JHIPSTER, then, verify that the resource that call this method has this anotation of security #Secured("Admin") . You can remove this anotation to allow all users to change password.
Related
I am new to OpenLDAP. I would like to know the method to restrict some user from searching part of the LDAP database.
For example, I have ldap root dn <dc=abc,dc=com>
There are other groups like below:
ou=department1,dc=abc,dc=com
ou=department2,dc=abc,dc=com
ou=people,dc=abc,dc=com
cn=userA,ou=people,dc=abc,dc=com
cn=userB,ou=people,dc=abc,dc=com
I would like to allow userA to only able to search data from dn:
ou=department1,dc=abc,dc=com
But restrict it from searching from dn: ou=department2,dc=abc,dc=com
How could I implement that?
You can explicitly set permissions and blocks in the slapd.conf file --- the base install has a few samples
You have to configure ACLs in the slapd.conf file. Here are two examples ACLs that you could use for your case. But remember to add whatever other permissions for other users to "ou=department1,dc=abc,dc=com" and "ou=department2,dc=abc,dc=com".
access to dn="ou=department1,dc=abc,dc=com"
by dn="cn=userA,ou=people,dc=abc,dc=com" read
by * none
access to dn="ou=department2,dc=abc,dc=com"
by dn="cn=userA,ou=people,dc=abc,dc=com" none
by * none
For more information, read the documentation about OpenLdap access control: http://www.openldap.org/doc/admin24/access-control.html
I created new user - 'exampleuser' and new role - 'examplerole' in JasperReports Server version 5.6.
The new user - 'exampleuser' has 2 roles: 'examplerole' and 'ROLE_USER' that is attached to the user by default in the JR Server.
For every folder in jasper I gave the 'examplerole' and 'ROLE_USER' the permissions - Execute only.
According to my understanding, if I will login with the 'exampleuser' user I won't be able to see any folder, of course not be able to delete any file inside that folder.
What actually happens is that I'm able to see all the files inside any folder, add and delete files as I wish and change permissions to the files.
Could not find any information about it - according to the JasperReports Server manual I'm not doing anything wrong or do I?
The 'exampleuser' doesn't have any permissions to the folder e.g. 'NO ACCESS' permission.
And there were no errors in the logs.
Is someone ran into this situation before? Is it fixable or it is some bug of JasperReports Server?
-----------------------------EDIT---------------------------------------
I've found out that this situation happens only in Google chrome browser. If I use IE for example, everything is as it should be.
Anyone? Any idea?
Edit user(exampleuser) and assign only new role(examplerole) which you created for new user remove ROLE_USER and save.
Now right click on the folder on which you want to give permission to new user(exampleuser) and select "Permission" , there you can see all the roles and there access permission.
Change permission No Access to Read only for examplerole and remove the access form other roles i.e. select No Access option.
Now after that you need to check remaining other directories whether they have ROLE_USER access or not , if they have remove permission from ROLE USER i.e set it to No Access.
I have a problem while i have tried to open a source code view of a form in access 2003.that need from me a password but i havn't any password.how can I delete this password request?
thanks
This password will have been put in place by the application developer in order to protect the source code from view, it can be removed, however you must first enter the password, which you will need to obtain from whoever put it in place assuming they would allow you to.
I've lost the admin user password on hudson (actually it just randomly stopped working), I can get back in by disabling security (editing ~/.hudson/config.xml) then I can configure hudson, but I can't find any options to add new users or change/reset user passwords - maybe these options don't appear when security is disabled? I was using the matrix-based security. How can I add a new user or reset the password for existing ones?
Here is an article outlining how that is achieved.
The first one: edit the authorization setting in the config.xml file
if you have defined more users in your Hudson and you at least one
user’s password. For example, your user name called peter and you know
the password of the user jack, in this case, just open the
%HUDSON_HOME%/config.xml and find the line:
<permission>Hudson.model.Hudson.Administer:peter</permission>
And add a new line below:
<permission>Hudson.model.Hudson.Administer:jack</permission>
Save your change and restart your Hudson server, then you can login as
jack and change your own password. After then login using your own
account and go to http://your/hudson/configure and change jack back
to his normal authorization setting.
The other way ist just editing your own config.xml, in this case, open
%HUDSON_HOME%/your/config.xml and find the line:
<password>………</password>
The text between the password tag is encoded, so you can’t just enter
your password as plain text here. The easy way for you now is just
remove all the text between that tag, in another word, just let the
password empty.
Hope this helps.
In Hudson 3.0, security is defined in a separate file, hudson-security.xml. Same directory though.
Just edit the <useSecurity>true</useSecurity> entry and specify false.
If you have access to the jenkins files, edit the config.xml.
/var/lib/jenkins/config.xml
Change
<useSecurity>true</useSecurity>
<useSecurity>false</useSecurity>
And comment to
<authorizationStrategy/>
Ref:
http://it.i88.ca/2013/04/reset-password-of-jenkins.html
Greetings!
I use Jenkins, but this should be similar in Hudson. You need to be logged in as a user with administrative permissions, so configuring Hudson to use security is essential. Look for a 'Manage Users' link in the 'Manage Hudson' page (the main configuration page linked from the main page). The 'Manage Users' page should give you a list of users that have been configured for use with Hudson and you should be able to add/edit/delete users from here.
Read this article for more information on configuring security in Hudson.
mercurial-server manages user database under keys folder. Users and groups are represented by files and folders.
AclExtension relies on linux user group through ssh.
they don't seem to match. or did I miss something?
I have managed to make mercurial-server work. but just don't see how to integrate AclExtension with it so I may have finer grained access control.
Unfortunately, the AclExtension does key its access off of usernames. If you are creating separate UNIX user accounts for each using with hg-ssh you've got everything you need, but if all of your ssh users are using the same Unix user account then the AclExtension isn't going to work for you.
Unless...
I did just look into the acl.py file and it looks like it uses the getpass.py module's getuser which checks the environment for the user name using this code:
for name in ('LOGNAME', 'USER', 'LNAME', 'USERNAME'):
user = os.environ.get(name)
if user:
return user
so it might be possible to fake that out by setting an environment variable in the hg-ssh user's authorized_keys file like this:
command="hg-ssh path/to/repo" environment="LOGNAME=fakeusername" ssh-dss ...
where then you could put fakeusername in ACL rules, and could have a different fakeusername for each key, all running under the same UNIX account.
BTW: Everyone seems to just use hg-ssh alone, I never see the (non-official) mercurial-server app used anymore.
The environment trick doesn't seem to work on my Solaris box; my solution was to pass in the fakeusername as a parameter to hg-ssh and have that set os.environ['LOGNAME'] so that getpass sees it.
command="hg-ssh fakeusername" ssh-dss ...