I do not understand the following requirement i am to work on.It says--
Configuration changes are required on the MySQL database server so that the database accounts created for students should authenticate with Active Directory.
I don't understand what it means to authenticate a database with AD? I only understand the scenario in which we authenticate a website application login with AD accounts.
What needs to be done and what would I need for this?
the following posts will help you understand the issue
stackoverflow post
mysql docs
Related
in Azure monitoring need to find out which user and server details for the failed connections in mysql dbs.
Is there any query to find out and user details.
also once we find out user and details we need to add that logic into logic app.
You can navigate to your SQL server overview page and know your username under the name of server admin.
and can reset the password as mentioned in the below image.
Following the above way you can add the details to connect to your SQL Server in logic apps
Hey I've coded a Program with Login that connects to my MySql Database.
Since everyone has to Login before using it they have to connect to the Database in order to proof if the Login Details are correct.
To allow that connection I have store the Username and Password for that Database inside the Program:
datasource=myip;port=myport;username=username;password=password;database=database
I guess it wouldn't be hard at all for any hacker to find this username and password so is it possible to hide the login details somehow? I were able to crypt and decrypt it but I don't think that it would be too hard to even crack that.
How do others do it or is there a other way to connect to your database without the username and password in ur code?
As Baseult indicates in the comments, the only way to stop someone breaking into your database is not give it to them in the first place - you keep the DB on your server, and other people access it by sending calls to a web service. Doesn't have to be RESTful
I can't add comments but why not use a generic login to connect to the database and restrict it with user names/passwords/hashes for the application via a user table in your database?
I am currently struggling on LDAP authorization towards MS AD (Server 2012) and MySQL as connection database. Once I log into guacamole using an AD account (sAMAccountName) I am not able to add any connections.
Is there anything I might have missed? Generally speaking I do not really want to modify the scheme of our AD.
Maybe you could let me know which settings the guacamole.properties file should have then. I am on 0.9.9 as well. Both mechanisms, LDAP and MySQL are working themselves but no functional combination has been established.
Thank you for your help in advance
For a user to have access to connection data within MySQL (or to have the ability to create and manage connections within MySQL), they must be granted permission to do so within MySQL. As Guacamole uses the username to represent identity, there are two ways to accomplish this:
Create an account within LDAP having the same username as an existing administrative user in MySQL (such as the default guacadmin), and log in as that user when managing things.
Log in as an administrative user in MySQL and create a new administrative account having the same username as your account within LDAP. After logging out and logging back in as that user, you will have admin permissions.
The relevant section is in the chapter of the manual covering LDAP:
Associating LDAP with a database
If you install both the LDAP authentication as well as support for MySQL or PostgreSQL (following the instructions in Chapter 6, Database authentication), Guacamole will automatically attempt to authenticate against both systems whenever a user attempts to log in. That user will have access to any data associated with them via the database, as well as any visible objects within the LDAP directory. The LDAP account will be considered equivalent to the database user if the username is identical.
Data can be manually associated with LDAP users by creating corresponding user accounts within the database which each have the same usernames as valid LDAP users. As long as the username is identical, a successful login attempt against LDAP will be trusted by the database authentication, and that user's associated data will be visible.
If an administrator account (such as the default guacadmin user provided with the database authentication) has a corresponding user in the LDAP directory with permission to list and read other LDAP users, the Guacamole administrative interface will include LDAP users in the overall user list presented to the administrator, and allow connections from the database to be associated with those users directly.
(emphasis added)
I am trying to setup sonar in my pc.
Following the exact same steps as per official documentation.
I changed the database to mysql and port to 4950.
sonar.web.port=4950
sonar.jdbc.username=sonar
sonar.jdbc.password=root
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
Now I can access sonar at port 4950,mysql contains a table of users which has a row of admin but i am unable to login with admin credentials.
I reverted back to its embedded database but still unable to login with admin credentials. Is there any property required to set or am I missing something. Please help
The docs include advice for when admin is locked out. In short, you might need to run some SQL:
INSERT INTO user_roles(user_id, role) VALUES ((select id from users where login='mylogin'), 'admin');
I am working on an application which bulk-loads data into a SQL Server 2008 database. It writes a CSV file to a network share then calls a stored procedure which contains a BULK INSERT command.
I'm migrating the application to what amounts to a completely new network. In this new world bulk insertion fails with this error:
Msg 4861, Level 16, State 1, Line 1
Cannot bulk load because the file "\\myserver\share\subfolder\filename" could not be opened. Operating system error code 5(failed to retrieve text for this error. Reason: 15105).
I connect to the database using Windows Authentication, using the same account which wrote the file. The file, and the folder in which it resides, grant read and modify rights both to my user account and the database server's domain service account. That service account apparently has constrained delegation permitted, which is mentioned on MSDN. Still no good. If I connect using a SQL Server account then bulk insertion succeeds, but we are trying to stick exclusively to Windows Authentication.
Does anybody have a handle on what needs to be done to make this work? How exactly does SQL Server go about accessing data on network shares, hopping between its service account and that of the connected user? I know that I can bulk insert in a similar situation in our current infrastructure, but it is so crufty with age that it would be hard to track down what has been done to enable this in the past.
Recently we had this issue for a number of our Devs. I've come up with a number of ways to allow testing of bulk inserts.
Our preference was to use a SQL service account. We set the SQL server and SQL agent to run as a service account and then allowed the devs to trigger agent jobs. The service account was granted permission to the UNC shares and this all functioned correctly. Note that the service account will always been fine running these agent jobs (assuming UNC permissions are set). It's the Devs trying to test that will come across these issues.
Another method is to create a share on the SQL server itself and point the bulk insert path at the local directory. These errors seem to only occur when accessing UNC paths. Regardless of whether the UNC path has the correct permissions to allow you access. For example we create C:\test\ as a folder on the SQL server itself and permission it to allow a dev to drop test files there. These are then called via the bulk insert command.
A command may need to be run against master to allow a SQL login group permission to bulk insert. This is as below.
GRANT ADMINISTER BULK OPERATIONS TO "domain\usergroup"
Adam Saxton's blog (about Kerberos and bulk inserts from a share) should be read: http://blogs.msdn.com/b/psssql/archive/2012/09/07/bulk-insert-and-kerberos.aspx. Adam offers two approaches:
Enable constrained delegation for the machine (as opposed to the sqlservr.exe startup) account, or use a SQL Server login. Adam mentions two other approaches (which he does not recommend).
An aside, the latter half of the OP's message "(failed to retrieve text for this error. Reason: 15105)" may be related to a SQL Server startup account lacking rights documented within SQL Server's "Configure Windows Service Accounts and Permissions" topic, such as SeAssignPrimaryTokenPrivilege.
Did you ever resolve this issue? I recently had a similar problem and discovered that the best way to resolve it was to use a SQL login.
Initially, having read the notes here I thought if I just granted read permissions to the Windows account with which I was connecting to the SQL Server that would be okay, but even when I granted read access to Everyone, I still couldn't read in the file.
I believe the reason is something to do with SQL Server impersonating the windows user and attempting to access the UNC share, which is delegation and which is not allowed unless explicitly enabled. There are some notes here which may help. This is the constrained delegation of which you speak and I couldn't get it to work either!
Bottom Line: I just used a SQL Login and made sure the SQL Server Process account had read permissions on the share (by granting read to Everyone in my case) and it worked.
In order to bulk insert with AD users, the SQL service it self has to be running as a domain user and has to have the AD permission to be able to delegate authentication. Same if you wanted to run linked servers with ad users. Here is the link for AD and linked servers, but the permission are the same.
Linked Servers and Active Directory
The server must have an SPN registered by the domain administrator.
The account under which SQL Server is running must be trusted for delegation.
The server must be using TCP/IP or named pipes network connectivity.