Ldap | LDAP auth for Magento 2 backend login | Authentication library

Try install base64 in your python, use the command:

Dot Points:

• include $request_uri in your proxy pass
• provide a resolver in your proxy location block
• declare an entry for your container in Docker's network stack
• use all lower case in your service name

Below is the configuration file I use to reverse proxy through to a Ubiquiti Unifi container. All my certbot is handled off site so I need not consider that here. If you compare our location blocks, the issue will likely become immediately apparent, but I'll explain for clarity's sake.

What you need to look at is your Proxy Pass directive. This is of course where the magic proxying happens. I notice that you have not been including the $request_uri, so any request nginx receives for bound.example.com/testpage1, it will send a request to the upstream apache server for bound.example.com. Of course if you need to include a port, as I have done here 8443, this is the place to do it also.

If you include this variable, it should resolve your problem.

The following does not answer your question, but I thought I would include it also just as some helpful information.

Also, I just want to note that I have included a resolver. The IP address 127.0.0.11 points to Docker's internal DNS resolver. Chances are you won't need to include this, however I did so myself to ensure I didn't get odd problems. Lastly, I'd just like to recommend that you look into upgrading your SSL settings, to ensure that you are safe from attacks from weaker SSL / TLS versions.

I expect that adding the variable $request_uri to your proxy pass directive is all that is required to get your site working.

I am missing the jmods directory in my jdk. On Fedora jmods are a separate install https://fedora.pkgs.org/35/fedora-x86_64/java-11-openjdk-jmods-11.0.12.0.7-4.fc35.x86_64.rpm.html

Run sudo dnf install java-11-openjdk-jmods

After trying for a few days and just found out that pip and python in the project are not pointing to .venv but to anaconda due to an update. when error

no module stdnum

actually there is a problem with pip so make sure your pip path with which pip or which python

1. to solve .venv that doesn't work by deleting the .venv folder, create venv in python, and install all requirements again

Log4j is a popular logging framework used in Java (you can figure the popularity by seeing the widespread impact of the vulnerability). Log4j offers a specific feature, where you can add tokens to your logging string, that get interpolated to fetch specific data. E.g. "%d{dd MMM yyyy}" will insert the date at which the message was logged.

In the mean time JNDI (Java Naming and Directory Interface) is commonly used for sharing configuration settings to multiple (mirco)services.

You can imagine a situation where somebody would like to log configuration settings in e.g. error situations.

See this article explaining a bit

A Java based application can use JNDI + LDAP together to find a Business object containing data that it might need. For example, the following URL ldap://localhost:3xx/o=BusinessObjectID to find and invoke theBusinessObject remotely from an LDAP server running on either a same machine (localhost) on port 3xx or remote machine hosted in a controlled environment and goes on to read attributes from it.

The update it refers to mentions it as "LOG4J2-313: Add JNDILookup plugin." The motivation is found in the Apache JIRA entry

Currently, Lookup plugins [1] don't support JNDI resources. It would be really convenient to support JNDI resource lookup in the configuration.

One use case with JNDI lookup plugin is as follows: I'd like to use RoutingAppender [2] to put all the logs from the same web application context in a log file (a log file per web application context). And, I want to use JNDI resources look up to determine the target route (similarly to JNDI context selector of logback [3]).

Determining the target route by JNDI lookup can be advantageous because we don't have to add any code to set properties for the thread context and JNDI lookup should always work even in a separate thread without copying thread context variables.

[1] http://logging.apache.org/log4j/2.x/manual/lookups.html [2] http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender [3] http://logback.qos.ch/manual/contextSelector.html

The big problem with log4j, is that by default all string interpolation of all modules is turned on. In the mean time it has become opt-out, but it wasn't always.

While AD has a userPassword attribute, it's just a pointer to the unicodePwd attribute, which is the real password attribute. But userPassword doesn't always work, as described in the documentation. For Active Directory, you're better off using unicodePwd directly.

The documentation for unicodePwd says that you require either SSL or SASL encryption to set the attribute. SASL would usually be done with Kerberos. If you were using DirectoryEntry, that's easily done by specifying AuthenticationTypes.Sealing. With Novell.Directory.Ldap, I don't know if that's possible, and this open issue suggests that it isn't (yet).

Unless you're willing to switch to using Sytem.DirectoryServices (which, in .NET Core, would lock you into running your app on Windows only), then I think you are stuck requiring SSL.

The unicodePwd attribute also requires a very specific format. The documentation says:

the DC requires that the password value be specified in a UTF-16 encoded Unicode string containing the password surrounded by quotation marks, which has been BER-encoded as an octet string per the Object(Replica-Link) syntax.

In C#, that's easily done like this:

I've created a simplified setup starting from your code with support for both OAuth2 and Basic Auth.

/tenant2/** will start a basic authentication. /** (everything else) triggers an OAuth2 Authorization Code authentication.

The key to achieve this is to have one @Configuration class per authentication type.

Let's start with the controllers:

Tenant1HomeController

Looks like the problem was quote marks in pass.properties file. The interesting thing is, even if credentials are typed with or without quote marks, JDBC connectors work well. Maybe the reason is it is the first line in the file but just a small possibility.

So, do NOT use quote marks in your password files, even if some of the connectors work this way.

There are issues with the python-ldap package when linking against OpenLDAP 2.5+. The issues are acknowledged by the devs in https://github.com/python-ldap/python-ldap/issues/432 and https://github.com/python-ldap/python-ldap/issues/445.

Tested workaround is the one described in the first issue:

As a workaround create the file /usr/lib64/libldap_r.so with content INPUT ( libldap.so ). The approach works on all systems that use a GNU ld-compatible linker.