Active Directory authentication for PostgreSQL users

It is easy, you just need to add to the configuration file /var/lib/postgresql/data/pg_hba.conf host all all ldap ldapserver="myldapserver" ldapbasedn="OU=USERS,DC=group,DC=redaelli,DC=org" ldapbinddn="CN=matteo,OU=USERS,DC=group,DC=redaelli,DC=org" ldapbindpasswd="MySillyPwd" ldapsearchattribute="sAMAccountName" ldapscheme="ldaps" And inside your database yu need to create a role for the Active director users and then grant them to the required databases.

October 12, 2020 · 1 min · 47 words · Matteo Redaelli

LDAP search examples from command line

setup In these examples I use kerberos authentication but you could also use basic authentication with -D and -w options For semplicity I put common options into the environment and I have created an alias export LDAP_OPTS="-h -LLL -Y GSSAPI -b dc=group,dc=example,dc=com -o ldif-wrap=no " alias adsearch="/usr/bin/ldapsearch ${LDAP_OPTS}" Extract locked users adsearch “(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))” dn Expired passwords date -d “1601/1/1+$(expr 132469210596077795 / 10000000 )Seconds” “(&(objectclass=user)(objectcategory=person)(!pwdlastset=0)(pwdlastset<={date})(!userAccountControl:1.2.840.113556.1.4.803:=65536))” Extracting the flat list of members of a group How to recursively retreiving teh list of members of a group...

October 12, 2020 · 1 min · 87 words · Matteo Redaelli

Using a GraphQL gateway for backend services (Active Directory, AWS and Qliksense Api samples)

Complex web sites read and write data from/to several backend systems using different interfaces (sql, soap , rest, rpc,..). But it could be simpler and useful to create a single endpoint and interface for all the backends. With GraphQL the frontend applications get from the backends only the list of fields they need and do not receive the static list of the fields provided by the soap/rest services. I played with graphql and Walmart lacinia implementing one GraphQL backend for LDAP/Active Directory and one for Qliksense Repository rest api....

October 11, 2020 · 2 min · 253 words · Matteo Redaelli

Active Directory client with powershell

Add AD users from csv to group using powershell A sample script for adding users (taken from a csv file) to an Active Directory group $GroupName = "Qliksense_SI_Techedge" $Users = "e:\scripts\users.csv" Import-module ActiveDirectory $dc = Get-ADDomainController -DomainName -Discover -NextClosestSite $server = $dc.HostName[0] get-content $Users | ForEach-Object { Get-ADUser -Server $server -LDAPFilter "(mail=$_)" } | Select-Object -ExpandProperty sAMAccountName | ForEach-Object { Add-ADGroupMember -Server $server -Identity $GroupName -Member $_ }

April 19, 2019 · 1 min · 69 words · Matteo Redaelli

Adding Active Directory authentication to RStudio Server Open Source edition

Have you installed the statistical R language and RStudio Server in a corporare environment and you would like to authenticate users using Active Directory instead of local unix users and passwords? It is easy, you just need to install libpam-krb5… ;-) Below a sample Dockerfile if you want to install RStudio Server in a Docker container… FROM rocker/rstudio RUN apt-get update ADD krb5.conf /etc RUN apt-get install -y krb5-config libpam-krb5 RUN apt-get install -y openjdk-8-jdk r-cran-rjava #setup R configs RUN echo “r <- getOption(‘repos’); r[‘CRAN’] <- ‘http://cran....

March 28, 2018 · 2 min · 265 words · Matteo Redaelli