Freeradius custom LDAP attribute [Google LDAP] - attributes

I have freeradius configured to work with Google SecureLdap.
I configured also cache auth and works well.
Hovewer I have problem to retrieve a custom attribute (created in LDAP Google Directory)
Could you help me to retrieve this parameter?
As in figure, I can retrieve the parameter with ldapsearch but I don't see this in freeradius response.
I should retrieve and use this parameter to map the UID with a particular Policy group in thirdy parts system.
Regards
Screenshot

Related

wso2 identity server write correct user attributes to openldap

I wonder if anyone can help. I am working on a project that requires the use of wso2is and openldap together on linux. I am quite new to both technologies, so there may be some things I dont quite understand properly.
I have set openldap up as a secondary user store in wso2is. In openldap, using ldif files I have managed to create groups, and some dummy users. These entries can be read and displayed successfully by wso2is. The good user entries follow the format below
In wso2is I can create new users for the secondary data store and it lookks like I can assign them to the different roles. The problem is that when I create a new user in wso2, it seems to be lacking certain attributes such as password, and mail. When I view users created in wso2 (using ldap admin) they are different to users created manually using ldif. I dont know how to add the extra attributes such as email to new users created using wso2 (The extra attributes are necessary for ldap to log into another program).
The image below for user "bob" does not have the correct attributes.
The other things I dont understand is that in wso2is if I set 'cn' as the username attribute and try to view the extra attribute fields for users I created in wso2, I get an 'error reading metadata screen'. However if I set 'uid' as the username attribute and try to view extra attributes, I am allowed to see them (most are blank), but if I try to populate those fields such as surname or mail, I then get an error message saying they are not supported by the underlying ldap.
Maybe Im missing something fundamental but I dont know what it is, apparently it almost does what I want.
When you configure an external LDAP, you need to map its attributes to the WSO2 local Claims. Because with in WSO2 Identity Server all user attributes are considered as claims. Hence please try mapping secondary userstore attributes to the each local claim in the user profile. For example http://wso2.org/claims/emailaddress claim can be mapped your secondary user-store attribute as shown in the image.
Moreover, Hope you have added User Search Base, User Search Filter and User List filter properly in the secondary userstore configurations.

Kentico 9 REST service 403 error

I have a custom page type (kff.SeasonCTA), that I'm trying to access. The goal is the present the data from the custom pages on a static HTML page using jQuery. I've confirmed the REST service is working as i can get the county json object as per the documentation.
I've set authentication to Basic, and the service enabled as Both. I generated a hash with this URL: http://dev.knowledgefirstfinancial.ca/rest/kff.SeasonalCTA?format=json
I get a 403. I read more, and i think it's because i'm doing an ALL. So how can i specify only published pages.
Or is it possible to get all the child data from a cms.folder if i specify the folder by it's GUID?
I'd recommend using basic authentication: create user account and make sure it has all necessary permissions (use impersonation to verify access) and pass that user in authorization header.
It is possible to request all the child by node alias path:
/content/currentsite/<culture>/childrenof/<alias path>
/content/currentsite/en-us/childrenof/news

ExactTarget Axis Fault - login failed

I tried the following link to connect the Enterprise API Service of ExactTarget. I didn't succeed. I used the following site to implement basic connection to ExactTarget API.
Connecting to ExactTarget API using Axis 2
I get the Following error Log
org.apache.axis2.AxisFault: Login failed
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at com.exacttarget.wsdl.partnerapi.PartnerAPIStub.update(PartnerAPIStub.java:3263)
at com.et.phservices.ETPHServices.updateSubscriberToActive(ETPHServices.java:387)
at com.et.client.ETClient.main(ETClient.java:19)
You'll need to make sure your API user has the proper permissions in the platform. There's an API user flag in the user settings and also some roles/permissions that need to be set depending on the type of SFMC account you have.
Here are the instructions from the ET/SFMC documentation.
Sidenote: You'll get a lot more visibility on your ET/SFMC questions over at salesforce.stackexchange.com, specifically with the marketing-cloud tag

http cookie not getting set on browser openam

I am trying to generate a http cookie for succesfull user login in openam.
The cookie is expected to be populated with a ldap attribute name 'commerce' which is a boolean attribute.
In order to achieve this I have done settings under --
access control --top level realm --agent -- configured policy agent --Profile Attributes Processing
Over here I have created a map with key as commerce and value of commerce, now ideally after a succesfull login it should generate a cookie with name --HTTP_COMMERCE with value of attribute, but this is not working as expected.
Can some one help me out in resolving what I may be missing over here.
When using Profile Attributes Processing it is probably important to know that the attributes are retrieved from the configured data stores, hence you should probably make sure that the data store has correctly configured in OpenAM.
Most likely you are just missing the "commerce" attribute from the "LDAP User Attributes" setting.

openam rest api json/users/?_fields=ismemberof attribute does not show updated result

Using openam 12.0.0.0 Found One issue with openam with retrieving groups information of current login using api
"/json/users/username/?_fields=ismemberof"
scenario:
I had tried with this rest api by adding User attribute” ismemberof” from openam console.
after than I had retrieve groups information for current login user using restapi "/json/users/username/?_fields=ismemberof"
which return me this:
curl --header"iPlanetDirectoryPro:AQIC5wM2LY4SfczExeheltxgjSN7wrCR5XhfEGF5kj6t6C4.*AAJTSQACMDEAAlNLABQtMzQ0NzM3MDc3MzE1MjMwNjEwOQ..*" http://openam.server:8080/openam/json/users/indrani?_fields=ismemberof
output:
{"ismemberof":["cn=grp1,ou=groups,o=openam","cn=grp2,ou=groups,o=openam"]}
After some time I had remove my user from grp1 and save from openam console
ie, now current user only have one group ie grp2
Again using curl command for getting list of groups for current user:
curl --header"iPlanetDirectoryPro:AQIC5wM2LY4SfczExeheltxgjSN7wrCR5XhfEGF5kj6t6C4.*AAJTSQACMDEAAlNLABQtMzQ0NzM3MDc3MzE1MjMwNjEwOQ..*" http://openam.server:8080/openam/json/users/indrani?_fields=ismemberof
output:
{"ismemberof":["cn=grp1,ou=groups,o=openam","cn=grp2,ou=groups,o=openam"]}
the issue is it gving same response with two groups,
even Current user only have one group. ie it give old response
This issue is solve if I restart the openam server I will get expected result.
{"ismemberof":["cn=grp2,ou=groups,o=openam"]}
It should not take to restart openam server , to get original response.
When I connect to my LDAP data store using active directory studio, i can see values updated against the user for ismemberof which is an virtual attribute but when I hit curl response is old cached one only.
depending on the settings and data store used OpenAM caches attributes of user identities. The cache is kept in synch with the real LDAP server by either using persistent search - or notification change control (AD).
If your LDAP server does not support persistent search control or you did not allow notification change control the cache can not be dirtied hence OpenAM will return the outdated value for the identity attribute 'isMemberOf'

Resources