I had connected to oracledb with nodejs with hostname and servicename and it was working fine with below syntax:
connection =await oracledb.getConnection({
user: 'username',
password: 'pwd',
connectString: 'hostname:port/servicename'
});
Our database details recently changed to LDAP connectivity and I have hence updated the connectString as below:
connection =await oracledb.getConnection({
user: 'username',
password: 'pwd',
connectString:'jdbc:oracle:thin:#ldap://<LDAP Server>:port/<Database Service Name>,cn=OracleContext,dc=<domain>,dc=com'
});
However I get error: ORA -12154:TNS could not resolve the connect identifier specified
I checked with our DBA and they do not use ORA files and neither did I have those before in my network/admin folder. Do I still need to add the same.
I am new to Oracle DB and I did not find resolutions which helped me on this and hence posting the issue.
Appreciate any help.
jdbc is Java - not node.js (which is JavaScript)
Try
{
user: 'username',
password: 'pwd',
connectString:'<Database Service Name>'
}
You must configure the LDAP settings in ldap.ora file, for example like this:
DEFAULT_ADMIN_CONTEXT = "dc=<domain>,dc=com"
DIRECTORY_SERVERS = (<LDAP Server>:port)
DIRECTORY_SERVER_TYPE = OID
and set it also in sqlnet.ora:
NAMES.DEFAULT_DOMAIN = <domain>.com
NAMES.DIRECTORY_PATH = (LDAP, TNSNAMES)
SQLNET.INBOUND_CONNECT_TIMEOUT = 10
Related
I have a database which is shared amongst multiple tenants/users. However, I want to add row-level-security protection so that any given tenant can only see those rows that belong to them.
As such, for each tenant I have a user in PostgreSQL, such as "client_1" and "client_2". In each table, there is a column "tenant_id", the default value of which is "session_user".
Then, I have row level security as such:
CREATE POLICY policy_warehouse_user ON warehouse FOR ALL
TO PUBLIC USING (tenant_id = current_user);
ALTER TABLE warehouse ENABLE ROW LEVEL SECURITY;
This works great, and if I set the user "SET ROLE client_1" I can only access those rows in which the tenant_id = "client_1".
However, I am struggling with how to best set this up in the Node JS back-end. Imortantly, for each tenant, such as "client_1", there can be multiple users connected. So several users on our system, all who work at company X, will connect to the database as "client_1".
What I am currently doing is this:
let config = {
user: 'test_client2',
host: process.env.PGHOST,
database: process.env.PGDATABASE,
max: 10, //default value
password: 'test_client2',
port: process.env.PGPORT,
}
const pool = new Pool(config);
const client = await pool.connect()
await client.query('sql...')
client.release();
I feel like this might be a bad solution, especially since I am creating a new Pool each time a query is executed. So the question is, how can I best ensure that each user executes queries in the database using the ROLE that corresponds to their tenant?
Maybe you can have a setupDatabase method that returns the pool for your app this will be called once at app bootstrap:
function setUpDatabase {
let config = {
user: 'test_client2',
host: process.env.PGHOST,
database: process.env.PGDATABASE,
max: 10, //default value
password: 'test_client2',
port: process.env.PGPORT,
}
const pool = new Pool(config);
return pool
}
and then when you identify the tenant before executing the query you set the role
await client.query('set role $tenant', currentTenant);
// my assumption is that next line will use the role you set before
await client.query('select * from X where Y');
This is just a suggestion, I haven't tested it.
I have a Google Cloud VM named cloudvm and a Node.js script to contact that virtual machine. I want to take a shell and execute
echo "this is fun" > a.txt
command using a ssh client in Node.js. I have tried node-ssh with userid,password and private key and following error occurs;
Message: All configured authentication methods failed
I have used
const {NodeSSH} = require('node-ssh')
const ssh = new NodeSSH()
ssh.connect({
host: 'localhost',
username: 'steel',
privateKey: '/home/steel/.ssh/id_rsa'
})
My final goal is to pass a value to a file inside the Google Cloud VM using Node.js environment. Any ideas?
After creating
OS user and password
in google compute engine you can connect it via node-ssh library in node JS .
const { NodeSSH } = require("node-ssh");
const ssh = new NodeSSH();
var session = await ssh.connect({
host: "xxx.xxx.x.xx",
username: "xxxxxx",
password: "xxxx",
});
var cmde = 'your/command to execute';
var ot = await session.execCommand(cmde);
There are two Active Directory (LDAP Servers). Following are the users which belongs to their servers respectively.
Server user password
1- abc.pk user_abc#abc.pk ********
2- xyz.com.pk user_xyz#xyz.com.pk ********
I am authenticating the user in NodeJS with library (ActiveDirectory). Below is my code where I am authenticating user_xyz#xyz.com.pk from its respective server.
const ActiveDirectory = require('activedirectory');
var ad = new ActiveDirectory({
"url": "ldap://xyz.com.pk",
"baseDN": "DC=xyz,DC=com,DC=pk"
});
ad.authenticate(username, password, function(err, auth) {
console.log('auth function called with username: '+username);
if (err) {
console.log('auth function called and with following err '+JSON.stringify(err));
return;
}
if (auth) {
console.log('Authenticated from Active directory!');
});
it works fine. Same works fine if I authenticate user_abc#abc.pk from server 1 by updating the url and baseDN.
var ad = new ActiveDirectory({
"url": "ldap://abc.pk",
"baseDN": "DC=abc,DC=pk"
});
Server abc.pk has Trust Relations with Server xyz.com.pk. Means I have to authenticate the user user_abc#abc.pk from the Server xyz.com.pk . using the following configurations.
var ad = new ActiveDirectory({
"url": "ldap://xyz.com.pk",
"baseDN": "DC=xyz,DC=com,DC=pk"
});
but now facing the error of invalid credentials. This is the exact error I am facing {"lde_message":"80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839\u0000","lde_dn":null}
If I authenticate the user_abc#abc.pk from xyz.com.pk Server with Active Directory Explorer it works fine.
Active Directory Explorer image
It would be a great help if someone could give me a solution.
Thanks
I solved the problem by checking the following 2 things:
1.-The configuration must be separated in the baseDN part:
var config = {
url: 'ldap://aaa.bbb.ccc.ddd',
baseDN: 'DC=aaa,DC=bbb,DC=ccc,DC=ddd'
};
2.-It seems the problem is not from code https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=40296#:~:text=%22AcceptSecurityContext%20error%2C%20data%2052e%22,instead%20of%20just%20the%20username.
According to the post, sometimes the domain name server may be required for authentication. It would be necessary to verify if it works with "username" or "username#aaa.bbb.ccc.ddd" or "aaa.bbb.ccc.ddd\username" depending on how the user is registered.
I hope my experience can be of use. Cheers
I have a nodejs application that successfully authenticates using LDAP locally using passport-ldapauth.
However, in another environment it is not working. I have written a .net app that can successfully query LDAP. The different is that it uses NTLM.
I am not familiar with NTLM and how this affects my nodejs project.
LDAP_URL = ldap://<ldap_server_ip address>
LDAP_BIND_DN = ldapadmin
LDAP_BIND_CREDENTIALS = password123
LDAP_SEARCH_BASE = DC=mydomain,DC=com
LDAP_SEARCH_FILTER = (sAMAccountName={{username}})
Am I talking apples and oranges here? I get invalid credentials even though they work in my .net app.
nodesjs code:
super(
(
request: Request,
callback
) => {
const options = {
server: {
url: getEnvValue('LDAP_URL'),
bindDN: getEnvValue('LDAP_BIND_DN'),
bindCredentials: getEnvValue('LDAP_BIND_CREDENTIALS'),
searchBase: getEnvValue('LDAP_SEARCH_BASE'),
searchFilter: getEnvValue('LDAP_SEARCH_FILTER'),
},
passReqToCallback: true,
};
callback(null, options);
}
);
Any thoughts would greatly appreciated.
Gina
After many many hours, the answer was simpler than expected:
LDAP_BIND_DN = mydomain\ldapadmin
Gina
Using the node pg package, pg, I'm trying to connect to a PostgreSQL DB created in AWS-RDS. I believe the DB was NOT given a name when creating an instance, note that an instance is different than a DB. When trying to connect using Client or Pool from pg my syntax is
const client = new Client({
host : <<RDS ENDPOINT>>,
user : <<RDS DB USERNAME>>,
password : <<RDS DB PASSWORD>>,
port : <<RDS DB PORT>>
});
client.connect()
.then(data => {
console.log('connected');
})
.catch(err => {
console.log(err);
})
But every time I am returned with error: database <<linux user name>> does not exist.
Now creating a different PostgreSQL instance and supplying a name for the DB I am able to add a database prop to my Client objects config and everything works and I am returned with a console log of connected.
So my question is, how am I supposed to connect to the DB on AWS-RDS without supplying a database prop in my Client config?
Edits
edit 1
Supplying a database prop with an empty string will be overwritten with my linux username
With the node-postgres package you need to supply a database prop in your Client/Pool config object. If your PostgreSQL DB does not have a name, say if you created it using AWS-RDS then this DB NAME will default to postgres. Simply supplying the database prop with postgres should solve any problems you have with an un-named DB.
const client = new Client({
host : <<RDS ENDPOINT>>,
user : <<RDS DB USERNAME>>,
password : <<RDS DB PASSWORD>>,
port : <<RDS DB PORT>>,
database : 'postgres' // supplying a database name with `postgres`
});