Question: Is it possible to set up MongoDB or a SQL-DB as an external identity store/repository for OpenAM >13.5, and if so, can you point out a good resource, or even better, a "How to ..." guide?
Problem: In the OpenAM 13.5 Installation Guide there is a section on "Preparing an External Identity Repository". However, the section points you to the section "Data Store Requirements" which in turn list the supported data stores as:
Embedded OpenDJ
External OpenDJ
Oracle Unified Directory
Oracle Directory Server Enterprise Edition
Microsoft Active Directory
IBM Tivoli Directory Server
So if I understand correctly, using a database like MongoDB is not supported anymore.
Top Search Results: The best resource that I could find so far is this Youtube tutorial MySQL Database As Identity Repository for ForgeRock OpenAM by Rajesh Rajasekharan. But considering the list of supported data stores above and the fact that the video is from 2015, I would expect that it is not valid anymore for the current OpenAM versions.
The best StackOverflow question that I could find is eight years old.
If you are using Open Identity Platform Community OpenAM version, there is no MongoDB support yet. But you can try Database Repository (Early Access) datastore type with MongoDB JDBC driver.
Related
Windows admin wrapping my head around PAM/SSSD has been quite tough!
I have managed to to get pam_sss working with
login for specific appliction rstudio server (/etc/pam.d/rstudio)
containerized ubuntu
ldap/krb5 auth
against Microsoft Active Directory
without domain join realmd. (so all hand-configured. ouch)
the problem is with reuse of the ticket. i cant work out how it works..
I would like to configure pam_mount and ODBC to use the same ticket.
so
pam_sss creates a ticket with the follwoing naming which cannot be used by the "mount" command:
/tmp/krb5cc_uid_xxxx
however if i manually use kinit, it creates a ticket with the naming below, which can be easily reuse from the "mount" command:
/tmp/krb5cc_uid
the naming that pam_sss uses seems to be standard but again i just cant work out how that should be "discoverable" by any other services looking for a ticket, when it has the wrong naming..
some links..:
this seems to be where the pam_sss naming is defined - by a build flag --with-default-ccname-template
https://github.com/SSSD/sssd/blob/master/src/conf_macros.m4#L337
i want to integrate it into pam_mount to mount a cifs drive, which (i think) is SMB so will be able to use the cifs.upcall library.
And the way cifs.upcall resolves tickets is somehwere here in get_cachename_from_process_env
https://github.com/aaptel/cifs-utils/blob/master/cifs.upcall.c#L260
i also want to get MSSQL ODBC driver to use the ticket as well...
Xcode 9 introduces a new version of the Xcode Server (no longer bundled with with Server.app). The backing couchdb instance for Xcode Server can be accessed through
http://localhost:10355/_utils
In previous versions you were able to examine the documents and even modify if needed. (For instance, I previously did this to artificially inflate an integration number when setting up a bot on a different server. I use the $(XCS_INTEGRATION_NUMBER) variable for my build numbers.)
Now, the database requires credentials. I know you can find the password in
/Library/Developer/XcodeServer/SharedSecrets/XCSDCouchDBSecret
But does anyone know the username?
After more investigation I found my answer...
/Library/Developer/XcodeServer/Configuration/xcscouch.ini
This file contains the basic CouchDB configuration for the Xcode Server. Under the [admins] section is a username=password list.
The default username for the Xcode Server CouchDB instance is xcscouchadmin
all,
I just try the latest cognos analytics 11 Trial version. It seems to connect to cloud directly, but when I try to connect to MySql database in remote linux (I go to Manage->Data servers->New, then fill in the server, port...) from windows 8.1. It always raise the followed errors:
XQE-JDB-0004 A problem occurred finding the driver class "com.mysql.jdbc.Driver".
It seems JDBC driver has not been installed or configured in the server
My Questions are:
For latest cognos analytics 11 trial version in cloud, where to configure the server or install JDBC driver? Or we need to install cognos express sever firstly?
For cognos analytics 11, besides cloud version, could we download the usual desktop version? when I click the access trial, it seems to directly connect to the cloud version. I could not find where to download the desktop version of cognos analytics
For another cognos software--cognos insight, trial version could only import CSV file, and does NOT support MySql database. Is it right?
Thanks in advance
JDBC drivers need to be added to the <Cognos root>/drivers folder (as of Cognos 11), so there would be no way for you to add the necessary driver to their cloud installation. I am assuming they have only chosen to support a subset of data sources for the cloud trial, but I am not aware of a list of which ones they are allowing/supporting.
I have not heard of an on-premises Cognos Analytics trial, at least one that you are able to get publicly. It is certainly possible that IBM's sales folks would make that happen if it was a potential sales driver for them, but that is conjecture only.
Cognos Insight is capable of several things, one of which is being able to analyze CSV data brought in locally. More specifically, Cognos Insight supports getting data from the following:
CSV files
Microsoft Excel spreadsheets
ODBC data sources
IBM Cognos BI Reports
IBM Cognos TM1 Cube Views
IBM Cognos TM1 Dimension Subsets
Reference: http://www.ibm.com/developerworks/data/library/cognos/infrastructure/cognos_specific/page627.html
I had the same problem but with an Oracle database hence I'm not sure if it helps for MySql, but you could try to perform the following steps:
Install the database Drivers (32 & 64 Bit) on the Cognos Server.
Open the folder cognos_install/v5dataserver/ and rename the file databaseDriverLocations.properties.sample to databaseDriverLocations.properties.
Open this file using a text editor and update the databaseJNIPATH to point to your database drivers.
In my case I configured the following value:
databaseJNIPath=C:\Oracle\product\12.1.0\client_64\bin;C:\Oracle\product\12.1.0\client_32\bin;
See here as well: http://www-01.ibm.com/support/docview.wss?uid=swg21574953
When using WAS we use the j2c credentials store to hold external system's users & passwords.
WAS provides some proprietary apis to get this information.
The benefit of using this instead of a local file that:
- the WAS admin can add/modify credentials having no knowledge of the application structure.
- it is managed in a central way for the whole cluster
- WAS stores it among other own credentials in a folder that is supposed to be secure (at SO level)
- Devs do not need to know about production passwords
Now we are coding for JBOSS and we wonder if there is any similar API in JBoss to get users/passwords by code.
Thank you!!
We have found the solution. JBoss has a "vault" that is explained in the security guide.
Basically it lets you cypher everything you want in the server configuration file (i.e. standadlone.xml). Then it decyphers it when starting the server.
We simple added a JNDI String to the server xml config file with the cyphered credentials. When we get that JNDI value from our code, credentials are already in plain text.
Quite an elegant solution from JBoss dev team.
The web applications I am installing can run against either a SQL Server or Oracle database. I need to be able to determine which database the user has (client is suggesting a property file) and then dynamically tell InstallShield whichSQL script to run, I know I can figure out how to determine which database is installed. My question is how do I configure the Feature/Component and tell InstallShield which script to use.
I don't have any Oracle servers available to me nor do I have the Oracle Instant Client. If I did, it seems I'd use a Basic MSI project included in InstallShield to build an Oracle Instant Client MSI and add it to my installer as a setup prerequisite. Kind of odd but I guess they couldn't get IBM / Oracle to play nicely.
So let's say I had all of that. I'd create a Sql connection that supported both MS and ORA SQL and build it. I'd run the installer with logging on and use the SQLLogin dialog to browse to a SQL instance and an Oracle Instance.
Then I'd look at that logfile and see if there's any evidence of the built-in InstallShield SQL custom actions setting a property that indicates the type and/or version of database server that it connected to. Hopefully something will surface because I didn't find anything in the documentation.
Once I figured that out, I'd use the property in a conditional expression so that the SQL scripts only ran on the type of database server they were intended.