So, I have two servers:
1) Dev
2) Prod
I am using pymssql.connect() for connecting to a SQL database to which Dev\user has access. The problem is that Prod\user does not have access, but it is the same password to login to both servers, thus if I could do something like, on the "prod" server
user = input("user:")
pymssql.connect("select 2",server_db,user=user,password=None)
then I can hard type user=dev\user and still use the password from authentication, which does not work. If I set user=None, then automatically user and pw is from the authentication, but is it not possible to extract either of those?
I cannot type the password since it is a job which runs each night.
Related
I am using the ldap3 library (https://ldap3.readthedocs.io/en/latest/) with Python and authenticating against LDAP
conn = Connection(server, user='CN=person,OU=Service Accounts,DC=mydc,DC=mydomain,DC=co,DC=uk', password='Password123', auto_bind=True)
The below works but only because I know the person value. How would I set this up so someone can authenticate using their mail or user ID e.g. forename.surname
At the moment they would need to use the dn form which of course no user will ever be likely to know
Thanks
Using this page https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server
I got the following to work
from ldap3 import Server, Connection, ALL, NTLM
server = Server('ldap://my_ldap_server', get_info='ALL')
conn = Connection(server, user="mydomain\\user", password='Password123', authentication=NTLM)
conn.bind()
authenticated = conn.bound
print(authenticated)
conn.unbind()
At the moment they would need to use the dn form which of course no user will ever be likely to know
With standard LDAP directories, you're supposed to bind with the application's own account first, then perform a search for some attribute as the username (e.g. search Active Directory for sAMAccountName=theuser), and finally use the found entry's DN as the actual bind DN for password verification.
For Active Directory in particular, you can directly specify either the UPN theuser#ad.example.com or the legacy SAM account name EXAMPLE\theuser in place of the bind DN.
I have an ldap server who I connect to using `con = ldap.initialize(server)` and I bind to the server using `con.simple_bind_s(bind_dn, bind_password)`.
Now I want a authenticate a user using this ldap connection using his username and password which is different from the bind username and password. I searched a lot but didn't get any concrete answer.
Any help is appreciated.Thanks.
con.simple_bind_s(POST[bind_dn], POST[bind_password])
Can be used for both admin and users, something like this:
con.simple_bind_s(uid=1000,ou=people,o=org, password)
con.simple_bind_s(cn=Directory Manager, password)
In general, you can find ready to use modules in python that allow the management for users session using the same priciple, ceck this: https://turbogears.readthedocs.io/en/latest/cookbook/ldap-auth.html
I am working on an email client powered by Django and IMAPClient library.
On the client-side, users have interface for associating their mailboxes (like test1#gmail.com, test2#gmail.com, etc...) with their accounts in my app . And the goal is to store credentials info so that the user has to go through the procedure of inserting password and host name (like imap.gmail.com) only once unless he deliverately logs out from an account.
The question is, where and how should the login/password/hostname data used for establishing IMAP connection be stored? Is it my server's DB? Or some sort of .ini files? I remember, reading a post about python/imap where they stored it in .ini files, but I can't find it now.
Currently, I store credentials and IMAP hostname info in my local db. Thus, in each view that needs to fetch info from IMAP server, I query my server db to get the data and After this, I initialize IMAPClient variable for establishing connection with the IMAP server. And I have a terrible feeling that this is junk code:
def show_mail(request, login):
user_email_info = UserEmailInfo.objects.get(user_id = request.user.id,
login = login)
HOST = user_email_info.host #'imap.gmail.com'
USERNAME = user_email_info.login
PASSWORD = user_email_info.psw
server = IMAPClient(HOST, use_uid=True, ssl=True)
server.login(USERNAME, PASSWORD)
P.S. I am not sure whether this question is related more to general python/Django rather than IMAP. So if I am missing something, please give a hint on this, I'll edit the question in a timely manner.
I have a flask app, and I use flask-login, following tutorials (nothing fancy here)
works fine on hosting
works fine on my local MAC computer (at home)
does not work on my local Linux computer (at office, which may be behind a firewall, but I am able to do port-forwarding and connect to the database)
does not work on Chrome or Firefox
does not work if I serve on localhost instead of 127.0.0.1.
from flask.ext.login import LoginManager
login_manager = LoginManager()
login_manager.session_protection = "strong"
login_manager.init_app(app)
login_manager.login_view = 'login'
def login():
error = None
form = LoginForm()
if request.method == 'POST':
user = db.users.find_one({"username": form.username.data})
pass_hash = generate_password_hash(form.password.data)
if user and User.validate_login( pass_hash, user['password'] ):
user_obj = User(user['username'])
session['logged_in'] = True
login_user(user_obj,remember=True)
flash("Logged in successfully", category='success')
print 'logged in: OK'
#return redirect(request.args.get("next") or url_for("index"))
return redirect( url_for("index"))
error = 'Invalid credentials'
return render_template('login.html', title='login', **locals())
well, when I enter my password wrong, it gives the "Invalid credentials" error. When I enter my password correctly, I do not see "Logged in successfully" flash, but on console I see "logged in OK". So there is no problem with DB connection. However I am not logged in. For example,
g.user.is_authenticated()
gives false in the template (this occurs only on my local Linux, on the other hand hosting and MAC successfully logs in the user).
Where and how are you saving the session in the browser?
Consider a session stored in a browser cookie for the production domain example.com, which you have also configured locally (by adding an override to your /etc/hosts file).
If your office server is configured to use a different subdomain, for example office.example.com, and REMEMBER_COOKIE_DOMAIN is set to example.com, the office server will not be able to read the cookie. The fix is to use a cross-domain cookie: REMEMBER_COOKIE_DOMAIN=.example.com (note the preceding dot).
Ref: https://flask-login.readthedocs.org/en/latest/#cookie-settings
With sessions come session management...
Are you using a client-based session management?
possible issues with the cookies e.g. cookie size, too much data in cookie
possible issues with the server secret key e.g. generating a new secret key each time
Are you using server-based session management (e.g. flask-kvsession)?
possible issues trying to access the same backend as prod e.g. firewall preventing access to a redis server
It is possible that you are trying to store more session data when hitting your dev server (e.g. longer server urls, debug data, etc...), which can be a pain to deal with when session management is done on the client.
Prior to the 1.7.6 dev server update, I was able to use /_ah/remote_api to upload test data to my dev server having to go through the authentication process by not entering a username and password (hitting return twice). Since the update, this now continuously asks for a username and password, regardless of what I put in - often says error incorrect username or password. I am currently targeting localhost:8080,
def auth_func():
return (raw_input('Username:'), getpass.getpass('Password:'))
remote_api_stub.ConfigureRemoteApi(None, '/_ah/remote_api', auth_func,
'localhost:8080')
though there are two new servers including the API server and the admin server. Has anyone else encountered this? if so, how did you fix it?
Thanks!
Jon
Apparently thanks to Tim - If you use the new dev_appserver then you need to sepecify a email like looking username and a single character as a password on the local development server in order for it to accept and move past the login stage.