@larsen161 said in Configuring Snipe-IT to use JumpCloud LDAP:
Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
I've also adjusted the following to use this value, but no change, still fails
Base Bind DN - uid=username,ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
Has anyone done this yet? Wondering what your settings look like if you did. Mine are as follows and not working.
LDAP Integration - Yes
Active Directory - No
LDAP Password Sync - Yes
Active Directory domain - jumpcloud.com
LDAP Server - ldaps://ldap.jumpcloud.com:636
Use TLS - No
LDAP SSL certificate validation - No
LDAP Bind Username - username
LDAP Bind Password - ****
Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
LDAP Filter -
Username Field - samaccountname
Last Name - sn
LDAP First Name - givenname
LDAP Authentication query - uid=samaccountname
LDAP Version - 3
LDAP Active Flag -
LDAP Employee Number -
LDAP Email - mail
@larsen161 said in domain controller in the cloud for small office?:
@dashrender I'm not trying to understate it, just using the HIPAA terms, it's either addressable or required. definitions of the terms
@scottalanmiller the answer on this link explains it pretty well i think
@dashrender I'm not trying to understate it, just using the HIPAA terms, it's either addressable or required. definitions of the terms
@dustinb3403 said in Student Loan Forgiveness Rant:
@scottalanmiller said in Student Loan Forgiveness Rant:
@dustinb3403 said in Student Loan Forgiveness Rant:
@penguinwrangler said in Student Loan Forgiveness Rant:
@dustinb3403 said in Student Loan Forgiveness Rant:
I as someone who's paid every penny of my student loans haven't received a government benefit from paying my bill.
Why should you get a benefit for working for a government agency receive a benefit that isn't / wasn't available to me?
@dustinb3403 It could be available to you. You are not barred from working for a non-profit or the government. How is it any different than a company saying if you work for 'x' amount of years we will pay off your student loans or a company saying we will pay for you to go back to school?
Because the tax payers are the people are paying off your bad choices.
I chose to bust my ass and get a good paying job so I could pay my debts, because I don't want to be in debt forever.
You / me / and anyone else with college loans agreed to the terms on the loan. You can't go and change them after you get dealt a shit hand at life.
What he's asking is, if you got a job today that agreed to go back and pay for your schooling that you already paid for, how would that be different? And they are free to do so.
But no one would. Absolutely no business would say "oh hey look you have 200K in paid-off student debt, let's give you that $200K if you work for us for 7 years".
That doesn't happen. You signed up for that debt, it's your job to pay it off by getting the job that pays you enough.
It does happen actually, companies pay for employee's MBAs as one example
@bigbear had similar but mine had an orange screen, a Compaq Portable 386. not my first though. first was a Tandy 1000 EX with a 2nd 5.25" floppy!
There's a follow up study to that other one I linked to from the same/similar group of people at CMU: Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
@mike-davis said in domain controller in the cloud for small office?:
@larsen161 said in domain controller in the cloud for small office?:
@mike-davis do you have an hhs.gov or gpo.gov link to where it mentions the requirement for passwords to be changed?
From what I understand §164.308(a)(5)(ii)(D) requires you to define the password policy. Since the "best practice" in many circles was to change your password every XX days in case someone observed your password, many places still have it in their policy to change passwords every 90 days.
It was only last year that mainstream media ran that article that explained that a longer pass phrase is better than a short complex password, but getting organizations to change their policies doesn't happen quickly.
Ah, ok I was worried I was missing something. So it's not a HIPAA security requirement but an internal company policy created based on an addressable but not required HIPAA component.
Having a policy that just that says, we will make users have a password and advise them to never share with anyone sounds so much simpler.
@mike-davis This is what we're meant to be doing before mainstream media makes it popular 
I don't have a sample policy but that should be easy to change. Take the requirement for complexity away, give users more characters to use (unicode), require slightly longer password lengths (10+ for example) and enforce 2FA through physical keys if possible (not sms or app based to remove social engineering aspect of obtaining a code), check passwords against dictionary words.
There's a lovely 2011 study from CMU Of Passwords and People: Measuring the Effect of Password-Composition Policies that goes on to say quite a lot supporting the NIST publication
Chromebooks for HIPAA is an ideal solution. Ticks all the boxes for encryption and security and then you have Citrix/VMWare/AWS, Chrome Apps/Extensions, Android Apps for pretty much any thing you think you can't do on one but can.
@dashrender said in domain controller in the cloud for small office?:
Remember, LANLess is the desire now.. so no local servers unless absolutely required - use things like ODfB or Nextcloud.
@scottalanmiller said in domain controller in the cloud for small office?:
They are on here, on SW, were at SpiceWorld with a booth, too. Seems like a cool product.
who from JumpCloud is on here?
For 8 computers use a cloud based LDAP like JumpCloud. It's free for <10 users but as many computers as you have. You install the agent which can then push a standard user profiles to the machines. Passwords of the user are managed in JumpCloud for the devices. It also has a RADIUS service for quick deployment to APs.
From what I have ever seen there is no mention of the requirement of invalidating passwords after any period of time. I have seen the following mention about passwords but this is all. Requiring users to change passwords is generally bad practice. Only change them when a security incident is suspected or known.
45 CFR Subtitle A §164.308 (D) Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.
@mike-davis do you have an hhs.gov or gpo.gov link to where it mentions the requirement for passwords to be changed?
How do you create a password change policy that gets enforced without a domain controller?
@EddieJennings if it's of any value, here are my two main CVs I now use. Current Summary and Current
I used to make a lot of CVs but have now realised the waste of time that was and keep it to these two ones now mostly.
@scottalanmiller said in Resume Critique:
Imagine if someone claimed to be saving the company $100K per year by ordering plastic Bic pens instead of gold plated ones. Everyone would laugh at them for making up such a silly alternative to show value. That's what is going on here. Its' a false comparison to make something trivial and standard appear like a big success.
No way I would laugh at someone being able to accomplish this. Unless the company was just going into administration and this was part of extreme cost cutting measures, the challenges this person must have faced, the endless number of meetings needed to try to convince people they no longer get gold pens and now get plastic bic.. hats off to you sir, that is quite an accomplishment
I had a big intention to use Android Pay regularly but have found myself using mostly just to touch in/out for travel lately. It just hasn't progressed much in terms of features other than contactless which every single other card I have has.
I'm now looking more at the cards that banks/sudo-banks are releasing, those that
Does anyone have a list of imports for these or other categories? If not, or if you do and want to merge into a single doc others can use there's Snipe-IT Imports I created.
when heading to Step 3, Create Admin User, the server defaults to an http connection. Is there anyway to configure snipe with https before getting to the setup page for the first user?
@aaronstuder does anything replace this step in v4 or it's just no longer needed?