Search Results

Search found 3423 results on 137 pages for 'mod authz ldap'.

Page 102/137 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

• Oracle Customer Snapshot - Regiion Basse-Normandie

  - by mark.wilcox

  You can read how Region Basse-Normandie in France uses OVD to aggregate identity across multiple sources including AD, LDAP and databases to simplify the ability to manage and deploy applications. -- Posted via email from Virtual Identity Dialogue

  Read the article

• How do I configure Ubuntu Server as Primary Domain Controller for Windows 7

  - by B. C.

  I have a Mac server running OS X Server 10.5 Server and as a PDC for our Windows XP systems. I'd like to use the OS X Server as a PDC for our Windows 7 boxes but the version of Samba in OS X Server is not compatible with Windows 7. It appears that my best bet is to use Ubuntu Server as my PDC. I want the Windows boxes to obtain authentication information from the Mac Server's LDAP. Any suggestions are appreciated.

  Read the article

• ??????(????·?????)

  - by ???02

  ??????(????·?????)??????????????????????????????????????????????????????????????????????????????????·??????????????????????????????????????Web?????·???????????????????????????????????????????????????????????????????·????????????????????????????????????????????????Web???????????Oracle Access Manager????????????????????????·??????????Oracle Enterprise Single-Sign On Suite????????????????????????????????????-??????????-?????????????Oracle Access Manager -- Web??????????·???????????????Oracle Access Manager??Web??????????????·????????????????????????????????????????????· ?????·????????????????????????????????????????????????????????????? ??????(1)??????:????·?????????????????????(2)???????????:??Web?????????????????????????????????????(3)????????:??????????????????(4)??????:????·???????????????????????Oracle Enterprise Single Sign-On Suite -- ???????????????·????????Oracle Enterprise Single Sign-On Suite??Web??????????????????????????????(?????????????????????????????)? ?????·????????????????????????·????????????????????????????????????????? ???????????????????????????? ??????(1)???????????????(2)??????????????????????????????????????????????????????????????????(3)??????????Windows???LDAP??????????????(4)Windows???????????????????????????????????(5)ID??????????????????????ID???·?????????????????????? ?????? Oracle Direct

  Read the article

• How to convert number(16,10) to date in oracle

  - by Elad

  Hi, I'm trying to read the borland starteam application oracle database and I noticed that they represent their date as a number(16,10) column I think it is not timestamp or epoc. for instance, I have the number: 37137.4347569444, how can I read it as date? I saw that the database has a stored procedure. CONVERT_DATE: CREATE OR REPLACE procedure STARBASE.convert_date ( number_of_days IN integer , nDate OUT number) is nDateOffset number; CurrentDate date; Month integer; Day integer; year number; success boolean := false; bLeapYear boolean:=false; nDaysInMonths number; nLeapDays integer; fDate number (16,10); rgMonthDays number(5,0); begin select sysdate - number_of_days into CurrentDate from dual; nDateOffset := 693959; select to_number(substr((TO_CHAR (CurrentDate, 'MM-DD-YYYY')) , 1, 2), '99') - 1 into month from dual; select to_number(substr((TO_CHAR (CurrentDate, 'MM-DD-YYYY')) , 4, 2), '99') - 1 into day from dual; select to_number(substr((TO_CHAR (CurrentDate, 'MM-DD-YYYY')) , 7, 4), '9999') into year from dual; if ( mod(year , 4) = 0 ) and ( ( mod(year , 400) = 0) or ( mod(year , 100) < 0 )) then bLeapYear :=true; end if; nLeapDays := 0; if ( bLeapYear = true) and ( Day = 28) and ( Month = 1 ) then nLeapDays := 1; end if; select substr(to_char(last_day(CurrentDate) , 'DD-MM-YYYY') , 1 , 2) into nDaysInMonths from dual; if Month = 0 then rgMonthDays := 0; elsif Month = 1 then rgMonthDays := 31; elsif Month = 2 then rgMonthDays := 59; elsif Month = 3 then rgMonthDays := 90; elsif Month = 4 then rgMonthDays := 120; elsif Month = 5 then rgMonthDays := 151; elsif Month = 6 then rgMonthDays := 181; elsif Month = 7 then rgMonthDays := 212; elsif Month = 8 then rgMonthDays := 243; elsif Month = 9 then rgMonthDays := 273; elsif Month = 10 then rgMonthDays := 304; elsif Month = 11 then rgMonthDays := 334; elsif Month = 12 then rgMonthDays := 365; end if; nDate := Year*365 + Year/4 - Year/100 + Year/400 + rgMonthDays + Day + 1; if( Month < 2 ) and ( bLeapYear = true) then nDate := nDate - 1; end if; nDate := nDate - nDateOffset; exception when others then raise; end convert_date; I don't know how to use it. how can i read it anyway? Please help. thank you

  Read the article

• XSLT: a variation on the pagination problem

  - by MarcoS

  I must transform some XML data into a paginated list of fields. Here is an example. Input XML: <?xml version="1.0" encoding="UTF-8"?> <data> <books> <book title="t0"/> <book title="t1"/> <book title="t2"/> <book title="t3"/> <book title="t4"/> </books> <library name="my library"/> </data> Desired output: <?xml version="1.0" encoding="UTF-8"?> <pages> <page number="1"> <field name="library_name" value="my library"/> <field name="book_1" value="t0"/> <field name="book_2" value="t1"/> </page> <page number="2"> <field name="book_1" value="t2"/> <field name="book_2" value="t3"/> </page> <page number="3"> <field name="book_1" value="t4"/> </page> </pages> In the above example I assume that I want at most 2 fields named book_n (with n ranging between 1 and 2) per page. Tags <page> must have an attribute number. Finally, the field named library_name must appear only the first <page>. Here is my current solution using XSLT: <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="2.0" exclude-result-prefixes="trx xs"> <xsl:output method="xml" indent="yes" omit-xml-declaration="no" /> <xsl:variable name="max" select="2"/> <xsl:template match="//books"> <xsl:for-each-group select="book" group-ending-with="*[position() mod $max = 0]"> <xsl:variable name="pageNum" select="position()"/> <page number="{$pageNum}"> <xsl:for-each select="current-group()"> <xsl:variable name="idx" select="if (position() mod $max = 0) then $max else position() mod $max"/> <field value="{@title}"> <xsl:attribute name="name">book_<xsl:value-of select="$idx"/> </xsl:attribute> </field> </xsl:for-each> <xsl:if test="$pageNum = 1"> <xsl:call-template name="templateFor_library"/> </xsl:if> </page> </xsl:for-each-group> </xsl:template> <xsl:template name="templateFor_library"> <xsl:for-each select="//library"> <field name="library_name" value="{@name}" /> </xsl:for-each> </xsl:template> </xsl:stylesheet> Is there a better/simpler way to perform this transformation?

  Read the article

• Php template caching design

  - by Thomas

  Hello to all, I want to include caching in my app design. Caching templates for starters. The design I have used so far is very modular. I have created an ORM implementation for all my tables and each table is represented by the corresponding class. All the requests are handled by one controller which routes them to the appropriate webmethod functions. I am using a template class for handling UI parts. What I have in mind for caching includes the implementation of a separate Cache class for handling caching with the flexibility to either store in files, apc or memcache. Right now I am testing with file caching. Some thoughts Should I include the logic of checking for cached versions in the Template class or in the webmethods which handle the incoming requests and which eventually call the Template class. In the first case, things are pretty simple as I will not have to change anything more than pass the template class an extra argument (whether to load from cache or not). In the second case however, I am thinking of checking for a cached version immediately in the webmethod and if found return it. This will save all the processing done until the logic reaches the template (first case senario). Both senarios however, rely on an accurate mechanism of invalidating caches, which brings as to Invalidating caches As I see it (and you can add your input freely) a template cached file, becomes invalidate if: a. the expiration set, is reached. b. the template file itself is updated (ie by the developer when adding a new line) c. the webmethod that handles the request changes (ie the developer adds/deletes something in the code) d. content coming from the db and ending in the template file is modified I am thinking of storing a json encoded array inside the cached file. The first value will be the expiration timestamp of the cache. The second value will be the modification time of the php file with the code handling the request (to cope with option c above) The third will be the content itself The validation process I am considering, according to the above senarios, is: a. If the expiration of the cached file (stored in the array) is reached, delete the cache file b. if the cached file's mod time is smaller than the template's skeleton file mod time, delete the cached file c. if the mod time of the php file is greated than the one stored in the cache, delete the cached file. d. This is tricky. In the ORM implementation I ahve added event handlers (which fire when adding, updating, deleting objects). I could delete the cache file every time an object thatprovides content to the template, is modified. The problem is how to keep track which cached files correpond to each schema object. Take this example, a user has his shortprofile page and a full profile page (2 templates) These templates can be cached. Now, every time the user modifies his profile, the event handler would need to know which templates or cached files correspond to the User, so that these files can be deleted. I could store them in the db but I am looking for a beter approach

  Read the article

• How do I renew an expired Ubuntu OpenLDAP SSL Certificate

  - by Doug Symes

  We went through the steps of revoking an SSL Certificate used by our OpenLDAP server and renewing it but we are unable to start slapd. Here are the commands we used: openssl verify hostname_domain_com_cert.pem We got back that the certificate was expired but "OK" We revoked the certificate we'd been using: openssl ca -revoke /etc/ssl/certs/hostname_domain_com_cert.pem Revoking worked fine. We created the new Cert Request by passing it the key file as input: openssl req -new -key hostname_domain_com_key.pem -out newreq.pem We generated a new certificate using the newly created request file "newreq.pem" openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem We looked at our cn=config.ldif file and found the locations for the key and cert and placed the newly dated certificate in the needed path. Still we are unable to start slapd with: service slapd start We get this message: Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output: slapd -h 'ldap:/// ldapi:/// ldaps:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ Here is what we found in /var/log/syslog Oct 23 20:18:25 ldap1 slapd[2710]: @(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:40:04) $#012#011buildd@allspice:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Oct 23 20:18:25 ldap1 slapd[2710]: main: TLS init def ctx failed: -1 Oct 23 20:18:25 ldap1 slapd[2710]: slapd stopped. Oct 23 20:18:25 ldap1 slapd[2710]: connections_destroy: nothing to destroy. We are not sure what else to try. Any ideas?

  Read the article

• pfsense 2.0.1 Firewall SMB Share not showing up under network

  - by atrueresistance

  I have a freenas NAS with a SMB share running at 192.168.2.2 of a 192.168.2.0/28 network. Gateway is 192.168.2.1. Originally this was running on a switch with my LAN, but now having upgraded to new hardware the Freenas has it's own port on the firewall. Before the switch the freenas would show up under Network on a windows 7 box and an OSX Lion box as freenas{wins} or CIFS shares on freenas{osx} so I know it doesn't have anything do to with the freenas. Here are my pfsense rules. ID Proto Source Port Destination Port Gateway Queue Schedule Description PASS TCP FREENAS net * LAN net 139 (NetBIOS-SSN) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 389 (LDAP) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 445 (MS DS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 137 (NetBIOS-NS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 138 (NetBIOS-DGM) * none cifs lan passthrough BLOCK * FREENAS net * LAN net * * none BLOCK * FREENAS net * OPTZONE net * * none BLOCK * FREENAS net * 192.168.2.1 * * none PASS * FREENAS net * * * * none BLOCK * * * * * * none I can connect if I use \\192.168.2.2 and enter the correct login details. I would just like this to show up on the network. Nothing in the log seems to be blocked when I filter by 192.168.2.2. What port am I missing for SMB to show up under the network and not have to connect by IP? ps. Do I really need the LDAP rule?

  Read the article

• Compile PHP 5.3.2 with intl extension on Snow Leopard 10.6.3

  - by fsb

  Does anyone have some tips on compiling PHP's intl extension on PHP? I'm getting compile errors each way I try it and I've been googling for ages and getting nowhere. Any help greatly appreciated. When make gets to the huge gcc command to compile libphp5.bundle, I get the following error: Undefined symbols: "___gxx_personality_v0", referenced from: icu_4_2::MessageFormatAdapter::getArgTypeList(icu_4_2::MessageFormat const&, int&)in msgformat_helpers.o _umsg_parse_helper in msgformat_helpers.o _umsg_format_arg_count in msgformat_helpers.o _umsg_format_helper in msgformat_helpers.o CIE in msgformat_helpers.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [libs/libphp5.bundle] Error 1 My compile commands are: MACOSX_DEPLOYMENT_TARGET=10.6 CFLAGS="-arch x86_64 -g -Os -pipe -no-cpp-precomp" CCFLAGS="-arch x86_64 -g -Os -pipe" CXXFLAGS="-arch x86_64 -g -Os -pipe" LDFLAGS="-arch x86_64 -bind_at_load" export CFLAGS CXXFLAGS LDFLAGS CCFLAGS MACOSX_DEPLOYMENT_TARGET ./configure --prefix=/usr \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --sysconfdir=/private/etc \ --with-apxs2=/usr/sbin/apxs \ --enable-cli \ --with-config-file-path=/etc \ --with-libxml-dir=/usr \ --with-openssl=/usr \ --with-zlib=/usr \ --with-bz2=/usr \ --with-curl=/usr \ --with-gd \ --with-jpeg-dir=/src/jpeg/jpeg-local \ --with-png-dir=/usr/X11R6 \ --with-freetype-dir=/usr/X11R6 \ --with-xpm-dir=/usr/X11R6 \ --with-ldap=/usr \ --with-ldap-sasl=/usr \ --enable-mbstring \ --enable-mbregex \ --with-mysql=mysqlnd \ --with-mysqli=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-mysql-sock=/var/mysql/mysql.sock \ --with-iodbc=/usr \ --enable-shmop \ --with-snmp=/usr \ --enable-soap \ --enable-sockets \ --enable-sysvmsg \ --enable-sysvsem \ --enable-sysvshm \ --with-xmlrpc \ --with-iconv-dir=/usr \ --with-xsl=/usr \ --with-pcre-regex=/src/pcre/pcre-local/usr/local \ --with-pcre-dir=/src/pcre/pcre-local/usr/local \ --with-icu-dir=/usr/local \ --enable-intl export EXTRA_CFLAGS="-lresolv" make

  Read the article

• directory services group query changing randomly

  - by yamspog

  I am receiving an unusual behaviour in my asp.net application. I have code that uses Directory Services to find the AD groups for a given, authenticated user. The code goes something like ... string username = "user"; string domain = "LDAP://DC=domain,DC=com"; DirectorySearcher search = new DirectorySearcher(domain); search.Filter = "(SAMAccountName=" + username + ")"; And then I query and get the list of groups for the given user. The problem is that the code was receiving the list of groups as a list of strings. With our latest release of the software, we are starting to receive the list of groups as a byte[]. The system will return string, suddenly return byte[] and then with a reboot it returns string again. Anyone have any ideas? code sample: DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + ldapSearchBase); DirectorySearcher userSearcher = new DirectorySearcher(dirEntry) { SearchScope = SearchScope.Subtree, CacheResults = false, Filter = ("(" + txtLdapSearchNameFilter.Text + "=" + userName + ")") }; userResult = userSearcher.FindOne(); ResultPropertyValueCollection valCol = userResult.Properties["memberOf"]; foreach (object val in valCol) { if (val is string) { distName = val.ToString(); } else { distName = enc.GetString((Byte[])val); } }

  Read the article

• Seizing naming master from child domain server

  - by meera

  when I am trying to seize the role from my child domain server the naming master I get the following error fsmo maintenance: seize naming master Attempting safe transfer of domain naming FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210380, problem 5002 (UN AVAILABLE), data 8438 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of domain naming FSMO failed, proceeding with seizure ... Server "win-fb20ixk90mu" knows about 5 roles Schema - CN=NTDS Settings,CN=WIN-3918XHC5STU,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=HCL,DC=com Naming Master - CN=NTDS Settings,CN=WIN-FB20IXK90MU,CN=Servers,CN=Default-First- Site-Name,CN=Sites,CN=Configuration,DC=HCL,DC=com PDC - CN=NTDS Settings,CN=WIN-FB20IXK90MU,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=HCL,DC=com RID - CN=NTDS Settings,CN=WIN-FB20IXK90MU,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=HCL,DC=com Infrastructure - CN=NTDS Settings,CN=WIN-FB20IXK90MU,CN=Servers,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=HCL,DC=com

  Read the article

• postfix smtp_fallback_relay for deferred messages to a single domain

  - by EdwardTeach

  I use Postfix to send messages to a mail server outside my organization which frequently rejects/defers my mail. My Postfix server sees that these messages are deferred and tries again, eventually getting through. Final delivery can take up to an hour, which makes my users unhappy. In comparison, mail from my Postfix server to other hosts works normally. I have now found out about a second, unofficial MX for this domain that does not reject/defer mail. This second MX does not appear when doing a DNS MX query for the domain. Therefore, for the problem domain I would like to use this second MX as a fallback. That is: whenever mail is deferred by the primary MX, try again on the unofficial second MX. I see that there is already a postfix configuration "smtp_fallback_relay". However the documentation seems to indicate that I can not restrict usage of the fallback to a single domain. The documentation also doesn't mention deferred message handling. So is there a way to configure a single-domain, deferred-retry fallback host in Postfix? For reference, I am including my postconf output (the host names and ip addresses are fake): alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/postfix/legacy_mailman, ldap:/etc/postfix/ldap-aliases.cf append_dot_mydomain = no biff = no config_directory = /etc/postfix default_destination_concurrency_limit = 2 inet_interfaces = all inet_protocols = all local_destination_concurrency_limit = 2 local_recipient_maps = $alias_maps mailbox_size_limit = 0 mydestination = myhost.my.network, localhost.my.network, localhost, my.network myhostname = myhost.my.network mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 10.10.10.0/24 myorigin = my.network readme_directory = no recipient_delimiter = + relay_domains = $mydestination relayhost = smtp_fallback_relay = the.problem.host smtp_header_checks = smtpd_banner = $myhostname ESMTP $mail_name virtual_alias_maps = hash:/etc/postfix/virtual

  Read the article

• Setting Up My Home Network

  - by Skizz

  I currently have five PCs at home, three running WinXP and two running Ubuntu. They are set up like this: ISP ----- Modem ---- Switch ---- Ubuntu1 -- B&W Printer | |--WinXP1 | |--WinXP2 Wireless |--Colour Printer | |---------Ubuntu2 |---------WinXP3 (laptop) The Ubuntu1 machine is set up as a PDC using Samba and runs fetchmail, procmail, dovecot to get my e-mail and allow me to access the e-mail via imap so I can read the e-mail on any PC. I'd like to set up the network like this: ISP ----- Modem ---- Ubuntu1 ---- Switch ------WinXP1 | | |--WinXP2 B&W Printer Wireless |--Colour Printer | |---------Ubuntu2 |---------WinXP3 (laptop) My questions are: How to configure Ubuntu1 to act as a firewall. How to configure Ubuntu1 to provide a consistant user authentication across the network, at the moment Samba provides roaming profiles for the XP machines but the Ubuntu2 machine has it's own user lists. I'd like to have a single authentication for both XP machines and linux machines so that users added to the server list will propagate to all PCs (i.e. new users can log on using any PC without modifying any of the client PCs). How to configure a linux client (Ubuntu2 above) to access files on the server (Ubuntu1), some of which are in user specific folders, effectively sharing /home/{user} per user (read and write access) and stuff like /home/media/photos with read access for everyone and limited write access. How to configure the XP machines (if it is different from a the Samba method). How to set up e-mail filtering. I'd like to have a whitelist/blacklist system for incoming e-mails for some of the e-mail accounts (mainly, my kids' accounts) with filtered e-mails being put into quaranteen until a sysadmin either adds the sender to a blacklist or whitelist. OK, that's a lot of stuff. For now, I don't want config files*, rather, what services / applications to use and how they interact. For example, LDAP could be used for authentication but what else would be useful to make the administration of the LDAP easier. Once I have a general idea for the overall configuration, I can ask other questions about the specifics. Skizz I have looked around for information, but most answers are usually in the form of abstract config files and lists of packages to install.

  Read the article

• opath syntax to force dynamic distribution group field as numerical comparison? (Exchange 2010)

  - by Matt

  I'm upgrading a (working) query based group (Exchange 2003) to a new and 'improved' dynamic distribution group (2010). For better or worse, our company decided to store everyone's employee ID in the pager field, so it's easy to manipulate via ADUC. That employee number has significance, as all employees are in a certain range, and all contractors are in a very different range. Basically, the new opath syntax appears to be using string compare on my pager field, even though it's a number. Let's say my employee ID is 3004, well, it's "less than" 4 from a string check POV. Set-DynamicDistributionGroup -Identity "my-funky-new-group" -RecipientFilter "(pager -lt 4) -and (pager -like '*') -and (RecipientType -eq 'UserMailbox')" Shows up in EMC with this: ((((((Pager -lt '4') -and (Pager -ne $null))) -and (RecipientType -eq 'UserMailbox'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox'))) This group should have max of 3 members right? Nope - I get a ton because of the string compare. I show up, and I'm in the 3000 range. Question: Anyone know a clever way to force this to be an integer check? The read-only LDAP filter on this group looks good, but of course it can't be edited. The LDAP representation (look ma, no quotes on the 4!) - Also interesting it sort of 'fills the' bed with the (pager=4) thing... (&(pager<=4)(!(pager=4))(pager=*)(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(!(name=SystemMailbox{*))(!(name=CAS_{*))!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608))) If there is no solution, I suppose my recourse is either finding an unused field that actually will be treated as an integer, or most likely building this list with powershell every morning with my own automation - lame. I know of a few ways to fix this outside of the opath filter (designate "full-time" in another field, etc.), but would rather exchange do the lifting since this is the environment at the moment. Any insight would be great - thanks! Matt

  Read the article

• How do I permanently delete /var/log/lastlog?

  - by GregB

  My /var/log/lastlog file is huge. I know it's really only a few kilobytes, but tar isn't smart enough to know that, so when I image a virtual machine, my restore fails because it thinks I'm trying to load more data than I have capacity on my disk. I want to delete /var/log/lastlog and stop any and all logging to the file. I'm aware of the security implications. This logging needs to stop to preserve my backup strategy. I've made a change to /etc/pam.d/login which I was told would disable logging to /var/log/lastlog, but it does not appear to work as /var/log/lastlog keeps growing. # Prints the last login info upon succesful login # (Replaces the `LASTLOG_ENAB' option from login.defs) #session optional pam_lastlog.so Any ideas? EDIT For anyone interested, I use Centrify Express to authenticate my users via LDAP. Centrify Express is "free", but one of the drawbacks is that I can't manage user UIDs via LDAP, so they are given a dynamic UID when they login to a server. Centrify picks some crazy high UID values (so they don't conflict with local users on the server, presumably). /var/log/lastlog is indexed by UID, and grows to accommodate the largest UID on the system. This means that when a Centrify user logs in, they get a UID in the upper-end of the UID range, which causes lastlog to allocate an obscene amount of space, according to the file system. ~$ ll /var/log/lastlog -rw-rw-r-- 1 root root 291487675780 Apr 10 16:37 /var/log/lastlog ~$ du -h /var/log/lastlog 20K /var/log/lastlog More Into --- Sparse Files

  Read the article

• Restoring a fresh home folder in a shared user domain environment

  - by Cocoabean

  I am using a tool called pGINA that adds another credential provider to my Windows 7 clients so we can authenticate campus users via campus LDAP. We have the default Windows credential providers setup to authenticate off of our Active Directory, but we have students in our classes that don't have entries in our AD, and we need to know who they are to allow them internet access. Once these LDAP users login using pGINA, they are all redirected to the same AD account, a 'kiosk' account with GPOs in place to prevent anything malicious. My concern is that my users will accidentally save personal login information or files in that shared profile, and another user may login later and have access to a previous user's Gmail account, as the AppData folder on each computer is shared by anyone logging into the kiosk user. I've looked into MS's 'roll-your-own' SteadyState but it didn't seem to have what I wanted. I tried to write a PS script to copy a pre-saved clean version of the profile from a network share, but I just kept running into issues with CredSSP delegation and accessing the share from the UNC path. Others have recommended something like DeepFreeze but I'd like to do it without 3rd party tools if possible.

  Read the article

• OpenLDAP 2.4.23 - Debian 6.0 - Import schema - Insufficient access (50)

  - by Yosifov

  Good day to everybody. I'm trying to add a new schema inside OpenLDAP. But getting an error: ldap_add: Insufficient access (50) root@ldap:/# ldapadd -c -x -D cn=admin,dc=domain,dc=com -W -f /tmp/test.d/cn\=config/cn\=schema/cn\=\{5\}microsoft.ldif root@ldap:/# cat /tmp/test.d/cn\=config/cn\=schema/cn\=\{5\}microsoft.ldif dn: cn=microsoft,cn=schema,cn=config objectClass: olcSchemaConfig cn: microsoft olcAttributeTypes: {0}( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' DESC 'Fss ssully qualified name of distinguished Java class or interface' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.2.840.113556.1.4.146 NAME 'objectSid' DESC 'Fssssull y qualified name of distinguished Java class or interfaced' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.40 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' DESC 'Fds sssully qualified name of distinguished Java class or interfaced' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcObjectClasses: {0}( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' DESC 'Cso ntainer for a Java object' SUP top AUXILIARY MUST ( objectSid $ sAMAccountNam e ) MAY ( primaryGroupToken $ memberOf $ primaryGroupID ) ) I also tried to add the schema by phpldapadmin, but gain the same error. I'm using the admin user which is specified by default from the begging of the slpad installation. How may I add permissions to this user ? Best wishes

  Read the article

• Restrict access to one SVN repository (overwrite default)

  - by teel

  I'm trying to set up our SVN server so that by default the group developers will have access to all repositories, but I want to override that setting on some certain repositories where I want to allow access only to single defined users (or separate groups) The current configuration is SVN + WebDAV on Apache2. All my repositories are located at /var/lib/svn/ In dav_svn.authz I currently have [/] @developers = rw @users = r Now I want to add one repository (let's call it secret_repo) that would only allow access to one user who is also a member of the developers group.¨ I tried to do [secret_repo:/] * = secret_user = rw Where secret_user is the user I'd like to give access to the repository, but it doesn't seem to work. Currently the server is using Apache's LDAP module to authenticate users from our active directory domain and I'd like to keep it that way if possible. Also I seem to be able to browse all my repos freely with any web browser, which I'd like to block. Second problem is that I have webSVN on the server, which is using Apache's LDAP authentication. Everyone who is a member of our domain can access it, so I'd like to hide this secret_repo from websvn listing. It's configured not with parentPath("/var/lib/svn");. Do I really need to remove that and add every repository separately, except the ones I want to hide?

  Read the article

• Migrate active directory to Google apps for business

  - by dewnix

  I've got a problem migrating active directory to Gapps. I'm stuck on google apps directory sync (GADS) where it just gives the error "java.lang.NullPointerException" after testing the connection during the LDAP configuration step. I checked the logs and I've pretty much determined that port 389 (standard LDAP port) isn't listening on the exchange server. I've tried telneting to it (from another machine in the same network) with no luck but I can telnet to other ports, that i know are open, successfully. I know they're open because I used portqry and netstat to see them. I'm suspecting that the active directory isn't even installed/running on this machine because there's no active directory services at all running on it. There's no active directory services that say they're NOT running either though. Is it possible AD is installed somewhere else? does it have to be on a machine inside the same network? I found the domain controller and it's host name and when I telnet with port 389, it works however GADS still gives me the same exact error when I substitute that server in. Actually, no matter what ridiculous settings i put into GADS, i still get that same NullPointer error. If i could get some different error than that NullPointer, i'd call that a successful day.

  Read the article

• Using Openfire for distributed XMPP-based video-chat

  - by Yitzhak

  I have been tasked with setting up a distributed video-chat system built on XMPP. Currently my setup looks like this: Openfire (XMPP server) + JingleNodes plugin for video chat OpenLDAP (LDAP server) for storing user information and allowing directory queries Kerberos server for authentication and passwords In testing with one set of machines (i.e. only three), everything works as expected: I can log in to Openfire and it looks up the user information in the OpenLDAP database, which in turn authenticates my user with Kerberos. Now, I want to have several clusters, so that there is a cluster on each continent. A typical cluster will probably contain 2-5 servers. Users logging in will be directed to the closest cluster based on geographical location. Something that concerns me particularly is the dynamic maintenance of contact lists. If a user is using a machine in Asia, for example, how would contact lists be updated around the world to reflect the current server he is using? How would that work with LDAP? Specific questions: How do I direct users based on geographical location? What is the best architecture for a cluster? -- would all traffic need to come into a load-balancer on each one, for example? How do I manage the update of contact lists across all these servers? In general, how do I go about setting this up? What are the pitfalls in doing this? I am inexperienced in this area, so any advice and suggestions would be appreciated.

  Read the article

• Results Delphi users who wish to use HID USB in windows

  - by Lex Dean

  Results Delphi users who wish to use HID USB in windows HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB Contain a list if keys containing vender ID and Producer ID numbers that co inside with the USB web sites data base. These numbers and the GUID held within the key gives important information to execute the HID.dll that is otherwise imposable to execute. The Control Panel/System/Hardware/Device manager/USB Serial Bus Controllers/Mass Storage Devices/details simply lists the registry data. The access to the programmer has been documented through the API32.dll with a number of procedures that accesses the registry. But that is not the problem yet it looks like the problem!!!!!!!!! The key is info about the registry and how to use it. These keys are viewed in RegEdit.exe it’s self. Some parts of the registry like the USB have been given a windows security system type of protection with a Aurthz.dll to give the USB read and right protection. Even the api32.dll. Now only Microsoft give out these details and we all know Microsoft hate Delphi. Now C users have enjoyed this access for over 10 years now. Now some will make out that you should never give out such information because some idiot may make a stupid virus (true), but the argument is also do Delphi users need to be denied USB access for another ten years!!!!!!!!!!!!. What I do not have is the skill in is assembly code. I’m seeking for some one that can trace how regedit.exe gets its access through Aurthz.dll to access the USB data. So I’m asking all who reads this:- to partition any friend they have that has this skill to get the Aurthz.dll info needed. I find communicating with USB.org they reply when they have a positive email reply but do not bother should their email be a slightly negative policy. For all simple reasoning, all that USB had to do was to have a secure key as they have done, and to update the same data into a unsecured key every time the data is changed for USB developer to access. And not bother developers access to Aurthz.dll. Authz.dll with these functions for USB:- AuthzFreeResourceManager AuthzFreeContext AuthzAccessCheck(Flags: DWORD; AuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE; pRequest: PAUTHZ_ACCESS_REQUEST; AuditInfo: AUTHZ_AUDIT_INFO_HANDLE; pSecurityDescriptor: PSECURITY_DESCRIPTOR; OptionalSecurityDescriptorArray: PSECURITY_DESCRIPTOR; OptionalSecurityDescriptorCount: DWORD; //OPTIONAL, Var pReply: AUTHZ_ACCESS_REPLY; pAuthzHandle: PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE): BOOl; AuthzInitializeContextFromSid(Flags: DWORD; UserSid: PSID; AuthzResourceManager: AUTHZ_RESOURCE_MANAGER_HANDLE; pExpirationTime: int64; Identifier: LUID; DynamicGroupArgs: PVOID; pAuthzClientContext: PAUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; AuthzInitializeResourceManager(flags: DWORD; pfnAccessCheck: PFN_AUTHZ_DYNAMIC_ACCESS_CHECK; pfnComputeDynamicGroups: PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS; pfnFreeDynamicGroups: PFN_AUTHZ_FREE_DYNAMIC_GROUPS; ResourceManagerName: PWideChar; pAuthzResourceManager: PAUTHZ_RESOURCE_MANAGER_HANDLE): BOOL; further in Authz.h on kolers.com J Lex Dean.

  Read the article

• Raytracing (LoS) on 3D hex-like tile maps

  - by herenvardo

  Greetings, I'm working on a game project that uses a 3D variant of hexagonal tile maps. Tiles are actually cubes, not hexes, but are laid out just like hexes (because a square can be turned to a cube to extrapolate from 2D to 3D, but there is no 3D version of a hex). Rather than a verbose description, here goes an example of a 4x4x4 map: (I have highlighted an arbitrary tile (green) and its adjacent tiles (yellow) to help describe how the whole thing is supposed to work; but the adjacency functions are not the issue, that's already solved.) I have a struct type to represent tiles, and maps are represented as a 3D array of tiles (wrapped in a Map class to add some utility methods, but that's not very relevant). Each tile is supposed to represent a perfectly cubic space, and they are all exactly the same size. Also, the offset between adjacent "rows" is exactly half the size of a tile. That's enough context; my question is: Given the coordinates of two points A and B, how can I generate a list of the tiles (or, rather, their coordinates) that a straight line between A and B would cross? That would later be used for a variety of purposes, such as determining Line-of-sight, charge path legality, and so on. BTW, this may be useful: my maps use the (0,0,0) as a reference position. The 'jagging' of the map can be defined as offsetting each tile ((y+z) mod 2) * tileSize/2.0 to the right from the position it'd have on a "sane" cartesian system. For the non-jagged rows, that yields 0; for rows where (y+z) mod 2 is 1, it yields 0.5 tiles. I'm working on C#4 targeting the .Net Framework 4.0; but I don't really need specific code, just the algorithm to solve the weird geometric/mathematical problem. I have been trying for several days to solve this at no avail; and trying to draw the whole thing on paper to "visualize" it didn't help either :( . Thanks in advance for any answer

  Read the article

• Check for valid IMEI

  - by Tim

  Hi, does somebody knows how to check for a valid IMEI? I have found a function to check on this page: http://www.dotnetfunda.com/articles/article597-imeivalidator-in-vbnet-.aspx But it returns false for valid IMEI's (f.e. 352972024585360). I can validate them online on this page: http://www.numberingplans.com/?page=analysis&sub=imeinr What is the correct way(in VB.Net) to check if a given IMEI is valid? Regards, Tim PS: This function from above page must be incorrect in some way: Public Shared Function isImeiValid(ByVal IMEI As String) As Boolean Dim cnt As Integer = 0 Dim nw As String = String.Empty Try For Each c As Char In IMEI cnt += 1 If cnt Mod 2 <> 0 Then nw += c Else Dim d As Integer = Integer.Parse(c) * 2 ' Every Second Digit has to be Doubled nw += d.ToString() ' Genegrated a new number with doubled digits End If Next Dim tot As Integer = 0 For Each ch As Char In nw.Remove(nw.Length - 1, 1) tot += Integer.Parse(ch) ' Adding all digits together Next Dim chDigit As Integer = 10 - (tot Mod 10) ' Finding the Check Digit my Finding the Remainder of the sum and subtracting it from 10 If chDigit = Integer.Parse(IMEI(IMEI.Length - 1)) Then ' Checking the Check Digit with the last digit of the Given IMEI code Return True Else Return False End If Catch ex As Exception Return False End Try End Function

  Read the article

• VisualSVN Server won't work with AD, will with local accounts

  - by frustrato

  Decided recently to switch VisualSVN from local users to AD users, so we could easily add other employees. I added myself, gave Read/Write privileges across the whole repo, and then tried to log in. Whether I'm using tortoisesvn or the web client, I get a 403 Forbidden error: You don't have permission to access /svn/main/ on this server. I Googled a bit, but only found mention of phantom groups in the authz file. I don't have any of those. Any ideas? It works just fine with local accounts. EDIT: Don't know why I didn't try this earlier, but adding the domain before the username makes it work, ie MAIN/Bob. This normally only works when there are conflicting usernames...one local, one in AD, but for whatever reason it works here too. Kinda silly, but I can live with it.

  Read the article

• Django: Using 2 different AdminSite instances with different models registered

  - by omat

  Apart from the usual admin, I want to create a limited admin for non-staff users. This admin site will have different registered ModelAdmins. I created a folder /useradmin/ in my project directory and similar to contrib/admin/_init_.py I added an autodiscover() which will register models defined in useradmin.py modules instead of admin.py: # useradmin/__init__.py def autodiscover(): # Same as admin.autodiscover() but registers useradmin.py modules ... for app in settings.INSTALLED_APPS: mod = import_module(app) try: before_import_registry = copy.copy(site._registry) import_module('%s.useradmin' % app) except: site._registry = before_import_registry if module_has_submodule(mod, 'useradmin'): raise I also cretated sites.py under useradmin/ to override AdminSite similar to contrib/admin/sites: # useradmin/sites.py class UserAdminSite(AdminSite): def has_permission(self, request): # Don't care if the user is staff return request.user.is_active def login(self, request): # Do the login stuff but don't care if the user is staff if request.user.is_authenticated(): ... else: ... site = UserAdminSite(name='useradmin') In the project's URLs: # urls.py from django.contrib import admin import useradmin admin.autodiscover() useradmin.autodiscover() urlpatterns = patterns('', (r'^admin/', include(admin.site.urls)), (r'^useradmin/', include(useradmin.site.urls)), ) And I try to register different models in admin.py and useradmin.py modules under app directories: # products/useradmin.py import useradmin class ProductAdmin(useradmin.ModelAdmin): pass useradmin.site.register(Product, ProductAdmin) But when registering models in useradmin.py like useradmin.site.register(Product, ProductAdmin), I get 'module' object has no attribute 'ModelAdmin' exception. Though when I try this via shell; import useradmin from useradmin import ModelAdmin does not raise any exception. Any ideas what might be wrong? Edit: I tried going the @Luke way and arranged the code as follows as minimal as possible: (file paths are relative to the project root) # admin.py from django.contrib.admin import autodiscover from django.contrib.admin.sites import AdminSite user_site = AdminSite(name='useradmin') # urls.py (does not even have url patterns; just calls autodiscover()) import admin admin.autodiscover() # products/admin.py import admin from products.models import Product admin.user_site.register(Product) As a result I get an AttributeError: 'module' object has no attribute 'user_site' when admin.user_site.register(Product) in products/admin.py is called. Any ideas? Solution: I don't know if there are better ways but, renaming the admin.py in the project root to useradmin.py and updating the imports accordingly resolved the last case, which was a naming and import conflict.

  Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >