Search Results

Search found 5144 results on 206 pages for 'mod auth ldap'.

Page 15/206 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

• What does sub error code 568 mean for Ldap Error 49 with Active Directory

  - by Dean Povey

  I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response: javax.naming.AuthenticationException: [LDAP: error code 49 - 8 0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568, v1772 ] I know that 49 means this is an authentication failure, and that the relevant sub code is 568, but I am only aware of the following meanings for that data: 525 - user not found 52e - invalid credentials 530 - not permitted to logon at this time 532 - password expired 533 - account disabled 701 - account expired 773 - user must reset password So far I am unable to find an authorative source of these error codes from Microsoft (this list is pieced together from forum posts) and I can't find anything for that 568 error. Does anyone know what it means?

  Read the article

• ldap vbscript : msExchOmaAdminWirelessEnable is randomly missing on different accounts

  - by phill

  In my script: Function getDescript (strname, uname) Set MyUser = GetObject ("LDAP://cn=" & uname & ",ou=" & strname & ",DC=tms-1,DC=net") getDescript = myUser.Get("msExchOmaAdminWirelessEnable") End Function uname = "Bob Gardner" strname = "bgConsultants" WScript.Echo "wireless enable: " & getDescript(strname, uname) I have noticed some users in the same OU sometimes do and sometimes don't have the msExchOmaAdminWirelessEnable attribute when I check it in sysinternals' ACtive Directory Explorer. All users are in the same OU and the exchange 2003 server has sp2 installed. Anyone might know why this is? Update: I figured out that if I disable and re-enable the Outlook Mobile Access setting for each user, the msExchOmaAdminWirelessEnable attribute shows up again for those users missing that attribute...weird..

  Read the article

• Access Git Repository using Eclipse and Netbeans Plugins with LDAP Users

  - by ukrania

  Hello everyone! I've configure a git server. I need to use ssh because I've defined permissions using users of my domain, using LDAP. Only users with permissions could read a project. So, the links to access my repositories are like that: ssh://[email protected]@hostname/var/git/repo.git When I clone, commit or push a project using linux git commands or using tortoisegit on windows, there is no problem, everything works as expected. However, I've tried to clone a project using plugins from Eclipse (EGit) and Netbeans (NBGit), with no success. Seems that they can't recognize the host. I've accessed using a user from the server (not from the domain) and it cloned the project perfectly. Seems that the plugins assume that the host is everything after the first @. Do you know how I can solve this problem? There are any other Git plugins for those IDEs? Thanks for your answers. Best Regards, ukrania

  Read the article

• How to improve my LDAP schema?

  - by asmaier

  Hello, I have a OpenLDAP Database and it holds some project objects that look like dn: cn=Proj1,ou=Project,ou=ua,dc=org cn: Proj1 objectClass: top objectClass: posixGroup member: 001ag member: 002ag System: ABEL System: PCx Budget: ABEL:1000000:0.3 Budget: PCx:300000:0.3 One can see that the Budget attribute is a ":"-separated string, where the first part holds the name of the system the budget is for, the second part holds some budget (which may change every month) and the last entry is a conversion factor for the budget of that system. Seeing this, I thought this is bad database design, since attribute values should always be atomic. But how can I improve that in LDAP, so that I can do a direct ldapsearch or a direct ldapmodify of the budget of System "ABEL" instead of writing a script, that will have to parse and split the ":"-separated string?

  Read the article

• Binary search of unaccesible data field in ldap from python

  - by EricR

  I'm interested in reproducing a particular python script. I have a friend who was accessing an ldap database, without authentication. There was a particular field of interest, we'll call it nin (an integer) for reference, and this field wasn't accessible without proper authentication. However, my friend managed to access this field through some sort of binary search (rather than just looping through integers) on the data; he would check the first digit, check if it was greater or less than the starting value, he would augment that until it returned a true value indicating existence, adding digits and continuing checking until he found the exact value of the integer nin. Any ideas on how he went about this? I've access to a similarly set up database.

  Read the article

• How to use LDAP for authentication in Tomcat with Custom Authorization

  - by djc4

  Hello, I'm using JNDIRealm with Tomcat for authentication, which at the moment works fine. However, we do not store any roles in the LDAP, so all authenticated users are not returning any roles. This sends user's to an HTTP 401 failed authorization page. I'd like to assign an "Admin" role to any and all user's who authenticate successfully. Here is my fragment from my web.xml file. SecurityConstraint Resource Resource *.jsp GET POST Admin FORM login.jsp loginError.jsp Admin Should I be using a JAASRealm with custom LoginModule? After the realm calls the authenticate() method and returns success, should I override another method to explicitly set the RolePrincipal to "Admin" so that authorization succeeds? Please help! Thanks, Andy

  Read the article

• OpenVPN: ERROR: could not read Auth username from stdin

  - by user56231

  I managed to setup openvpn but now I want to integrate a user/pass authentication method so, even though I haven't added the auth-nocache in the server config, whenever I try to connect it returns with the following message on the client side: ERROR: could not read Auth username from stdin My server.conf file contains basic stuff, everything works up untill I try to implement this for of authentication. mode server dev tun proto tcp port 1194 keepalive 10 120 plugin /usr/lib/openvpn/openvpn-auth-pam.so login client-cert-not-required username-as-common-name auth-user-pass-verify /etc/openvpn/auth.pl via-env ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun #persist-local-ip status openvpn-status.log verb 3 client-to-client push "redirect-gateway def1" push "dhcp-option DNS 10.8.0.1" log-append /var/log/openvpn comp-lzo I searched all over the net for a solution and all answers seems to be related to the auth-nocache param which I haven't set. The directive auth-user-pass-verify /etc/openvpn/auth.pl via-env points to a script which is executed to perform the authentication. A false authentication should result in a exit 1 while a true one should result with exit 0. For testing, that script auth.pl returns exit 0 no matter what the input is but it seems that the file is not executed before the error raises. auth.pl file contents: #!/usr/bin/perl my $user = $ENV{username}; my $passwd = $ENV{password}; printf("$user : $passwd\n"); exit 0; Any ideas?

  Read the article

• ldap login form works, but need to add active-directory group access

  - by Brad

  I created a form that asks you to log in, then verifies the user/pass against the ldap server/active-directory, if successful, it creates a session, which will be checked on every page. Now I want to check the session, which is the username of the person who is logged in, and do a search for them using ldap_search, so I can check what group they belong to and pass that group thru a function to verify that they can view that page. Each page will accessible to a certain group or groups of users, which those groups are defined within Active Directory. I am unsure on how I can do that using ldap_search, or maybe that is just one piece of the puzzle I am trying to solve. Any help is appreciated - thank you! In the example code below, it is seeing if the user belongs to the student active-directory group (I do not know if this code works, but it should give you an idea of what I want to accomplish). $filter = "CN=StudentCN=Users,dc=domain,dc=control"; $result = ldap_search($ldapconn,$filter,$valid_session_username); if($result == TRUE) { print $valid_session_username.' does have access to this page'; } else { print $valid_session_username.' does NOT have access to this page'; }

  Read the article

• How to Configure OpenLDAP on Ubuntu 10.04 Server

  - by user3215

  I am following the Ubuntu server guide to configure OpenLDAP on an Ubuntu 10.04 server, but can not get it to work. When I try to use sudo ldapadd -x -D cn=admin,dc=don,dc=com -W -f frontend.ldif I'm getting the following error: Enter LDAP Password: <entered 'secret' as password> adding new entry "dc=don,dc=com" ldap_add: Naming violation (64) additional info: value of single-valued naming attribute 'dc' conflicts with value present in entry Again when I try to do the same, I'm getting the following error: root@avy-desktop:/home/avy# sudo ldapadd -x -D cn=admin,dc=don,dc=com -W -f frontend.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) Here is the backend.ldif file: # Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb # Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=don,dc=com olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=don,dc=com olcRootPW: secret olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=don,dc=com" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=don,dc=com" write by * read frontend.ldif file: # Create top-level object in domain dn: dc=don,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Example Organization dc: Example description: LDAP Example # Admin user. dn: cn=admin,dc=don,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: secret dn: ou=people,dc=don,dc=com objectClass: organizationalUnit ou: people dn: ou=groups,dc=don,dc=com objectClass: organizationalUnit ou: groups dn: uid=john,ou=people,dc=don,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: john sn: Doe givenName: John cn: John Doe displayName: John Doe uidNumber: 1000 gidNumber: 10000 userPassword: password gecos: John Doe loginShell: /bin/bash homeDirectory: /home/john shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: [email protected] postalCode: 31000 l: Toulouse o: Example mobile: +33 (0)6 xx xx xx xx homePhone: +33 (0)5 xx xx xx xx title: System Administrator postalAddress: initials: JD dn: cn=example,ou=groups,dc=don,dc=com objectClass: posixGroup cn: example gidNumber: 10000 Can anyone help me?

  Read the article

• How to determine the Kerberos realm from an LDAP directory?

  - by tstm

  I have two Kerberos realms I can authenticate against. One of them I can control, and the other one is external from my point of view. I also have an internal user database in LDAP. Let's say the realms are INTERNAL.COM and EXTERNAL.COM. In ldap I have user entries like this: 1054 uid=testuser,ou=People,dc=tml,dc=hut,dc=fi shadowFlag: 0 shadowMin: -1 loginShell: /bin/bash shadowInactive: -1 displayName: User Test objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uidNumber: 1059 shadowWarning: 14 uid: testuser shadowMax: 99999 gidNumber: 1024 gecos: User Test sn: Test homeDirectory: /home/testuser mail: [email protected] givenName: User shadowLastChange: 15504 shadowExpire: 15522 cn: User.Test userPassword: {SASL}[email protected] What I would like to do, somehow, is to specify per-user basis to which authentication server / realm the user is authenticated against. Configuring kerberos to handle multiple realms is easy. But how to I configure other instances, like PAM, to handle the fact that some users are from INTERNAL.COM and some from EXTERNAL.COM? There needs to be an LDAP lookup of some kind where the realm and the authentication name is fetched from, and then the actual authentication itself. Is there a standardized way to add this information to LDAP, or look it up? Are there some other workarounds for a multi-realm user base? I might be ok with a single realm solution, too, as long as I can specify the user name - realm -combination for the user separately.

  Read the article

• Can My Personal GMail Query A Remote LDAP Server?

  - by Maarx

  I have a personal GMail account, from which I frequently send e-mail to a great many various users of a specific business. The corporation has been kind enough to provide me with the credentials to access their LDAP server, with which I would like my GMail web client to be able to auto-complete partial addresses or names for which that LDAP server has an entry. Is there any way I can get a personal GMail account (or it's corresponding entire Google account) account to incorporate an LDAP server into it's Contacts? If I cannot get it to query dynamically and on-demand, is there an idiot-proof way (assuming the client permits, which they may not) to query the LDAP server for it's entire database, save it, and bulk import it to GMail? Perhaps, even, something I could set to repeat periodically (weekly, perhaps), without human interaction? If I did the latter, I assume it would be trivial to import all of these contacts under a single category that could be easily manipulated from within the GMail web-based client. I have been a staunch user and supporter of the GMail web-based client since it's instantiation, but this one is kind of a deal-breaker for me. If it's impossible, what do you suggest I do?

  Read the article

• mod rewrite to remove facebook query string

  - by user905752

  I can't get my query string to work..please help... I have the following url: http://betatest.bracknell-forest.gov.uk/help?fb_action_ids=372043216205703&fb_action_types=og.likes&fb_source=aggregation&fb_aggregation_id=288381481237582 (sorry but the page will be unavailable as it is a test internal domain link) I want the following url: http://betatest.bracknell-forest.gov.uk/help I get a browser message saying 'The system cannot find the file specified.' I know it is because I already have a mod rewrite to remove the .htm from the page name to return clean urls but I don't know what I need to do to accept a clean url and return the page. Here is the mod rewrite code I have: RewriteRule ^/([\w]+)$ /$1.htm [I,L] #Any bare URL will get rewritten to a URL with .htm appended RedirectRule ^/(.+)\.(htm)$ http://betatest.bracknell-forest.gov.uk/$1 [R=301] RewriteCond %{QUERY_STRING} ^fb_action_ids=(.)$ #if the query string contains fb_action_ids RewriteCond %{QUERY_STRING} !="" #if there is a query string RewriteRule ^(.*) $1? [R=301,L] I think it is because I am using R=301 twice but do not know what I need to use as an alternative. If I append .htm from help?fb_action_ids.... to help.htm?fb_action_ids.... this returns the required page fine but I need to return the page name for the non appended url. Many thanks for any help in advance.

  Read the article

• Kohana Auth Module without ORM

  - by Asif

  Hi, I am using Kohana 3.0.3. I have been searching Auth module without ORM support,for couple of days. But didn't get any useful information. Could you please suggest and/or tutorial something here?

  Read the article

• Cakephp Auth Flash Messages losing style

  - by Michael

  My Auth flash messages were working earlier -- a bright green background with text in it, such as "You have successfully logged out". However, I have made quite a few changes to the site since then, and this green background has disappeared. What are the possible causes of this? (I've run my CSS through a validator -- so that doesn't seem to be the issue). Any other ideas? Thanks!

  Read the article

• How do I get Bugzilla to authenticate with Active Directory LDAP?

  - by user65712

  After reading this guide and trying a ton of permutations based on that, is there an easy way to get Bugzilla working with an AD server? I keep getting the error: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 I created an AD "bugzilla" user account with "Account Operators" permission as directed. I'm not sure if the error is saying that my login is incorrect or the system login to access LDAP is incorrect. Maybe I just missed an arcane option somewhere in the settings. You'd think all I'd need to do is specify the server name. As you might have been able to tell, I don't have a lot of LDAP experience. Also, will the Sysinternals LDAP tool help here?

  Read the article

• Ldap access lists users even if user has no rights...

  - by Patkos Csaba

  I am trying to set up a more complex Active Directory structure for some testing purposes. What I did so far: set up 2 windows (one 2008 and one 2003) to control the same domain set up an Organizational Unit (ou): Developers set up 2 child OUs: "one" and "two" each OU has it's admin: adminOne and adminTwo I denied all access to OU "two" by removing on the Security tab all the groups I don't want to access it. now, when I log in as adminOne and I try to click on OU "two" it says I don't have permissions to see the users and properties of "two" - this is perfect, it's what I want Here comes my problem: I do a LDAP query with the adminOne user on the "Developers" What I expect to happen: I expect to retrieve the users from Developer - One I expect to NOT be able to retrieve the users from Developers - Two What actually happens: ldap shows all the users, both from Developers - One and Developers - Two, even if the user should not have permissions to Developers - Two And now my question: is there any specific settings on Windows 2003 or 2008 Active Directory servers which allow or deny access over LDAP? I could not find any.

  Read the article

• Apache mod php and script invocation

  - by Abhi

  Say I am running a PHP script, foo.php, inside apache configured with mod php, then, say I invoke the script from my browser(or any other means), does apache spawn off a new process in which the script gets executed? How does it work? Can someone pls point me to some good article on this?

  Read the article

• mod rewritten directory shorten

  - by Joseph

  I can only find mod rewrite examples/tutorials for query's, so can someone help me with this. I would like this http://website.tld/Folder1/Folder2/Folder3/Folder4/Folder5/File.exten to be transformed into http://website.tld/Folder4/File.exten Folder4 and Folder5 are multiple directories, while Folder 1-3 stay the same. Also File.exten also should be changeable in the rewrite. thanks.

  Read the article

• Mod Rewriting Image Location Not Working Very Well

  - by Belgin Fish

  Hey, I'm trying to mod rewrite the image locations on my site, I'm just using this : rewriteRule ^thumbs/(.*)$ http://site2.com/images/$1 [L] so that I can redirect all image requests going from http://site1.com/thumbs/something to http://site2.com/thumbs/something But only some of the images are loading, and not all of them. Thanks!

  Read the article

• Simple Mod-Rewrite rule - single rule - file exists

  - by Andy Gee

  I have a very simple mod rewrite rule Options FollowSymLinks RewriteEngine On RewriteRule ^hosted/essws/([^/]*)/$ /hosted/essws/?key=$1 [L] I would like this rewrite to activate even if the file or directory exists. For example: The URL: http://localhost/hosted/essws/candy-sweets-buffet/ Will load: http://localhost/hosted/essws/index.php?key=candy-sweets-buffet Even though the directory /hosted/essws/candy-sweets-buffet/ exists. Any help would be much appreciated.

  Read the article

• Mod rewrite urls with

  - by Andrew

  Hey Guys, I'm at my wits end here , I normally like to work things out on my own but this has me well and truly beaten here.. I'm trying to mod rewrite my urls that contain pluses... /search.php?q=can+be+any+length to /can-be-any-length.html Any help would be really appreciated becaus rewriting the + php is not an option

  Read the article

• htaccess rewrite and auth conflict

  - by Michael

  I have 2 directories each with a .htaccess file: html/.htaccess - There is a rewrite in this file to send almost everything to url.php RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$ RewriteRule (.*)$ /url.php [L] and html/exported/.htaccess AuthType Basic AuthName "exported" AuthUserFile "/home/siteuser/.htpasswd" require valid-user If I remove html/exported/.htaccess the rewriting works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine. However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

  Read the article

• htaccess rewrite and auth conflict

  - by Michael

  I have 2 directories each with a .htaccess file: html/.htaccess - There is a rewrite in this file to send almost everything to url.php RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$ RewriteRule (.*)$ /url.php [L] and html/exported/.htaccess AuthType Basic AuthName "exported" AuthUserFile "/home/siteuser/.htpasswd" require valid-user If I remove html/exported/.htaccess the rewriting works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine. However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

  Read the article

• Kohana 3: Auth module

  - by Thomas

  Hi, i'm trying to learn the Kohana's Auth module but login method always return false. Controller: <?php defined('SYSPATH') OR die('No Direct Script Access'); class Controller_Auth extends Controller { public function action_index() { if($_POST) { $this->login(); } $this->template = View::factory('login'); echo $this->template; } private function login() { $user = ORM::factory('user'); $data = array('username' => 'wilson', 'password' => '123'); if(!$user->login($data)) { echo 'FAILED!'; } } private function logout() { } } ?> Model: <?php defined('SYSPATH') or die('No direct script access.'); class Model_User extends Model_Auth_User { } ?>

  Read the article

• Trying and expand the contrib.auth.user model and add a "relatipnships" manage

  - by dotty

  I have the following model setup. from django.db import models from django.contrib.auth.models import User class SomeManager(models.Manager): def friends(self): # return friends bla bla bla class Relationship(models.Model): """(Relationship description)""" from_user = models.ForeignKey(User, related_name='from_user') to_user = models.ForeignKey(User, related_name='to_user') has_requested_friendship = models.BooleanField(default=True) is_friend = models.BooleanField(default=False) objects = SomeManager() relationships = models.ManyToManyField(User, through=Relationship, symmetrical=False) relationships.contribute_to_class(User, 'relationships') Here i take the User object and use contribute_to_class to add 'relationships' to the User object. The relationship show up, but if call User.relationships.friends it should run the friends() method, but its failing. Any ideas how i would do this? Thanks

  Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >