Search Results

Search found 1139 results on 46 pages for 'ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 19/46 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Error getting PAM / Linux integrated with Active Directory

    - by topper
    I'm trying to add a Linux server to a network which is controlled by AD. The aim is that users of the server will be able to authenticate against the AD domain. I have Kerberos working, but NSS / PAM are more problematic. I'm trying to debug with a simple command such as the following, please see the error. Can anyone assist me to debug? root@antonyg04:~# ldapsearch -H ldap://raadc04.corp.MUNGED.com/ -x -D "cn=MUNGED,ou=Users,dc=corp,dc=MUNGED,dc=com" -W uid=MUNGED Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece I have had to munge some details, but I can tell you that cn=MUNGED is my username for logging into the AD domain, and the password that I typed was the password for said domain. I don't know why it says "Invalid credentials", and the rest of the error is so cryptic, I have no idea. Is my approach somehow flawed? Is my DN obviously wrong? How can I confirm the correct DN? There was a tool online but I can't find it. NB I have no access to the AD Server for administration or configuration.

    Read the article

  • Spring security custom principal bean

    - by wuntee
    I have a web application that is set up to use the default ldap server/authentication manager/authentication provider/user service. I have another DAO that already does majority of the work that those do (besides the authenticating a user) using Spring-LDAP. My problem is that I want the principal to be of my own custom bean class. What is the simplest way to do this? Initially I was thinking to create a custom authentication provider, but since the default one does exactly what I want, there doesnt seem to be a need. I am thinking I just need to override whatever object actually returns the Principal bean. Is this possible, and able to be injected into the security ldap authenticator context?

    Read the article

  • Active Directory List OU's

    - by Stephen Murby
    I have this code currently, string defaultNamingContext; DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value.ToString(); rootDSE = new DirectoryEntry("LDAP://" + defaultNamingContext); //DirectoryEntry domain = new DirectoryEntry((string)"LDAP://" + defaultNamingContext); DirectorySearcher ouSearch = new DirectorySearcher(rootDSE,"(objectCategory=Organizational-Unit)", null, SearchScope.Subtree); MessageBox.Show(rootDSE.Path.ToString()); try { SearchResultCollection collectedResult = ouSearch.FindAll(); foreach (SearchResult temp in collectedResult) { comboBox1.Items.Add(temp.Properties["name"][0]); DirectoryEntry ou = temp.GetDirectoryEntry(); } } When i use the debugger i can see that rootDSE.Path is infact pointing to the right place, in this case "DC=g-t-p,DC=Local" but the directory searcher doesn't find any results. Can anyone help?

    Read the article

  • Why does Spring Security's BindAuthenticator require read permissions for users?

    - by Thomas
    Hi all, I'm currently implementing/configuring the LDAP authentication of a Java web application using Spring Security 3.0. I'm using Microsoft AD LDS as LDAP server and chose the Spring's BindAuthenticator. I found out that the authentication only works if the authenticated user is a member of the partition's Readers role. The BindAuthenticator tries to read the user's attributes after the authentication, which seems reasonable in scenarios where authorities are retrieved from the directory service. Being new to LDAP and AD, is this an acceptable practise when the application is integrated in an existing AD structure? Can fine-tune an give the user dns only read permissions for their own attributes rather than adding them to the Reader group? Thanks Thomas

    Read the article

  • ldapsearch and vcard creation

    - by Aaron Hoffman
    I'm using openldap on Mac OS X Server 10.6 and need to generate a vcard for all the users in a given group. By using the ldapsearch I can list all the memberUid's for all users in that group. I found a perl script (Advanced LDAP Search or ALS) that was written by someone that will generate the vcard easily. ALS can be found here http://www.ldapman.org/tools/als.gz So what I need to do is create a wrapper script (in python or perl) that will effectively loop through the memberUid's and run the ALS command to create the vcard and append it to the file. This command provides the memberUid's: ldapsearch -x -b 'dc=ldap,dc=server,dc=com' '(cn=testgroup)' Then running ALS gives the vcard: als -b dc=ldap,dc=server,dc=com -V uid=aaronh > vcardlist.vcf If it's easier to do this using Perl since ALS is already using it that would be fine. I've done more work in python but I'm open to suggestions. Thanks in advance, Aaron

    Read the article

  • Why does Perl complain "Can't modify constant item in scalar assignment"?

    - by joe
    I have this Perl subroutine that is causing a problem: sub new { my $class = shift; my $ldap_obj = Net::LDAP->new( 'test.company.com' ) or die "$@"; my $self = { _ldap = $ldap_obj, _dn ='dc=users,dc=ldap,dc=company,dc=com', _dn_login = 'dc=login,dc=ldap,dc=company,dc=com', _description ='company', }; # Print all the values just for clarification. bless $self, $class; return $self; } what is wrong on this code : i got this error Can't modify constant item in scalar assignment at Core.pm line 12, near "$ldap_obj,"

    Read the article

  • Domain: Netlogon event sequence

    - by Bob
    I'm getting really confused, reading tutorials from SAMBA howto, which is hell of a mess. Could you write step-by-step, what events happen upon NetLogon? Or in particular, I can't get these things: I really can't get the mechanism of action of LDAP and its role. Should I think of Active Directory LDS as of its superset? What're the other roles of AD and why this term is nearly a synonym of term "domain"? What's the role of LDAP in the remote login sequence? Does it store roaming user profiles? Does it store anything else? How it is called (are there any upper-level or lower-level services that use it in the course of NetLogon)? How do I join a domain. On the client machine I just use the Domain Controller admin credentials, but how do I prepare the Domain Controller for a new machine to join it. What's that deal of Machine trust accounts? How it is used? Suppose, I've just configured a machine to join a domain, created its machine trust, added its data to the domain controller. How would that machine find WINS server to query it for Domain Controller NetBIOS name? Does any computer name, ending with <1C type, correspond to domain controller? In what cases Kerberos and LM/NTLM are used for authentication? Where are password hashes stored in, say, Windows2000 domain controller? Right in the registry? What is SAM - is it a service, responsible for authentication and sending/storing those passwords and accompanying information, such as groups policies etc.? Who calls it? Does it use Active Directory? What's the role of NetBIOS except by name service? Can you exemplify a scenario of its usage as a "datagram distribution service for connectionless communication" or "session service for connection-oriented communication"? (quoted taken from http://en.wikipedia.org/wiki/NetBIOS_Frames_protocol description of NetBIOS roles) Thanks and sorry for many questions.

    Read the article

  • How do you determine if your domain isn't AD or ADAM?

    - by icurious
    I'm trying to get some authentication stuff set up in ASP MVC, but keep getting thrown errors about how it doesn't support anything but Active Directory (AD) and Active Directory Application Mode (ADAM). How can I figure out the actual running version of my LDAP provider? Is there some sort of command or query I can run against it? It's entirely possible it isn't AD or ADAM, but I have no idea how to figure that out.

    Read the article

  • Double password in Directory Server

    - by xain
    Hi, anybody knows how to implement a second password in an LDAP, so it's policies are different from the userPassword attribute ? The idea is to use it as a non-login password (for instance to "sign" a transaction). Thanks

    Read the article

  • Adding addresses to ActiveDirectory with Thunderbird

    - by Fa3ien
    We use a Windows 2003 server and XP stations. The server's LDAP is working ok, as I am able to retrieve the addresses it contains with Thunderbird. I'd like to be able to ADD an address to the server's book (the address of a new contact that freshly wrote me, for example) directly from Thunderbird, but that doesn't seem possible. What can I do ?

    Read the article

  • How to configure ldap login with php

    - by Drew G
    I'm attempting to implement a login that works with ldap, My extension=php_ldap.dll is uncommented in both of my php config files, ldap shows up in my phpinfo() I have access to AD and I've been using dsquery to snoop around. So I believe I'm very close to achieving my goal function authenticate($user, $password) { $ldap_host = "na.ad.mycompanyname.com"; $ldap_dn = "CN=USA-USERS,DC=ad,DC=mycompanyname,DC=com"; $ldap_user_group = "Domain Users"; $ldap_manager_group = "Domain Admins"; $ldap_usr_dom = "@na.ad.mycompany.com"; So for now when I enter my login credentials, it fails and I get the appropriate error, my question is, what information do I need to enter and which dsquery commands should I use? Without being spoonfed, could someone point me in the right direction? I've done some extensive research, but nothing I could find really assists with figuring out which CN's and OU's to use. Yes I realize I need to be using the correct CN's and OU's that correspond to my location, but I've been trying the guess and check method to no avail, so I figured I would ask. Any assistance is appreciated. THANKS!!!

    Read the article

  • How can I get an Active Directory data code from System.DirectoryServices[.Protocols]?

    - by Alex Waddell
    When using .Protocols, I can run the following pseudocode to authenticate to an AD: try { LdapConnection c = new LdapConnection("User", "Password"); c.Bind(); } catch (LdapException le) { Debug.WriteLine(le.ResultCode); } This code will allow me to get the "Invalid Credentials" error string, and the AD code "49", but I need to get the additional data errors similar to an LDAP Java client : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data **525**, vece ] 525 – user not found 52e – invalid credentials (bad password) 530 – logon time restriction 532 – password expired 533 – account disabled 701 – account expired 773 – user must reset password

    Read the article

  • Get other ldap query strings associated with a domain.

    - by seekerOfKnowledge
    I have in Softerra LDAP Administration something like the following: server: blah.gov OU=Domain Controllers etc... ldap://subdomain.blah.gov I can't figure out how to, in C#, get those other ldap subdomain query strings. I'm not sure how else to explain it, so ask questions and I'll try to clarify. Updated: This is what Softerra LDAP Administrator looks like. The ldap queries near the bottom are not children of the above node, but somehow, the program knows about them and linked them in the GUI. If I could figure out how, that would fix my problem.

    Read the article

  • Managing access to multiple linux system

    - by Swartz
    A searched for answers but have found nothing on here... Long story short: a non-profit organization is in dire need of modernizing its infrastructure. First thing is to find an alternatives to managing user accounts on a number of Linux hosts. We have 12 servers (both physical and virtual) and about 50 workstations. We have 500 potential users for these systems. The individual who built and maintained the systems over the years has retired. He wrote his own scripts to manage it all. It still works. No complaints there. However, a lot of the stuff is very manual and error-prone. Code is messy and after updates often needs to be tweaked. Worst part is there is little to no docs written. There are just a few ReadMe's and random notes which may or may not be relevant anymore. So maintenance has become a difficult task. Currently accounts are managed via /etc/passwd on each system. Updates are distributed via cron scripts to correct systems as accounts are added on the "main" server. Some users have to have access to all systems (like a sysadmin account), others need access to shared servers, while others may need access to workstations or only a subset of those. Is there a tool that can help us manage accounts that meets the following requirements? Preferably open source (i.e. free as budget is VERY limited) mainstream (i.e. maintained) preferably has LDAP integration or could be made to interface with LDAP or AD service for user authentication (will be needed in the near future to integrate accounts with other offices) user management (adding, expiring, removing, lockout, etc) allows to manage what systems (or group of systems) each user has access to - not all users are allowed on all systems support for user accounts that could have different homedirs and mounts available depending on what system they are logged into. For example sysadmin logged into "main" server has main://home/sysadmin/ as homedir and has all shared mounts sysadmin logged into staff workstations would have nas://user/s/sysadmin as homedir(different from above) and potentially limited set of mounts, a logged in client would have his/her homedir at different location and no shared mounts. If there is an easy management interface that would be awesome. And if this tool is cross-platform (Linux / MacOS / *nix), that will be a miracle! I have searched the web and so have found nothing suitable. We are open to any suggestions. Thank you. EDIT: This question has been incorrectly marked as a duplicate. The linked to answer only talks about having same homedirs on all systems, whereas we need to have different homedirs based on what system user is currently logged into(MULTIPLE homedirs). Also access needs to be granted only to some machinees not the whole lot. Mods, please understand the full extent of the problem instead of merely marking it as duplicate for points...

    Read the article

  • zimbra server server not sync with ldap server

    - by shreedhar.bh
    Please help me out I am intermediate on linux, 1) I do have zimbra mail server on ubuntu with ladap server and external openldap server in internal location 2) last weak we got renewed the SSL certificate on Zimbra server 3) after renewed the SSL certificate with 10 years in Zimber server its not able to sync the ladap details with internal OpenLdap server Please help me to fix this issue In advance thanks Regards Shreedhar.BH

    Read the article

  • rsyslog forward all except ldap

    - by Brian
    I have Centos 6 servers running openLDAP. In the rsyslog.conf, I forward the logs to my central server with this line: *.* @10.10.10.10:514 openldap seems incredibly chatty. I have 3 servers in a multi-master cluster. Those 3 servers generate twice as many logs as my other 80 servers combined. I have been unsuccessful in figuring out how to tell openLDAP to use a sensible log level. (we never specifically set the log level) Since these are my main authentication sources, I'm a bit hesitant to "play around" with them. Is there a way to tell rsyslog to forward everything EXCEPT LOCAL4?

    Read the article

  • ldap export and import

    - by Jure1873
    Is it possible to export all the data inside openldap for example using ldapsearch or some other tool to a (ldif?) file and then import everything on another server and put this in a script that would be run every day. So that I could use the other one as a backup when the first/master server is not available? I have full access to the first/master server, but I can't modify it's configuration so I think I can't set up replication.

    Read the article

  • C#.Net - using LDAP

    - by archit
    I have a small problem regarding the LDAP... Is it possible to retrieve all the MAC_ID's of the entire system that is connected a domain, or does the Schema Master saves the MAC_ID's of all the system that is connected in the domain

    Read the article

  • Ubuntu 10.04 (Lucid) OpenLDAP invalid credentials issue

    - by gmuller
    This won't be a question, but a solution to an infuriating problem on Ubuntu 10.04. If you tried to deploy an LDAP server using this distro following the tutorials below, you'll be on serious trouble. Tutorials: https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html https://help.ubuntu.com/9.10/serverguide/C/samba-ldap.html The error first appear, on the line: "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb olcAccess" It simply won't allow admin to access the "cn=config", thus you won't be able to deploy the LDAP server correctly. After almost a week searching for a solution, I've found this page: https://bugs.launchpad.net/ubuntu-docs/+bug/333733 On comment #5, the solution is presented. Quoting the author: when you get to the setting up ACL part you all of a sudden need to use a cn=admin,cn=config, that doesn't exist creating a config.ldif with dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: secret dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess and adding it with ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif It's unacceptable that a Linux distribution, popular like Ubuntu, have such ridiculous bug. Hope it helps everyone!

    Read the article

  • SquidGuard and Active Directory groups

    - by Massimo
    I'm configuring a Linux proxy with Squid and SquidGuard to filter Internet traffic. I know how to authenticate users against Active Directory in Squid, and then how to filter access for users using SquidGuard. The question: how to use Active Directory groups in SquidGuard instead of plain user names? My goal is to be able to configure rules like "members of this group can go anywhere" or "members of this group can only visit certain sites". I know SquidGuard can't manage group membership directly, but it can do LDAP searches on its own; but the syntax to look up wheter a user is member of a given group seems to be quite cryptic, and I couldn't find any good documentation around.

    Read the article

  • How to enable catch-all email in iRedMail Open Source edition?

    - by Matthias
    How to create catch-all email alias for domain in iRedMail Open Source edition? I know that's possible via LDAP and found the following instructions: http://iredmail.org/wiki/index.php?title=Addition/OpenLDAP/Catch-all The problem is how exactly to add this parameters via phpLDAPAdmin? I select "Create new entry here" and choose mailUser type. Then in step 2 first question is about "RDN" with select box "select RDN attribute". What should I choose as RDN? Which fields of the "Create Object" form should be filled? Unfortunetly there is completely no validation of user input and final errors does not contain explanation what's wrong Also when I try to import example from iredmail wiki phpldapadmin it gives LDIF Import Parse Error Description: A valid dn line is required [] dn line is: dn: [email protected],ou=Users,domainName=mydomain.eu,o=domains,dc=myserver,dc=pl

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >