Search Results

Search found 193 results on 8 pages for 'dn'.

Page 2/8 | < Previous Page | 1 2 3 4 5 6 7 8  | Next Page >

  • Adding objects to LDAP via CGI

    - by musashiXXX
    I have a web form that collects information and submits it to a cgi that attempts to insert the data into LDAP. The problem is that I'm trying to use a variable with ::ldap::add and it's just not working. Here's the code: if {[string length env(QUERY_STRING)] != 0} { set handle [::ldap::connect localhost] set dn "cn=admin,dc=mycompany,dc=com" set pw "myPassword" ::ldap::bind $handle $dn $pw set dn "cn=[ncgi::value givenName] [ncgi::value sn],ou=people,dc=mycompany,dc=com" set formValues [ puts "cn {{[ncgi::value givenName] [ncgi::value sn]}}" puts "displayName [ncgi::value givenName] [ncgi::value sn]" foreach {key value} [ncgi::nvlist] { if {[string length $value] != 0} { puts "$key $value" } } puts "objectClass top" puts "objectClass person" puts "objectClass organizationalPerson" puts "objectClass inetOrgPerson" ] ::ldap::add $handle $dn { $formValues } ldap::unbind $handle } However, if I replace $formValues with the actual entries that I want to insert into LDAP, they get added just fine. I'm new to TCL so I wouldn't be surprised if there were some glaring errors in this snippet. Thanks in advance!

    Read the article

  • Configure Calendar Server 7 to Use the davUniqueId Attribute

    - by dabrain
    Starting with Calendar Server 7 Update 3 (Patch 08) we introduce a new attribute davUniqueId in the davEntity objectclass, to use as the unique identifier.  The reason behind this is quite simple, the LDAP operational attribute nsUniqueId  has been chosen as the default value used for the unique identifier. It was discovered that this choice has a potential serious downside. The problem with using nsUniqueId is that if the LDAP entry for a user, group, or resource is deleted and recreated in LDAP, the new entry would receive a different nsUniqueId value from the Directory Server, causing a disconnect from the existing account in the calendar database. As a result, recreated users cannot access their existing calendars. How To Configure Calendar Server to Use the davUniqueId Attribute? Populate the davUniqueId to the ldap users. You can create a LDIF output file only or (-x option) directly run the ldapmodify from the populate-davuniqueid shell script. # ./populate-davuniqueid -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -b "o=red" -O -o /tmp/out.ldif The ldapmodify might failed like below, in that case the LDAP entry already have the 'daventity' objectclass, in those cases run populate-davuniqueid script without the -O option. # ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -c -f /tmp/out.ldif modifying entry "uid=mparis,ou=People,o=vmdomain.tld,o=red" ldapmodify: Type or value exists (20) In this case the user 'mparis' already have the objectclass 'daventity', ldapmodify do not take care of this DN and just take the next DN (if you start ldapmodify with -c option otherwise it stop's completely) dn: uid=mparis,ou=People,o=vmdomain.tld,o=red changetype: modify add: objectclass objectclass: daventity - add: davuniqueid davuniqueid: 01a2c501-af0411e1-809de373-18ff5c8d Even run populate-davuniqueid without -O option or changing the outputfile to dn: uid=mparis,ou=People,o=vmdomain.tld,o=red changetype: modify add: davuniqueid davuniqueid: 01a2c501-af0411e1-809de373-18ff5c8d The ldapmodify works fine now. The only issue I see here is you need verify which user might need the 'daventity' objectclass as well. On the other hand start without the objectclass and only add the objectclass for the users where you get 'Objectclass violation' report. That's indicate the objectclass is missing. # ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -c -f /tmp/out.ldif modifying entry "uid=mparis,ou=People,o=vmdomain.tld,o=red" Now it is time to change the configuration to use the davuniquid attribute # ./davadmin config modify -o davcore.uriinfo.permanentuniqueid -v davuniqueid It is also needed to modfiy the search filter to use davuniqueid instead of nsuniqueid # ./davadmin config modify -o davcore.uriinfo.subjectattributes -v "cn davstore icsstatus mail mailalternateaddress davUniqueId  owner preferredlanguageuid objectclass ismemberof uniquemember memberurl mgrprfc822mailmember" Afterward IWC Calendar works fine and my test user able to access all his old events.

    Read the article

  • Enabling EUS support in OUD 11gR2 using command line interface

    - by Sylvain Duloutre
    Enterprise User Security (EUS) allows Oracle Database to use users & roles stored in LDAP for authentication and authorization.Since the 11gR2 release, OUD natively supports EUS. EUS can be easily configured during OUD setup. ODSM (the graphical admin console) can also be used to enable EUS for a new suffix. However, enabling EUS for a new suffix using command line interface is currently not documented, so here is the procedure: Let's assume that EUS support was enabled during initial setup.Let's o=example be the new suffix I want to use to store Enterprise users. The following sequence of command must be applied for each new suffix: // Create a local database holding EUS context infodsconfig create-workflow-element --set base-dn:cn=OracleContext,o=example --set enabled:true --type db-local-backend --element-name exampleContext -n // Add a workflow element in the call path to generate on the fly attributes required by EUSdsconfig create-workflow-element --set enabled:true --type eus-context --element-name eusContext --set next-workflow-element:exampleContext -n // Add the context to a workflow for routingdsconfig create-workflow --set base-dn:cn=OracleContext,o=example --set enabled:true --set workflow-element:eusContext --workflow-name exampleContext_workflow -n //Add the new workflow to the appropriate network groupdsconfig set-network-group-prop --group-name network-group --add workflow:exampleContext_workflow -n // Create the local database for o=exampledsconfig create-workflow-element --set base-dn:o=example --set enabled:true --type db-local-backend --element-name example -n // Create a workflow element in the call path to the user data to generate on the fly attributes expected by EUS dsconfig create-workflow-element --set enabled:true --set eus-realm:o=example --set next-workflow-element:example --type eus --element-name eusWfe// Add the db to a workflow for routingdsconfig create-workflow --set base-dn:o=example --set enabled:true --set workflow-element:eusWfe --workflow-name example_workflow -n //Add the new workflow to the appropriate network groupdsconfig set-network-group-prop --group-name network-group --add workflow:example_workflow -n  // Add the appropriate acis for EUSdsconfig set-access-control-handler-prop \           --add global-aci:'(target="ldap:///o=example")(targetattr="authpassword")(version 3.0; acl "EUS reads authpassword"; allow (read,search,compare) userdn="ldap:///??sub?(&(objectclass=orclservice)(objectclass=orcldbserver))";)' dsconfig set-access-control-handler-prop \       --add global-aci:'(target="ldap:///o=example")(targetattr="orclaccountstatusevent")(version 3.0; acl "EUS writes orclaccountstatusenabled"; allow (write) userdn="ldap:///??sub?(&(objectclass=orclservice)(objectclass=orcldbserver))";)' Last but not least you must adapt the content of the ${OUD}/config/EUS/eusData.ldif  file with your suffix value then inport it into OUD.

    Read the article

  • How to store multiple requirements with OR and AND?

    - by Cano
    Well I'm working on a personal project that needs to check if a user has met certain requirements, and they come in a form of Requirement: [c1 OR c2] AND [d1 OR d2] Requirement: [c1 AND c2] OR [d1 AND d2] Requirement: c1 AND any dn(n can be any integer) I'm just not sure how to store these sorts of requirements, I'm thinking of using another object to hold c1,c2,d1,d2....dn and OR, but that seems like a roundabout way of doing things. Is there a better method?

    Read the article

  • Kunagi LDAP configuration problems

    - by Willem de Vries
    We recently started with Scrum at our company and we wanted to start using Kunagi to test and see how it works. So I installed the kunagi_0.23.2.deb packet that I downloaded from their website, on my Ubuntu 11.04 running in tomcat6 using openjdk-6-jre. everything works fine except I can't get the LDAP to work. I have one AD server and one LDAP at my disposal for testing. For the LDAP I use the following info: -uri: ldap://192.168.1.11:389 -user: some_tested_user -passwd: the_pass -DN: dc=colosa,dc=net -LDAP Filter: (&(objectClass=user)) I tested various LDAP Filters, I don't know if I have the right one. However I get an erro when clicking "test LDAP". The error refers to the DN: Server service call error Calling service TestLdap failed. java.lang.RuntimeException: InvalidNameException: [LDAP: error code 34 - invalid DN] With the AD server I get no error while testing, yet I am not able to login I get: "Login faild" every time. I don't know if this is because of the LDAP Filter I entered, yet I can't get it to work. I have read this http://kunagi.org/iss652.html stating that I need to create my accounts inside Kunagi before I can login. So I did this with no effect. So basically my question is, what causes this DN string error (I am sure mine is right), and what LDAP Filter should i use? Any help would be highly appreciated.

    Read the article

  • Ruby net:LDAP returns "code = 53 message = Unwilling to perform" error

    - by Yong
    Hi, I am getting this error "code = 53, message = Unwilling to perform" while I am traversing the eDirectory treebase = "ou=Users,o=MTC". My ruby script can read about 126 entries from eDirectory and then it stops and prints out this error. I do not have any clue of why this is happening. I am using the ruby net:LDAP library version 0.0.4. The following is an excerpt of the code. require 'rubygems' require 'net/ldap' ldap = Net::LDAP.new :host => "10.121.121.112", :port => 389, :auth => {:method => :simple, :username => "cn=abc,ou=Users,o=MTC", :password => "123" } filter = Net::LDAP::Filter.eq( "mail", "*mtc.ca.gov" ) treebase = "ou=Users,o=MTC" attrs = ["mail", "uid", "cn", "ou", "fullname"] i = 0 ldap.search( :base => treebase, :attributes => attrs, :filter => filter ) do |entry| puts "DN: #{entry.dn}" i += 1 entry.each do |attribute, values| puts " #{attribute}:" values.each do |value| puts " --->#{value}" end end end puts "Total #{i} entries found." p ldap.get_operation_result Here is the output and the error at the end. Thank you very much for your help. DN: cn=uvogle,ou=Users,o=MTC mail: --->[email protected] fullname: --->Ursula Vogler ou: --->Legislation and Public Affairs dn: --->cn=uvogle,ou=Users,o=MTC cn: --->uvogle Total 126 entries found. OpenStruct code=53, message="Unwilling to perform"

    Read the article

  • OpenLDAP and SSL

    - by Stormshadow
    I am having trouble trying to connect to a secure OpenLDAP server which I have set up. On running my LDAP client code java -Djavax.net.debug=ssl LDAPConnector I get the following exception trace (java version 1.6.0_17) trigger seeding of SecureRandom done seeding SecureRandom %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1256110124 bytes = { 224, 19, 193, 148, 45, 205, 108, 37, 101, 247, 112, 24, 157, 39, 111, 177, 43, 53, 206, 224, 68, 165, 55, 185, 54, 203, 43, 91 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_W ITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SH A, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** Thread-0, WRITE: TLSv1 Handshake, length = 73 Thread-0, WRITE: SSLv2 client hello message, length = 98 Thread-0, received EOFException: error Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Thread-0, SEND TLSv1 ALERT: fatal, description = handshake_failure Thread-0, WRITE: TLSv1 Alert, length = 2 Thread-0, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake javax.naming.CommunicationException: simple bind failed: ldap.natraj.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during hands hake] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.<init>(Unknown Source) at javax.naming.directory.InitialDirContext.<init>(Unknown Source) at LDAPConnector.CallSecureLDAPServer(LDAPConnector.java:43) at LDAPConnector.main(LDAPConnector.java:237) Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read1(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at com.sun.jndi.ldap.Connection.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ... 9 more I am able to connect to the same secure LDAP server however if I use another version of java (1.6.0_14) I have created and installed the server certificates in the cacerts of both the JRE's as mentioned in this guide -- OpenLDAP with SSL When I run ldapsearch -x on the server I get # extended LDIF # # LDAPv3 # base <dc=localdomain> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # localdomain dn: dc=localdomain objectClass: top objectClass: dcObject objectClass: organization o: localdomain dc: localdomain # admin, localdomain dn: cn=admin,dc=localdomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 On running openssl s_client -connect ldap.natraj.com:636 -showcerts , I obtain the self signed certificate. My slapd.conf file is as follows ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel none # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 ####################################################################### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend hdb ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type hdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database hdb # The base of your directory in database #1 suffix "dc=localdomain" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn "cn=admin,dc=localdomain" # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # The dbconfig settings are used to generate a DB_CONFIG file the first # time slapd starts. They do NOT override existing an existing DB_CONFIG # file. You should therefore change these settings in DB_CONFIG directly # or remove DB_CONFIG and restart slapd for changes to take effect. # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 for more # information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Checkpoint the BerkeleyDB database periodically in case of system # failure and to speed slapd shutdown. checkpoint 512 30 # Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=localdomain" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=localdomain" write by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=localdomain" write # by dnattr=owner write ####################################################################### # Specific Directives for database #2, of type 'other' (can be hdb too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other> # The base of your directory for database #2 #suffix "dc=debian,dc=org" ####################################################################### # SSL: # Uncomment the following lines to enable SSL and use the default # snakeoil certificates. #TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key TLSCipherSuite TLS_RSA_AES_256_CBC_SHA TLSCACertificateFile /etc/ldap/ssl/server.pem TLSCertificateFile /etc/ldap/ssl/server.pem TLSCertificateKeyFile /etc/ldap/ssl/server.pem My ldap.conf file is # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST ldap.natraj.com PORT 636 BASE dc=localdomain URI ldaps://ldap.natraj.com TLS_CACERT /etc/ldap/ssl/server.pem TLS_REQCERT allow #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never

    Read the article

  • T38modem manuals?

    - by Brian Postow
    Are there any T38modem users here? I'm trying to figure out how to call T38modem with SIP. I've got everything except the --route option for receiving. I know my own phone number, but I am not sure how to set it up. Currently, I have: --route "modem:0.*"="sip:<dn>@64.136.174.30" --route "modem:1.*=sip:[email protected]" I've also tried: --route "modem:*.*"="sip:<dn>@64.136.174.30" --route"sip:*@74.94.184.154"="modem:<dn>@127.0.0.1" what amI doing wrong? And where (other than t38modem --help) can I find some documentation on how to use it? thanks.

    Read the article

  • How to enable catch-all email in iRedMail Open Source edition?

    - by Matthias
    How to create catch-all email alias for domain in iRedMail Open Source edition? I know that's possible via LDAP and found the following instructions: http://iredmail.org/wiki/index.php?title=Addition/OpenLDAP/Catch-all The problem is how exactly to add this parameters via phpLDAPAdmin? I select "Create new entry here" and choose mailUser type. Then in step 2 first question is about "RDN" with select box "select RDN attribute". What should I choose as RDN? Which fields of the "Create Object" form should be filled? Unfortunetly there is completely no validation of user input and final errors does not contain explanation what's wrong Also when I try to import example from iredmail wiki phpldapadmin it gives LDIF Import Parse Error Description: A valid dn line is required [] dn line is: dn: [email protected],ou=Users,domainName=mydomain.eu,o=domains,dc=myserver,dc=pl

    Read the article

  • disallow anonymous bind in openldap

    - by shashank prasad
    Folks, I have followed the instructions here http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html to setup my OpenLdap and its working just fine, except an anonymous user can bind to my server and see the whole user/group structure. LDAP is running over SSL. I have read online that i can add disallow bind_anon and require authc in the slapd.conf file and it will be disabled but there is no slapd.conf file to begin with and since this doesn't use slapd.conf for its configuration as i understand OpenLdap has moved to a cn=config setup so it wont read that file even if i create one. i have looked online without any luck. I believe i need to change something in here olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read but i am not sure what. Any help is appreciated. Thank you! -shashank

    Read the article

  • openldap search acl

    - by Patrick
    I'm trying to write an access control for OpenLDAP to allow a user to search with a certain base dn, but only get results back from certain sub dn's. I've played with lots of different rules but cant get it to work. I'm not sure its even possible. For example: I have the user with the dn uid=testuser,ou=people,dc=example,dc=com. I want this user to be able to search with a base of dc=example,dc=com and get back entries in ou=people,dc=example,dc=com. There are lots of other sub OUs under dc=example,dc=com, but only entries in ou=people should be returned (for bonus, I'd only like certain attributes to be returned as well). Can this be done?

    Read the article

  • Connecting FreeNAS 8 to Mac OS X Lion LDAP Server

    - by Absolution
    I currently have Mac OS X Lion Server running from a MacMini and want to use it purely as an LDAP server for authentication for FreeNAS 8. I have FreeNAS setup and running on a VM, all features working correctly and as expected however I cannot connect to my LDAP server (MacMini). Error message; **Nss_ldap: could not search LDAP server – server is unavailable** For LDAP service settings in FreeNAS, I know my Hostname and Base DN are correct (exact copies of what I set originally and ones that are shown in server:open directory overview) however I am unsure what to enter for Root bind DN, password and Suffix’s. I have researched into where I can find these out and other than following the FreeNAS examples it appears there is a way to find out within the Server Workgroup Manager specific to my settings – however this function is unavailable to me and cannot be ‘ticked’ to view for some strange reason. Some forums explain how Root bind DN should be uid=admin, dc=… and others cn=admin, dc=… – I’m rather confused and would appreciate your help or advice with this.

    Read the article

  • Distinguished name of Configuration in AD is tampered?

    - by Natan Abolafya
    A user of our product came out with a problem which was caused by the DN of Configuration object in AD. We had a rather static lookup method to find Configuration object, thus it failed. Let's say the domain name of AD is foo.bar.example.com. Therefore, the expected DN of configuration should be CN=Configuration,DC=foo,DC=bar,DC=example,DC=com, right? But somehow, this user's DN of configuration has one value missing: CN=Configuration,DC=bar,DC=example,DC=com. Do you know how can we reproduce this issue (or is it commonly implemented?)?

    Read the article

  • ldap client cannot contact ldap server

    - by Van
    I have followed these instructions: https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-auth-config The ldap server works fine. I can log into it using an ldap account. However, I configured another Ubuntu 12.04 server as a ldap client for authentication but I cannot contact the server. Here is the error: On the client: # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://ldap01.domain.local -b cn=config dn ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) The server can receive requests: On the client: # telnet ldap01.domain.local 389 Trying 10.3.17.10... Connected to sisn01.domain.local. Escape character is '^]'. On the client: # ldapsearch -x -h ldap01.domain.local -b cn=config dn # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: dn # # search result search: 2 result: 32 No such object # numResponses: 1 On the server: # ps aux | grep slapd openldap 3759 0.0 0.2 564820 8228 ? Ssl 08:39 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d I suspect I am missing a configuration parameter either on the server or on the client. I just cannot figure out what. Any help here would be appreciated.

    Read the article

  • Active Directory Partition Error

    - by BLAKE
    Right now my active directory is failing a dcdiag test. I can find no info online about this error. When I run dcdiag /test:crossrefvalidation, I get the output: .... Doing primary tests Testing server: Default-First-Site-Name\ad01 Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : mydomain Starting test: CrossRefValidation ......................... mydomain passed test CrossRefValidation Running partition tests on : t Starting test: CrossRefValidation This cross-ref has a non-standard dNSRoot attribute. Cross-ref DN: CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration, DC=mydomain,DC=com nCName attribute (Partition name): DC=t Bad dNSRoot attribute: dc01.mydomain.com Check with your network administrator to make sure this dNSRoot attribute is correct, and if not please change the attribute to the value below. dNSRoot should be: t It appears this partition (DC=t) failed to get completely created. This cross-ref (CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configurat ion,DC=mydomain,DC=com) is dead and should be removed from the Active Directory. ......................... t failed test CrossRefValidation .... I used LDP from the windows support tools. I searched for the dnsRoot attribute in "cn=partitions,cn=configuration,dc=mydomain,dc=com", with the filter "(&(objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))" I got the result: ***Searching... ldap_search_s(ld, "cn=partitions,CN=Configuration,DC=mydomain,DC=com", 1, "(& (objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 3 entries: >> Dn: CN=65502be3-fc90-442a-83d8-4b3b91e82439,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: ForestDnsZones.mydomain.com; >> Dn: CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: ad01.mydomain.com; >> Dn: CN=f0ef5771-6225-4984-acd9-c08f582eb4e2,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: DomainDnsZones.mydomain.com; It looks like the bad partition has the name of my first domain controller 'ad01.mydomain.com'. I have googled for a while and have not been able to find any help or documentation about application partitions in Active Directory. Does anyone have any advice on how to cleanup this partition (or what the partition is for)? Does anyone know the repercussions for deleting this partition?

    Read the article

  • LDAP (slapd) ACL issue - can add but not modify entries

    - by Jonas
    I have an issue with the ACL configuration of an LDAP server (slapd). The following ACL entry is active as the first rule that applies: {0}to dn.subtree="ou=some,ou=where,ou=beneath,dc=the,dc=rain,dc=bow" attrs=entry,children by users write Now the strange thing that happens is that given that rule I can add an entry to the respective DN but if I want to modify it with the very same user, then I get 0x32 (LDAP_INSUFFICIENT_ACCESS) Can someone give me a hint what the problem could be?

    Read the article

  • 2 or more FOR loops in command shell merging fileA line1 with fileB line1, &c.

    - by rfransix
    Hi, i'm trying to build an ldif import file. I have 2 files, one with the DN and another with the employeeNumber, they match up line for line. Here's the code that does not work: @echo on ::Set BATCH Input Directory set batchdir=e:\Meta ::Set the input file containing the server list set infile=%batchdir%\DDNs3 set infile2=%batchdir%\DDNs4 ::If exists, we remove output file Rm DDNs3.ldif ::For loop below process each line in the input list. FOR /F "tokens=* delims=" %%i IN (%infile%) do ( FOR /F "tokens=* delims=" %%k IN (%infile2%) do ( Echo dn: %%i Echo changetype: modify Echo replace: employeeNumber Echo employeeNumber: %%k ) ) DDNs3.ldif I've tried several variations, including: ::For loop below process each line in the input list. FOR /F "tokens=* delims=" %%i IN (%infile%) do ( Echo dn: %%i Echo changetype: modify Echo replace: employeeNumber FOR /F "tokens=* delims=" %%k IN (%infile2%) do ( Echo employeeNumber: %%k echo. ) ) DDNs3.ldif

    Read the article

  • Keyboard problems on Acer Laptop

    - by artfulrobot
    The key map on my Acer Aspire 5750 keyboard has gone awry since I had the keyboard replaced (because of physical fault with one of the keys). The new keyboard looks identical, but now Ubuntu seems a little confused about which (function) buttons are which. So previously Fn+left/right were, as marked on the keys, brightness up and down; Fn+up/down were volume. It all worked as advertised! But now Page Dn (which is marked as Page Dn or Back a track with Fn) is turning the volume up, and the others fn+arrow keys don't work at all. Is there a way I can see what's happening or get it to re-map my keys? Thanks.

    Read the article

  • Configure Oracle Identity Manager AD/LDAP Authentication

    - by Arda Eralp
    Requirements (on AD side) LDAP connection user with the necessary rights in AD to do subtree searches on your users and groups container, respectively in the scope we configure below For LDAP in OIM to work, you need an AD Group called "oimusers", in which all users who shall be able to login to OIM need to be member. The group need to be named exactly "oimusers". Step 1: Login Weblogic Administration Console  Step 2: Create New Provider Authentication Provider Name: ADAuthenticationProvider Type: ActiveDirectoryAuthenticator Control Flag: SUFFICIENT   User scope configuration User Base DN: Container where your users are found Rest of the parameters stay default   Group scope configuration Group Base DN: Container where your groups are found Your "oimusers" group must be found in this container or in the subtree Rest of the parameters stay default  Step 3: Restart Admin Server Step 4: Check oimusers group Step 5: Re order providers Step 6: Restart Admin Server

    Read the article

  • How do I use LDAP proxy user authentication from .net?

    - by DN
    I have a .net web application that uses simple bind to query the LDAP. The application uses integrated windows authentication. Do you have any recommendations on which option to use to authenticate against the LDAP: 1. simple LDAP bind using the logged in user's credentials 2. simple LDAP bind using a service account created for the application's use 3. LDAP proxy user authentication - I dont have enough info about this, so i'd be grateful if someone could explain it's benefit, recommended use and sample .net code to do the query.

    Read the article

  • Sending email with exim and external sender address

    - by Tronic
    i have following problem: i want to send emails with an rails webapp. i set up an exim server and when looking into the logs, the sending works, but the emails aren't sent really. i had the same problem with another isp. the sender address is hosted on another mailserver, other isp. i think the problem is, that sending doesn't work because the sener address isn't hosted on the same server. do you have any advice on this? the logs (exim) tell me the following: 2011-01-01 14:38:06 1PZ1eo-0000Ga-38 <= <> R=1PZ1eo-0000GY-1p U=Debian-exim P=local S=1778 2011-01-01 14:38:08 1PZ1eo-0000Ga-38 => [email protected] R=dnslookup T=remote_smtp H=mx1.emailsrvr.com [98.129.184.131] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=US,O=mx1.emailsrvr.com,OU=GT21850092,OU=See www.geotrust.com/resources/cps (c)08,OU=Domain Control Validated - QuickSSL(R),CN=mx1.emailsrvr.com" 2011-01-01 14:38:08 1PZ1eo-0000Ga-38 Completed [email protected] is the external sender-address! thank you! Edit with more details when sending a mail from command line with echo "Test" | mail -s Testmail [email protected] the logs says 2011-01-01 20:45:24 1PZ7OG-0001Vp-Rx <= root@gustav U=root P=local S=360 2011-01-01 20:45:26 1PZ7OG-0001Vp-Rx => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.229.27] X=TLS1.0:RSA_ARCFOUR_MD5:16 DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com" 2011-01-01 20:45:26 1PZ7OG-0001Vp-Rx Completed and i get the mail on my gmail account. but when sending by webapp (when testing locally with sendmail it works fine) i only get this log output 2011-01-01 20:50:08 1PZ7Sq-0001X9-L4 <= <> R=1PZ7Sq-0001X7-Jo U=Debian-exim P=local S=1780 2011-01-01 20:50:11 1PZ7Sq-0001X9-L4 => [email protected] R=dnslookup T=remote_smtp H=mx1.emailsrvr.com [98.129.184.3] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=US,O=mx1.emailsrvr.com,OU=GT21850092,OU=See www.geotrust.com/resources/cps (c)08,OU=Domain Control Validated - QuickSSL(R),CN=mx1.emailsrvr.com" 2011-01-01 20:50:11 1PZ7Sq-0001X9-L4 Completed

    Read the article

  • latest org.json

    - by cp
    Hello A simple question where can I dn the latest org.json jar? The API shows 2010/01/05 for JSONObject and my last dn was 09/06/15. I cant find it on sourceforge or anywhere else. Can someone direct to the latest that will have an API at least as specified as of 2010/01/05? tia.

    Read the article

  • Spaces in OU causing drupal ldapgroups lookup to deny login

    - by jgreep
    I'm trying to configure mapping of LDAP Groups to Drupal roles. The DN for the group that I have been given contains a space in the OU: CN=CommunityUsers,OU=Distribution Groups,DC=TLD,DC=AD Drupal is authenticating if there is no space, but under no circumstances can I have the space removed. Can I change the way I specify the DN?

    Read the article

  • OpenLDAP configuraion in Yast2 - groupOfUniqueNames/uniqueMember

    - by Ales
    hi all, in /etc/openldap/slapd.conf I have this acl and works: access to dn.subtree="ou=users,dc=domain" by group/groupofuniquenames/uniquemember="cn=partner,ou=groups,dc=domain" write by users read When I want to configure it in OpenSuSE 11.1 Yast2 LDAP server configuration it generates me file /etc/openldap/slap.d/cn=config/olcDatabase={1}bdb.ldif whit acl: olcAccess: {3}to dn.subtree="ou=users,dc=domain" by group="cn=partner,ou=groups,dc=domain" manage How can i set it from "by group" to "by group/groupofuniquenames/uniquemember" like in slapd.conf? thanks, Al

    Read the article

  • LDAP object class violation: attribute ou not allowed in suffix?

    - by Paramaeleon
    I am about to set up a LDAP directory. It is used as a tool to communicate user permissions from a web application to WebDav file system access, e.g. adding a user to the web platform shall allow login to the file system with the same credentials. There are no other usages intended. Following this German tutorial which encourages the use of the attributes c, o, ou etc. over dc, I configured the following suffix and root: suffix "ou=webtool,o=myOrg,c=de" rootdn "cn=ldapadmin,ou=webtool,o=myOrg,c=de" Server starts and I can connect to it by LDAP Admin, which reports “LDAP error: Object lacks”. Well, there aren’t any objects yet. I now want to create the root and admin elements from shell. I created an init.ldif file: dn: ou=webtool,o=myOrg,c=de objectclass: dcObject objectclass: organization dc: webtool o: webtool dn: cn=ldapadmin,ou=webtool,o=myOrg,c=de objectclass: organizationalRole cn: ldapadmin Trying to load the file runs into an error, telling me that ou is not allowed: server:~ # ldapadd -x -D "cn=ldapadmin,ou=webtool,o=myOrg,c=de" -W -f init.ldif Enter LDAP Password: adding new entry "ou=webtool,o=myOrg,c=de" ldap_add: Object class violation (65) additional info: attribute 'ou' not allowed I am not using ou anywhere except in the suffix, so the question: Isn’t it allowed here? What is allowed here? Here is my answer. I am not allowed to post it as answer for 8 hours, so don’t mind that it is part of the question by now. I will move it outside some day, if I don’t forget to do so. There are numberous dependencies for the creation of elements, and error messages are rather confusing if you don’t know of the concept. The objectclass isn’t necessarily dcObject for the databases’ root node, as it is likely to guess when you read several tutoriales. Instead, it must correspond to the object’s type: Here, for a name starting with ou=, it must be organizationalUnit. I found this piece of information in these tables [Link removed due to restriction: Oops! Your edit couldn't be submitted because: We're sorry, but as a spam prevention mechanism, new users can only post a maximum of two hyperlinks. Earn more than 10 reputation to post more hyperlinks. Link is below]. Further on, the object class dictates which properties must and can be added in the record. Here, organizationalUnit must have an ou: entry and must not have neither dc: nor o: entry. The healthy init.ldif file looks like that: dn: ou=webtool,o=myOrg,c=de objectclass: organizationalUnit ou: LDAP server for my webtool dn: cn=ldapadmin,ou=webtool,o=myOrg,c=de objectclass: organizationalRole cn: ldapadmin Note: The page also states: “While many objectClasses show no MUST attributes you must (ouch) follow any hierarchy […] to determine if this is the really case.” I thought that would mean my root record would have to provide the must fields for c= and o= (c: and o:, respectively) but this isn’t the case. Link in answer is (1): http :// www (dot) zytrax (dot) com/books/ldap/ape/ "Appendix E: LDAP - Object Classes and Attributes"

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8  | Next Page >