Search Results

Search found 1428 results on 58 pages for 'pam ldap'.

Page 20/58 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

• pam_tty_audit and non privileged users

  - by Jeff

  I'm working on a cents 6.3 box and am trying to log all commands executed from a bash shell and came across pam_tty_audit. I've added the appropriate line to my /etc/pam.d/system-auth file: "session required pam_tty_audit.so enable=*" The problem is that it does not appear to capture commands unless a user is root. For example, if i ssh in as root it logs everything to the audit log, but if I ssh as a regular user it does not start logging anything until after I have su to root. Any ideas?

  Read the article

• sudo taking long time

  - by Sam

  On a Ubuntu 9 64bit Linux machine, sudo takes longer time to start. "sudo echo hi" takes 2-3 minutes. strace on sudo tells poll("/etc/pam.d/system-auth", POLLIN) timesout after 5 seconds and there are multiple calls(may be a loop) to same system call (which causes 2-3min delay). Any idea why sudo has to wait for /etc/pam.d/system-auth? Any tunable to make sudo to timeout faster? Thanks Samuel

  Read the article

• How do I permanently delete /var/log/lastlog?

  - by GregB

  My /var/log/lastlog file is huge. I know it's really only a few kilobytes, but tar isn't smart enough to know that, so when I image a virtual machine, my restore fails because it thinks I'm trying to load more data than I have capacity on my disk. I want to delete /var/log/lastlog and stop any and all logging to the file. I'm aware of the security implications. This logging needs to stop to preserve my backup strategy. I've made a change to /etc/pam.d/login which I was told would disable logging to /var/log/lastlog, but it does not appear to work as /var/log/lastlog keeps growing. # Prints the last login info upon succesful login # (Replaces the `LASTLOG_ENAB' option from login.defs) #session optional pam_lastlog.so Any ideas? EDIT For anyone interested, I use Centrify Express to authenticate my users via LDAP. Centrify Express is "free", but one of the drawbacks is that I can't manage user UIDs via LDAP, so they are given a dynamic UID when they login to a server. Centrify picks some crazy high UID values (so they don't conflict with local users on the server, presumably). /var/log/lastlog is indexed by UID, and grows to accommodate the largest UID on the system. This means that when a Centrify user logs in, they get a UID in the upper-end of the UID range, which causes lastlog to allocate an obscene amount of space, according to the file system. ~$ ll /var/log/lastlog -rw-rw-r-- 1 root root 291487675780 Apr 10 16:37 /var/log/lastlog ~$ du -h /var/log/lastlog 20K /var/log/lastlog More Into --- Sparse Files

  Read the article

• How to configure Spring Security PasswordComparisonAuthenticator

  - by denlab

  I can bind to an embedded ldap server on my local machine with the following bean: <b:bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userSearch"> <b:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <b:constructor-arg index="0" value="ou=people"/> <b:constructor-arg index="1" value="(uid={0})"/> <b:constructor-arg index="2" ref="contextSource" /> </b:bean> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> however, when I try to authenticate with a PasswordComparisonAuthenticator it repeatedly fails on a bad credentials event: <b:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userDnPatterns"> <b:list> <b:value>uid={0},ou=people</b:value> </b:list> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> Through debugging, I can see that the authenticate method picks up the DN from the ldif file, but then tries to compare the passwords, however, it's using the LdapShaPasswordEncoder (the default one) where the password is stored in plaintext in the file, and this is where the authentication fails. Here's the authentication manager bean referencing the preferred authentication bean: <authentication-manager> <authentication-provider ref="ldapAuthProvider"/> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="md5" base64="true"> <salt-source system-wide="secret"/> </password-encoder> </authentication-provider> </authentication-manager> On a side note, whether I set the password-encoder on ldapAuthProvider to plaintext or just leave it blank, doesn't seem to make a difference. Any help would be greatly appreciated. Thanks

  Read the article

• Failed Administrator login on WSO2 IS with external OpenLDAP

  - by Marco Rivadeneyra

  I have an installation of WSO2 Identity Server and I'm trying to make it work with an external OpenLDAP instance I have followed this guide: http://wso2.org/project/solutions/identity/3.2.3/docs/user-core/admin_guide.html#LDAP For the read-only mode. But when I try to log-in I get a failed login and the following error on the console: TID: [0] [WSO2 Identity Server] [2012-08-10 17:10:25,493] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'john[0]' at [2012-08-10 17:10:25,0493] from IP address 127.0.0.1 {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} Full log: http://pastebin.com/pHUGXBqv My configuration file looks as follows: <UserManager> <Realm> <Configuration> <AdminRole>admin</AdminRole> <AdminUser> <UserName>john</UserName> <Password>johnldap</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <ReadOnly>true</ReadOnly> <MaxUserNameListLength>500</MaxUserNameListLength> <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property> <Property name="userName">wso2carbon</Property> <Property name="password">wso2carbon</Property> <Property name="driverName">org.h2.Driver</Property> <Property name="maxActive">50</Property> <Property name="maxWait">60000</Property> <Property name="minIdle">5</Property> </Configuration> <UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> <Property name="ReadOnly">true</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://192.168.81.144:389</Property> <Property name="ConnectionName">cn=admin,dc=example,dc=com</Property> <Property name="ConnectionPassword">admin</Property> <Property name="UserSearchBase">ou=People,dc=example,dc=com</Property> <Property name="UserNameListFilter">(objectClass=inetOrgPerson)</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadLDAPGroups">false</Property> <Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property> <Property name="GroupSearchFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameAttribute">uid</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"></AuthorizationManager> </Realm> I followed this guide to configure my LDAP server up to Loggging: https://help.ubuntu.com/12.04/serverguide/openldap-server.html Could you suggest what might be wrong? The LDAP log is available at: http://pastebin.com/T9rFYEAW

  Read the article

• LDAP SSL connect problem

  - by juergen

  I set up a test domain for my LDAP SSL tests and it is not working. I am using Windows Server 2008 R2 SP 1. I came so far: 1. i generated and installed my self signed certificate on the test domain controller 2. on the server i can log into ldap over SSL with the MS ldp.exe tool. 3. using ldp.exe on a client that is no in this domain the login fails with error 0x51 = "failed to connect". (i don't have a client computer that is in this domain right now) 4. I testet the certificate by using it in the IIS on the test server and I can reach the default page of the test server over SSL. (from the client that is not in the domain) 5. analysing the traffic between client and server I can see that the server is sending a certificate to the client. why isn't this working on my client computer?

  Read the article

• Error: Only LDAP Connection Strings are Supported against Active Directory

  - by Brent Pabst

  I have the following ASP.NET Membership section defined in the Web.config file: <membership defaultProvider="AspNetActiveDirectoryMembershipProvider"> <providers> <clear/> <add connectionStringName="ADService" connectionUsername="umanage" connectionPassword="letmein" enablePasswordReset="true" enableSearchMethods="true" applicationName="uManage" clientSearchTimeout="30" serverSearchTimeout="30" name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> The Connection string looks like this: <add name="ADService" connectionString="ldap://familynet.local" /> Whenever I call the following code: Membership.GetAllUsers(); I get the following error: Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: Only LDAP connection strings are supported against Active Directory and ADAM. I don't understand why the system is claiming the LDAP connection string is bad because it is in fact a valid LDAP string as specified by the MSDN documentation. http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx Any ideas?

  Read the article

• XServe won't let me log in

  - by niklassaers

  Hi guys, After a power-failure, my Xserve won't let me log in on the login screen. I can still SSH into the box and access its other services, but the login box just shakes when I write either a local username and password or an ldap based username and password (this server is the LDAP server). Any suggestions on how I can go about solving this problem? Cheers Nik

  Read the article

• Persuading openldap to work with SSL on Ubuntu with cn=config

  - by Roger

  I simply cannot get this (TLS connection to openldap) to work and would appreciate some assistance. I have a working openldap server on ubuntu 10.04 LTS, it is configured to use cn=config and most of the info I can find for TLS seems to use the older slapd.conf file :-( I've been largely following the instructions here https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html plus stuff I've read here and elsewhere - which of course could be part of the problem as I don't totally understand all of this yet! I have created an ssl.ldif file as follows; dn:cn=config add: olcTLSCipherSuite olcTLSCipherSuite: TLSV1+RSA:!NULL add: olcTLSCRLCheck olcTLSCRLCheck: none add: olcTLSVerifyClient olcTLSVerifyClient: never add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/ldap_cacert.pem add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/my.domain.com_slapd_cert.pem add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/my.domain.com_slapd_key.pem and I import it using the following command line ldapmodify -x -D cn=admin,dc=mydomain,dc=com -W -f ssl.ldif I have edited /etc/default/slapd so that it has the following services line; SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" And everytime I'm making a change, I'm restarting slapd with /etc/init.d/slapd restart The following command line to test out the non TLS connection works fine; ldapsearch -d 9 -D cn=admin,dc=mydomain,dc=com -w mypassword \ -b dc=mydomain,dc=com -H "ldap://mydomain.com" "cn=roger*" But when I switch to ldaps using this command line; ldapsearch -d 9 -D cn=admin,dc=mydomain,dc=com -w mypassword \ -b dc=mydomain,dc=com -H "ldaps://mydomain.com" "cn=roger*" This is what I get; ldap_url_parse_ext(ldaps://mydomain.com) ldap_create ldap_url_parse_ext(ldaps://mydomain.com:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP mydomain.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: can't connect: A TLS packet with unexpected length was received.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Now if I check netstat -al I can see; tcp 0 0 *:www *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:https *:* LISTEN tcp 0 0 *:ldaps *:* LISTEN tcp 0 0 *:ldap *:* LISTEN I'm not sure if this is significant as well ... I suspect it is; openssl s_client -connect mydomain.com:636 -showcerts CONNECTED(00000003) 916:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: I think I've made all my certificates etc OK and here are the results of some checks; If I do this; certtool -e --infile /etc/ssl/certs/ldap_cacert.pem I get Chain verification output: Verified. certtool -e --infile /etc/ssl/certs/mydomain.com_slapd_cert.pem Gives "certtool: the last certificate is not self signed" but it otherwise seems OK? Where have I gone wrong? Surely getting openldap to run securely on ubuntu should be easy and not require a degree in rocket science! Any ideas?

  Read the article

• openldap-servers-2.2.13-12.el4_8.2 RHEL 4 err=6

  - by coderwhiz

  I have been seeing these following error codes on our LDAP server: zgrep -o err=[0-9]* ldap.log.1.gz | sort | uniq -c 106664 err=0 146 err=16 288 err=4 29 err=49 8106 err=6 Can someone explain what err=6 is exactly and if its a big problem? I have been seeing lately some failures to authenticate and wonder if it is related to these errors? I have seen a possible timeout problem in the 2.2 Code base and not sure if theres a patch or if I would have to upgrade to the latest openldap version? thanks kosta

  Read the article

• How do I configure Reverse Group Membership Maintenance on an openldap server? (memberOf)

  - by emills

  I am currently working on integrating LDAP authentication into a system and I would like to restrict access based on LDAP group. The only way to do this is via a search filter and therefore I believe my only option to be the use of the "memberOf" attribute in my search filter. It is my understanding that the "memberOf" attribute is an operational attribute which can be created by the server for me anytime a new "member" attribute is created for any "groupOfNames" entry on the server. My main goal is to be able to add a "member" attribute to an existing "groupOfNames" entry and have a matching "memberOf" attribute be added to the DN I provide. What I have managed to achieve so far: I'm still pretty new to LDAP administration but based on what I found in the openldap admin's guide, it looks like Reverse Group Membership Maintence aka "memberof overlay" would achieve exactly the effect I am looking for. My server is currently running a package installation (slapd on ubuntu) of openldap 2.4.15 which uses "cn=config" style runtime configuration. Most of the examples I have found still reference the older "slapd.conf" method of static configuration and I have tried my best to adapt the configurations to the new directory based model. I have added the following entries to enable the memberof overlay module: Enable the module with olcModuleLoad cn=config/cn\=module\{0\}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}memberof.la structuralObjectClass: olcModuleList entryUUID: a410ce98-3fdf-102e-82cf-59ccb6b4d60d creatorsName: cn=config createTimestamp: 20090927183056Z entryCSN: 20091009174548.503911Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20091009174548Z Enabled the overlay for the database and allowed it to use it's default settings (groupOfNames,member,memberOf,etc) cn=config/olcDatabase={1}hdb/olcOverlay\=\{0\}memberof dn: olcOverlay={0}memberof objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 6d599084-490c-102e-80f6-f1a5d50be388 creatorsName: cn=admin,cn=config createTimestamp: 20091009104412Z olcMemberOfRefInt: TRUE entryCSN: 20091009173500.139380Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20091009173500Z My current result: By using the above configuration, I am able to add a NEW "groupOfNames" with any number of "member" entries and have all the involved DNs updated with a "memberOf" attribute. This is part of the behavior I would expect. While I believe the following should have been accomplished with the memberof overlay, I still do not know how to do the following and I would gladly welcome any advice: Add a "member" attribute to an EXISTING "groupOfNames" and have a corresponding "memberOf" attribute be created automatically. Remove a "member" attribute and have the corresponding "memberOf" attribute" be removed automatically.

  Read the article

• ????????

  - by ???02

  ???????????????????????????????????????????????????????????·?????????????????????????????·???????????????????????????????????????????????Oracle Directory Server Enterprise Edition?Oracle Internet Directory?Oracle Virtual Directory???3?????????·???????????????Oracle Directory Server Enterprise Edition -- ??????????????·????Oracle Directory Server Enterprise Edition(ODSEE???Sun Directory Server Enterprise Edition)????????????????????????????????????????????·????????????????????????????????????·?????????????????????????????????????????????????????????????????????????????????????????????????(1)10???????40????????????(2)???????????????????(3)Web????????????????:???????????????????????????????????(4)?????????????????????????????(CoS : Class of Service)?????????(5)????????????????????(6)??????·?????????????????????Oracle Internet Directory -- ????????????LDAP????Oracle Internet Directory (??OID )??LDAPv3 ???????????????????Oracle Database??????????????????????????????????????????????(Database Vault)????????(Transparent Data Encryption)??????????????????????????????????????????????????????????·?????????????????????????????(1)LDAP v3???????????·????(2)??????????????????????????(3)LDAP?(?????????)????????(??????)??????????????????????????????(4)ID??????????????????????????????????(5)Active Directory???ID??????????????????????????????????Oracle Virtual Directory -- ???ID?????(LDAP?DB)???????Oracle Virtual Directory (?? OVD )??LDAPv3 ?????????????Virtual (??) ???????????????????????????OVD ???????????????????? LDAP ???????????????????????????????????????????1?? LDAP ????????????????????????????LDAP ??????????????????????????????ID???????????????????????????????????????????????????????????????(1)LDAP v3???????????·????(2)???ID????????????????????????(3)????????????????????????????????????????(4)??????(SQL Server, DB2, Oracle Database)???????(Active Directory, Novel eDirectory, OID)??????????ID??????LDAP????(5)????????1???????????????????ID???????????????????? ?????? Oracle Direct

  Read the article

• how to build openvpn without libpam?

  - by hugemeow

  Since I have no root privilege to install libpam, I failed to run ./configure. So is there any method with which I can build openvpn without libpam? checking for OPENSSL_CRYPTO... yes checking for OPENSSL_SSL... yes checking for EVP_CIPHER_CTX_set_key_length... yes checking for ENGINE_load_builtin_engines... yes checking for ENGINE_register_all_complete... yes checking for ENGINE_cleanup... yes checking for ssl_init in -lpolarssl... no checking for aes_crypt_cbc in -lpolarssl... no checking for lzo1x_1_15_compress in -llzo2... no checking for lzo1x_1_15_compress in -llzo... no checking for PKCS11_HELPER... no checking git checkout... yes configure: error: libpam required but missing What's more, why I cannot disable libpam option? [mirror@innov openvpn]$ ./configure --help | grep libpam --enable-pam-dlopen dlopen libpam [default=no] C compiler flags for libpam LIBPAM_LIBS linker flags for libpam

  Read the article

• Why won't vsftpd let me log in with a virtual user account?

  - by Ramon

  I would like to use vsftpd with virtual users and pam_pwdfile.so. I installed vsftpd and added two users (ramon and dragon) via htpasswd to my file /etc/vsftpd.passwd. The /etc/pam.d/vsftpd is configured to use this file. auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_pwdfile.so pwdfile /etc/vsftpd.passwd account required pam_permit.so @include common-account @include common-session The user "ramon" is also available in /etc/passwd. A login to the ftp with the user "ramon" works as expected. But a login using "dragon" does not :/ The result is always Login failed: 530 Login incorrect. Since it's possible that I made a mistake I tried the exact way documented in /usr/share/doc/vsftpd/examples/VIRTUAL_USERS/README. Still no luck. I can login with the user "ramon", but not with the user "dragon". Any ideas?

  Read the article

• How Can I Restrict VSFTPD to a Particular Local Group?

  - by Aaron Copley

  I'd like to control VSFTPD access by adding users to a group such that only members of the defined group can access the FTP services. I am thinking I can do this by modifying /etc/pam.d/vsftpd, but am not sure how to get started. Or is this only for virtual users in VSFTPD? I am aware of user_list and this does not seem to support groups. This doesn't provide the function I am looking for which is described above. If I am mistaken though this would be great. Thanks, Aaron

  Read the article

• How to increase max FD limit for a daemon process running under a headless user?

  - by Ameliorator

  To increase the FD limit for a daemon process running under a headless user on a Ubuntu Linux machine we did following changes in /etc/security/limits.conf soft nofile 10000 hard nofile 10000 We also added session required pam_limits.so in /etc/pam.d/login. The changes got reflected for all the users who logged out and logged in again. Whatever new processes are starting under those users are getting new FD limits. But for the daemon which is running under a headless user the changes are not getting reflected. what is the way by which the changes can be reflected for the daemon which is running under headless user ?

  Read the article

• Is giving read permissions on /etc/shadow to apache user a wise decision from security point of view?

  - by Czar

  I have to use PAM authentication for DAV SVN, but when everything is configured as specified in mod_auth_pam documentation, authentication does not work. After some research I realized, that for this to work, httpd should be running under root user (which I don't like and won't implement) or apache user (under which httpd is running by default) should have permissions to read /etc/shadow file. So there is a pair of questions connected to each other which I want to ask: Is giving this permition to apache user a wise decision from security point of view? If answer to the first question is "yes", what is the correct way to do so? For now I've done following: groupadd shadow usermod -G shadow apache chmod g+r /etc/shadow Another way I can come up with is using acl: setfacl -m u:apache:r /etc/shadow Note: OS is Fedora 14 x86_64 (kernel: 2.6.35.11) httpd v2.2.17 mod_auth_pam v1.1.1

  Read the article

• How to deny access to disabled AD accounts via kerberos in pam_krb5?

  - by Phil

  I have a working AD/Linux/LDAP/KRB5 directory and authentication setup, with one small problem. When an account is disabled, SSH publickey authentication still allows user login. It's clear that kerberos clients can identify a disabled account, as kinit and kpasswd return "Clients credentials have been revoked" with no further password / interaction. Can PAM be configured (with "UsePAM yes" in sshd_config) to disallow logins for disabled accounts, where authentication is done by publickey? This doesn't seem to work: account [default=bad success=ok user_unknown=ignore] pam_krb5.so Please don't introduce winbind in your answer - we don't use it.

  Read the article

• Easily manage vsftpd virtual users?

  - by Phil

  I have a vsftpd server configured with many virtual users. logins are stored in a Berkeley DB file One configuration file exists for each user to define his permissions (read-only or read-write, home directory, etc.). To do that, I use the user_config_dir parameter (set in vsftpd.conf). I am wondering if it would be possible to manage these virtual users from a simple GUI (such as web interface). I have found some tools but they are limited to generic vsftpd configuration, not virtual users management. Otherwise, PAM-MySQL seems to be a good way to manage users efficiently but only username/password and logs can be stored in database, not permissions. Finally, I've found this thread, but the solution is a bit awkward... Is there any way to easily manage the vsftpd users ?

  Read the article

• django: caching passwords for custom authentication

  - by gruszczy

  I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

  Read the article

• Can't modify constant item in scalar assignment

  - by joe

  sub new { my $class = shift; my $ldap_obj = Net::LDAP->new( 'test.company.com' ) or die "$@"; my $self = { _ldap = $ldap_obj, _dn ='dc=users,dc=ldap,dc=company,dc=com', _dn_login = 'dc=login,dc=ldap,dc=company,dc=com', _description ='company', }; # Print all the values just for clarification. bless $self, $class; return $self; } what is wrong on this code : i got this error Can't modify constant item in scalar assignment at Core.pm line 12, near "$ldap_obj,"

  Read the article

• OpenLDAP, howto allow both secure (TLS) and unsecure (normal) connections?

  - by Mikael Roos

  Installed OpenLDAP 2.4 on FreeBSD 8.1. It works for ordinary connections OR for TLS connections. I can change it by (un)commenting the following lines in slapd.conf. # Enable TLS #security ssf=128 # Disable TLS security ssf=0 Is there a way to allow the clients to connect using TLS OR no-TLS? Can the ldap-server be configured to support both TLS connections and no-TLS connections? Tried to find the information in the manual, but failed: http://www.openldap.org/doc/admin24/access-control.html#Granting%20and%20Denying%20access%20based%20on%20security%20strength%20factors%20(ssf) http://www.openldap.org/doc/admin24/tls.html#Server%20Configuration Tried to read up on 'security' in manualpage for ldap.conf, didn't find the info there either. I guess I need to configure the 'secure' with some negotiation mechanism, "try to use TLS if client has it, otherwise continue using no-TLS". Connecting with a client (when slapd.conf is configure to use TLS): gm# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required gm# ldapsearch -Z -x -b '' -s base '(objectclass=*)' namingContexts (this works, -Z makes a TLS connection) So, can I have my ldap-server supporting client connections using TLS and ordinary (no-TLS) connections? Thanx in advance.

  Read the article

• Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)

  - by Tom O'Connor

  The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it. What we'd like to do is get a Windows 7 workstation to auth completely against Open Directory. We tried setting it up as an NT4 type PDC, and that doesn't work satisfactorily. We tried using pGina and the LDAP backend, which allows Authentication, but has no support for Authorization, and as a result, if we mount an NFS Share, the user has the rights to do anything they damn well please. Not ideal for security (Totally bloody unacceptable, actually). We tried using a Samba server (newer version than on the Open Directory Server) as an intermediate, so that it knows about the LDAP server on the OD Server, but uses Samba 4 instead of v3. That didn't work either. We could login, but couldn't mount, and if we did, we had the same rights as with pGina. If we right-click the mounted drive in Windows, and have a look at NFS UID, it returns -2, not the correct (mapped) UID. So the final plan I've got is to use an Active Directory, inside a Windows 2008R2 Virtual Machine. What I want to achieve is to have the Active Directory sync it's user data from OpenDirectory (read-only would be fine). That way, we'd have the ability to connect Windows 7 clients to a "virtual domain" which would actually just grab information from OD's LDAP. All the information I've found is about how to go the other way. Does anyone know how we can do this?

  Read the article

• Listing group members using ldapsearch

  - by colemanm

  Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

  Read the article

• Listing group members using ldapsearch

  - by colemanm

  Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

  Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >