Search Results

Search found 1428 results on 58 pages for 'pam ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 21/58 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • Use Apache authentication + authorization to control access to Subversion subdirectories

    - by Stefan Lasiewski
    I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files. This works for our Staff. <Location /> DAV svn SVNParentPath /var/svn AuthType Basic AuthBasicProvider ldap # mod_authnz_ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org </Location> Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this: <Location /customerA> DAV svn SVNParentPath /var/svn # mod_authn_file AuthType Basic AuthBasicProvider file AuthUserFile /usr/local/etc/apache22/htpasswd.customerA Require user customerA </Location> I can use Firefox and curl to browse to this folder fine: curl https://svn.example.org/customerA/ --user customerA:password But I cannot use check out this SVN repository: $ svn co https://svn.example.org/customerA/ svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate And on the server logs, I get this strange error: # httpd-access.log 192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401 192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244 # httpd-error.log [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0] [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0] My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.

    Read the article

  • Active Directory: how to be SURE users can change their own passwords?

    - by Latro
    Working on some project where a tool we have has to authenticate against AD connecting via LDAPS and perform password changes if required or requested. IN THEORY, the tool does that, and we have seen it work in other projects. IN PRACTICE, against this particular directory, it fails. Been driving me crazy. The particulars of the situation: Windows 2003 AD Defined a "technical user" for the LDAP connection with rights to change users passwords When password change is required - in this case, because pwdLastSet is 0 - the tool uses the technical account to go, bind to the controller and change the user password. If password change is not required but the user request it, then the bind is done with the user account. That last condition is the one that doesnt work. With the technical user the password change is possible, but with the user itself, it isnt. We get an error like this: LDAP access failed: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1: 0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) no idea what DSID-03190F00 means cause it doesnt seem to be anywhere in google :-/ Been looking at several MS documentation pages and frankly, I'm not understanding one bit of it. There is some "control access right" called User-Change-Password that may, or may not, control what objects have the right to change their own password, which may, or may not, have to do with ACE and ACLs... There is GPO. There is maybe the password policy but it is only set to ask for passwords of 6 chars or more... Can anybody explain to me in easy-to-check steps how can I go and tell the AD admin guy (who is as lost as me) what to do to ensure that users in the AD directory (objectClass top,person,organizationalPerson and user) are able to change their own passwords by themselves? Thanks in advance

    Read the article

  • REMOTE_USER not getting set?

    - by landed
    I am trying to setup LDAP Authentication in Joomla using a plugin called JMapMyLDAP (in fact 4 plugins each doing a different job). I need to pull a part of a string out of the server variable REMOTE_USER and this should be visible (we see here http://timplummer.com.au/4-how-to-integrate-joomla-3-with-active-directory-using-ldap.html) in phpinfo(); The issue is that REMOTE_USER is not set or at least not appearing. A few things to note (if you don't mind) here- conceptually I am not really understanding authentication as a whole subject it appears to be vast despite my years working in websites. Yes I used asp and built php pages to check a user is who they say they are with a token(/session?) that was given to just them and then they are identified when a stateless request is made to the server. Thats my level of understanding. This sounds different to the basic authentication in apache where a password sits in a file and a username and the user needs to login to a basic form to get access to the folder/docs this is via an .htaccess file. Ok so with the LDAP to work I need to get REMOTE_USER this sounds very reasonable as how else do we know is making the request. Thank you.

    Read the article

  • NAS for Mac OS X Server

    - by SamAdmin
    I'm using Mac OS X Server and want to allow the users that connect to their network accounts to store their data on a NAS drive. I want the users to connect to the Lion server as this allows for better policies and management for me and for their afp share to be located on a NAS drive. I've looked into home directories and network logins however I don't want the users to connect into a different login environment, just an authentication against their provided account on the Lion server and for their finder to take them to their own storage area - located on the NAS drive. Currently I am using FreeNAS for both authentication and storage however there are getting to be far too many people to manage each afp share and account, plus just using FreeNAS is extremely limiting for expansion and if something goes wrong with 1 entity the entire system goes down. Using the Lion server for user accounts and policies will be much better for this expanding business. I have looked into LDAP, using the Lion server as an LDAP server to authenticate against for FreeNAS however I have had issues with this and thought a different approach could be better from the other side of the situation... Providing the account with somewhere to store data rather than the afp share authenticating against an LDAP server. I am wrong to try it this way? Is it possible to logically add storage to a Mac OS X Server which can be recognised as a local drive, so can be used for network accounts?

    Read the article

  • How to securely connect to multiple different LDAPS servers (Debian)

    - by Pickle
    I'm trying to connect to multiple different LDAPS servers. A lot of the documentation I've seen recommends setting TLS_REQCERT never, but that strikes me as horribly unsecure to not verify the certificate. So I've set that to demand. All the documentation I've seen says I need to update ldap.conf with a TLS_CACERT directive pointing to a .pem file. I've got that .pem file set up with the certificate from LDAP Server #1, and ldaps connections are happening fine. I've now got to communicate securely with another LDAP server in another branch of my organization, that uses a different certificate. I've seen no documentation on how to do this, except 1 page that says I can simply put multiple (not chained) certificates in the same .pem file. I've done this and everything is working hunky dorey. However, when I told a colleague what I did, he sounded like the sky was falling - putting 2 non-chained certificates into one .pem file is apparently the worst thing since ... ever. Is there a more acceptable way to do this? Or is this the only accepted way?

    Read the article

  • Use Alladin eToken with ThunderBird and other tool

    - by Yurij73
    I'm looking for an example on how to setup the eToken PRO Java device to work with Mozilla Thunderbird and with other Linux tool such as PAM logon. I installed distributed pkiclient-5.00.28-0.i386.RPM from the official product page eToken Pro but that tool only handles importing/exporting certificates on the device. I read a glance an old HOWTO from eToken on Linux, but I couldn't install pkcs11-lib for this device as recommended for Thunderbird use this crypto device. It seems my usb token isn't listed in system, unless lsusb show it, so that is the matter modutil -list -dbdir /etc/pki/nssdb Listing of PKCS #11 Modules NSS Internal PKCS #11 Module Blockquote slots: 2 slots attached Blockquote status: loaded Blockquote slot: NSS User Private Key and Certificate Services Blockquote token: NSS Certificate DB Blockquote CoolKey PKCS #11 Module Blockquote library name: libcoolkeypk11.so Blockquote slots: 1 slot attached Blockquote status: loaded Blockquote slot: AKS ifdh [Main Interface] 00 00 token: is my token absent? on other hand i don't know which module is convenient to Java Pro, does CoolKey does all the job well? It seems Java token is too new hardware for Linux? there is excerpt from /etc/pam_pkcs11.conf #filename of the PKCS #11 module. The default value is "default" use_pkcs11_module = coolkey; screen_savers = gnome-screensaver,xscreensaver,kscreensaver pkcs11_module coolkey { module = libcoolkeypk11.so; description = "Cool Key"`

    Read the article

  • rhel configure: limit root direct login to systems except through system consoles

    - by zhaojing
    I have to configure to limit root direct access except system consoles. That is, the ways of telnet, ftp, SSH are all prohibited. Root can only login through console. I understand that will require me to configure the file /etc/securetty. I have to comment all the tty, just keep "console" in /etc/securetty. But from google, I found many peoples said that configure /etc/securetty will not limit the way of SSH login. From my experiment, I found it is. (configure /etc/securetty won't limit SSH login). And I add one line in /etc/pam.d/system-auth: auth required pam_securetty It seems root SSH login can be prohibited. But I can't find the reason: What is the difference of configure pam_securetty and /etc/securetty? Can anyone help me with this? Only configure /etc/securetty could work? Or Have I to configure pam_securetty at the same time? Thanks a lot!

    Read the article

  • Multiple logins with pam_mount means multiple (redundant) mounts ...

    - by Jamie
    I've configured pam_mount.so to automagically mount a cifs share when users login; the problem is if a user logs into multiple times simultaneously, the mount command is repeated multiple times. This so far isn't a problem but it's messy when you look at the output of a mount command. # mount /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) none on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev type devtmpfs (rw,mode=0755) none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /dev/shm type tmpfs (rw,nosuid,nodev) none on /var/run type tmpfs (rw,nosuid,mode=0755) none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) //srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand) //srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand) //srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand) I'm assuming I need to fiddle with either the pam.d/common-auth file or pam_mount.conf.xml to accomplish this. How can I instruct pam_mount.so to avoid duplicate mountings?

    Read the article

  • ldap integeration in ruby

    - by user163352
    I'm working on integrating ruby with ldap. And it's working fine. Created test.com in ldap and I can bind with it successfully. Then I created a new organizational unit company. Under company there are some users Now I want to bind with the users(authentication) under company organizational unit. I can access the user using Filter.eq But I want to bind with the users. Suggestions plz..

    Read the article

  • Digest authentication using LDAP only

    - by Elephant
    Is there a way to validate digest authentication using LDAP only? I.e. if I have the following request from a client (stealed from Wikipedia): GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="[email protected]", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" could I validate the user against LDAP, meaning if I don't now user password hence is not able to construct a digest hash to compare with the response?

    Read the article

  • GlusterFS with CIFS, quotas and LDAP

    - by lpfavreau
    Has anyone had experience plugging GlusterFS and Openfiler together or something similar? Here is the motivation: Disk space on multiple server regrouped using GlusterFS Centralized access using LDAP/AD and quota management using Openfiler as the GlusterFS client SMB/CIFS server for easy sharing to multiple users on Mac and Windows I know I can have Gluster installed on Openfiler (rPath Linux) successfully but Openfiler seems to be very picky on what it can use as a shared drive. Mounting the Gluster volume inside an existing share does not seem to allow quotas with the mounted folder free space. If this is not possible, is there any alternative to give the same capabilities?

    Read the article

  • Migrating LDAP user and password to SAMBA4 AD

    - by Rudy Dajoh
    As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

    Read the article

  • ldap samba user access issue

    - by ancillary
    I have a samba share that is on the LAN. It is auth'd via ldap. Users access file system via ad windows shares. There are shortcuts in directories that point to dir's on samba. Typically a user will click the shortcut to the smb dir, and will be met with a permission denied error. Upon closing explorer and reopening, it will work. DNS is handled by the domain controller, and that is the only server any of the machines use for DNS. Nothing in eventvwr. Only see successful auth entries in samba log. Any ideas?

    Read the article

  • disallow anonymous bind in openldap

    - by shashank prasad
    Folks, I have followed the instructions here http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html to setup my OpenLdap and its working just fine, except an anonymous user can bind to my server and see the whole user/group structure. LDAP is running over SSL. I have read online that i can add disallow bind_anon and require authc in the slapd.conf file and it will be disabled but there is no slapd.conf file to begin with and since this doesn't use slapd.conf for its configuration as i understand OpenLdap has moved to a cn=config setup so it wont read that file even if i create one. i have looked online without any luck. I believe i need to change something in here olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read but i am not sure what. Any help is appreciated. Thank you! -shashank

    Read the article

  • Import LDIF file to external server

    - by colemanm
    As a follow-up to my previous question, which I've resolved part of, what we're trying to do now is take an exported .ldif file of the "Users" container on our OS X Server and import it into a separate OpenLDAP server on an EC2 instance. This we'll use for LDAP user authentication of other apps without having to open our internal network to LDAP traffic. The exported .ldif file thinks the DN of the "Users" container is cn=users,dc=server,dc=domain,dc=com. Is it easiest to configure the EC2 OpenLDAP server to think that it's domain is the same so the container is imported to the proper place? Or should we edit the text of the .ldif file to change the DN to match the external naming? Hopefully that makes sense... but I'm confused as to the best way to accomplish this.

    Read the article

  • Adding custom attribute to openldap

    - by arukaen
    I am attempting to setup ConTagged - The LDAP Address Book but I am having a few issues with some of the attributes. The problem is that some of them are undefined and they do not seem to be in the inetorgperson.schema. How do I set these custom attributes? For reference, here is the exact error I receive whenever I make a change to a contact. The LDAP server returned the following errors Invalid syntax Undefined attribute type(del anniversary) Undefined attribute type(del marker) Object class violation(mod c) Undefined attribute type(del custom1) Undefined attribute type(del custom2) Undefined attribute type(del custom3) Undefined attribute type(del custom4)

    Read the article

  • Will unbinding a server to an Open Directory Master remove its own file shares

    - by scape
    According to this article: http://support.apple.com/kb/TS3180?viewlocale=en_US I am required to remove the ldap binding of my second Mac OS X Lion server before I set it up as a replica server. I initially set the server up as a replica, or so I thought, and created file shares (it refers to the first server's ACL) before I realized it was never promoted as a replica server. So as of now it's running and shares files with correct ACL permissions but if the Master goes down all the file shares seize up. I want to set it up as a replica so this is not an issue; however, I don't want to lose the file shares and their permissions as I remove the binding and restart the server-- apparently I must remove the ldap binding to the OD Master (also a Mac OS X Lion server) before setting it up as a replica.

    Read the article

  • SSH and Active Directory authentication

    - by disserman
    Is it possible to set up Linux (and Solaris) SSH server to authenticate users in this way: i.e. user john is a member of the group Project1_Developers in the Active Directory. we have something on the server A (running Linux, the server has an access to the AD via i.e. LDAP) in the SSH server LDAP (or other module) authentication config like root=Project1_Developers,Company_NIX_Admins. when john connects to the server A using his username "john" and domain password, the server checks the john's group in the domain and if the group is "Project1_Developers" or "Company_NIX_Admins", makes him locally as a root with a root privileges. The idea is also to have only a "root" and a system users on the server, without adding user "john" to all servers where John can log in. Any help or the idea how to make the above or something similar to the above? Preferred using AD but any other similar solution is also possible. p.s. please don't open a discussions is it secure to login via ssh as root or not, thanks :)

    Read the article

  • OpenLDAP RHEL 6

    - by AndyM
    Hi all I've been configuring OpenLDAP on RHEL 6 and its seems you have run the following to rebuild the config dirs. I'm ok with that , but my issues is , say I want to change the server passwd , do I have to go through the whole process every time I change the config ? Is there a way of changing the slapd config after its been built using the RHEL6 method ? below is the advice I've found on the net from http://www.linuxtopia.org/online_books/rhel6/rhel_6_migration_guide/rhel_6_migration_ch07s03.html This example assumes that the file to convert from the old slapd configuration is located at /etc/openldap/slapd.conf and the new directory for OpenLDAP configuration is located at /etc/openldap/slapd.d/. Remove the contents of the new /etc/openldap/slapd.d/ directory: rm -rf /etc/openldap/slapd.d/* Run slaptest to check the validity of the configuration file and specify the new configuration directory: slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d Configure permissions on the new directory: chown -R ldap:ldap /etc/openldap/slapd.d chmod -R 000 /etc/openldap/slapd.d chmod -R u+rwX /etc/openldap/slapd.d

    Read the article

  • Lookup Active Directory entry by implicit UPN

    - by Michael-O
    In our company exists a forest-wide UPN suffix company.com and almost all user accounts have the explicit UPN set to [email protected]. This value is also set in the Active Directory userPrincipalName attribute. Now we have an application where users perform authentication through Kerberos. So we are given the Kerberos principal, i.e. implicit UPN. We'd like to look up that user and retrieve several LDAP attributes. Since iUPN and userPrincipalName do not match anymore, the lookup is not possible. Is there any "official" way to retrieve a mapping from the Active Direcory? My workaround is to perform a LDAP bind against the realm component and search for the sAMAccountName attribute which matches the user id component of the iUPN. Searching for the mere sAMAccountName in the forest is not possible because the value is unique in the domain only.

    Read the article

  • ssh login fails for user with empty password

    - by Reid
    How do you enable ssh login on OS X 10.8 (Mountain Lion) for a user with an empty password? I've seen others asking this question, and like me it's for the same reason: a parent who can't deal with passwords. So "set a password" is not an option. I found references to adding "nullok" to various PAM config files. Didn't work. Found sshd config "PermitEmptyPasswords yes". Didn't work. I've done a diff on "ssh -vvv" between a successful ssh with a password-enabled account and the one with no password. 54,55c54,55 < debug2: dh_gen_key: priv key bits set: 133/256 < debug2: bits set: 533/1024 --- > debug2: dh_gen_key: priv key bits set: 140/256 > debug2: bits set: 508/1024 67c67 < debug2: bits set: 509/1024 --- > debug2: bits set: 516/1024 79c79 < debug2: key: /Users/rae/.ssh/rae (0x7f9a0241e2c0) --- > debug2: key: /Users/rae/.ssh/rae (0x7f81e0c1e2c0) 90,116c90,224 < debug1: Authentications that can continue: publickey,keyboard-interactive < debug2: we did not send a packet, disable method < debug3: authmethod_lookup keyboard-interactive < debug3: remaining preferred: password < debug3: authmethod_is_enabled keyboard-interactive < debug1: Next authentication method: keyboard-interactive < debug2: userauth_kbdint < debug2: we sent a keyboard-interactive packet, wait for reply < debug2: input_userauth_info_req < debug2: input_userauth_info_req: num_prompts 1 < debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) < debug1: Authentications that can continue: publickey,keyboard-interactive < debug2: userauth_kbdint < debug2: we sent a keyboard-interactive packet, wait for reply < debug2: input_userauth_info_req < debug2: input_userauth_info_req: num_prompts 1 < debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) < debug1: Authentications that can continue: publickey,keyboard-interactive < debug2: userauth_kbdint < debug2: we sent a keyboard-interactive packet, wait for reply < debug2: input_userauth_info_req < debug2: input_userauth_info_req: num_prompts 1 < debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) < debug1: Authentications that can continue: publickey,keyboard-interactive < debug2: we did not send a packet, disable method < debug1: No more authentication methods to try. < Permission denied (publickey,keyboard-interactive). --- > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug2: input_userauth_pk_ok: fp 6e:02:20:63:48:6a:08:99:b8:5f:12:d8:d5:3d:e1:fb > debug3: sign_and_send_pubkey: DSA 6e:02:20:63:48:6a:08:99:b8:5f:12:d8:d5:3d:e1:fb > debug1: read PEM private key done: type DSA > debug1: Authentication succeeded (publickey). > Authenticated to cme-mini.local ([192.168.1.5]:22). > debug2: fd 7 setting O_NONBLOCK > debug3: fd 8 is O_NONBLOCK > debug1: channel 0: new [client-session] > debug3: ssh_session2_open: channel_new: 0 > debug2: channel 0: send open > debug1: Requesting [email protected] > debug1: Entering interactive session. > debug2: callback start > debug2: client_session2_setup: id 0 > debug2: fd 5 setting TCP_NODELAY > debug2: channel 0: request pty-req confirm 1 > debug1: Sending environment.

    Read the article

  • from svn to git (+ LDAP + password-less updates + passworded access control)

    - by Jayen
    We have an SVN setup and there are some things we dislike about it and some things we like about it. We want to move to git, but we're not sure exactly what setup will work for us. We're currently using SVN (w/ Authz) + Apache (w/ WebDAV & LDAP). Hook to update the live site [like] Live site update requires no additional interaction [like] Live site update uses stored password [dislike] Commits require centralized-password authentication [like] Commit from live site changes stored credentials [dislike] Access control (per repository) for commits [like] Point 5 above is the one that keeps stuffing us up. Someone makes a commit from the live site and then the hook breaks. We're thinking to use gitosis/gitolite to get access control, but as they use ssh keys, we won't be requiring passwords. We're also thinking to use git-http-backend, and use Apache for authentication, but then do we lose access control? Can the live site be automatically updated from a hook if Apache requires authentication? Can we combine git-http-backend and gitosis/gitolite somehow? Can we store http credentials with git?

    Read the article

  • Openfire and LDAP issues

    - by clsmith
    Thanks in advance for the help. Has anyone see this issue with openfire? Currently I use Openfire Fedora with Auth using windows 2003 and also use mysql for the database. When I bring up two clients and talk to each other the time is slow between messages. Sometimes it can take between 5-15 minutes for something sent to get to the person (this is with only two people on the openfire server). I ran a tcp dump using port 389 and see that the machine is running thousands of queries against ldap. When i plug it into wireshark I notice that it is transferring the entire contact list or checking on the status of the entire contact list ? When I run debug on openfire itself I am presented with only this small message in the log: 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Trying to find a groups's DN based on it's groupname. cn: Spark agents CLT, Base DN: OU="Hidden",DC="Hidden",DC="net"... 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished 2010.06.08 07:01:17 LdapManager: Trying to find a groups's DN based on it's groupname. cn: Spark agents CLT, Base DN: OU="Hidden",DC="Hidden",DC="net"... 2010.06.08 07:01:17 LdapManager: Creating a DirContext in LdapManager.getContext()... 2010.06.08 07:01:17 LdapManager: Created hashtable with context values, attempting to create context... 2010.06.08 07:01:17 LdapManager: ... context created successfully, returning. 2010.06.08 07:01:17 LdapManager: Starting LDAP search... 2010.06.08 07:01:17 LdapManager: ... search finished I thought this was a configuration on my end and started to look into the cache settings on the openfire webpages. I tweaked the settings as recommend by the pages and still get the same issues. I doesnt seem to cache the contact list or this might be a feature never fixed or implemented. Has anyone gone through this before ? I have searched online and I see others have great experience with openfire with no issues like I have, or is it because noone checked the queries ? For the time being I created a new Domain Controller and moved openfire to that computer so it can run local queries. This seems to help reduce the speed alot, but when I run the server performance manager tool I see that with two people only using that openfire server I run 593.7 request per second. Thanks for your help, if I didnt provide enough data please let me know what you need and I can find it.

    Read the article

  • Can ZFS ACL's be used over NFSv3 on host without /etc/group?

    - by Sandra
    Question at the bottom. Background My server setup is shown below, where I have an LDAP host which have a group called group1 that contains user1, user2. The NAS is FreeBSD 8.3 with ZFS with one zpool and a volume. serv1 gets /etc/passwd and /etc/group from the LDAP host. serv2 gets /etc/passwd from the LDAP host and /etc/group is local and read only. Hence it doesn't not know anything about which groups the LDAP have. Both servers connect to the NAS with NFS 3. What I would like to achieve I would like to be able to create/modify groups in LDAP to allow/deny users read/write access to NFS 3 shared directories on the NAS. Example: group1 should have read/write to /zfs/vol1/project1 and nothing more. Question The problem is that serv2 doesn't have a LDAP controlled /etc/group file. So the only way I can think of to solve this is to use ZFS permissions with inheritance, but I can't figure out how and what the permissions I shall set. Does someone know if this can be solved at all, and if so, any suggestions? +----------------------+ | LDAP | | group1: user1, user2 | +----------------------+ | | | |ldap |ldap |ldap | v | | +-----------+ | | | NAS | | | | /zfs/vol1 | | | +-----------+ | | ^ ^ | | |nfs3 |nfs3| v | | v +-----------------------+ +----------------------------+ | serv1 | | serv2 | | /etc/passwd from LDAP | | /etc/passwd from LDAP | | /etc/group from LDAP | | /etc/group local/read only | +-----------------------+ +----------------------------+

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >