Search Results

Search found 3423 results on 137 pages for 'mod authz ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/137 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • arch openldap authentication failure

    - by nonus25
    I setup the openldap, all look fine but i cant setup authentication, #getent shadow | grep user user:*::::::: tuser:*::::::: tuser2:*::::::: #getent passwd | grep user git:!:999:999:git daemon user:/:/bin/bash user:x:10000:2000:Test User:/home/user/:/bin/zsh tuser:x:10000:2000:Test User:/home/user/:/bin/zsh tuser2:x:10002:2000:Test User:/home/tuser2/:/bin/zsh from root i can login as a one of these users #su - tuser2 su: warning: cannot change directory to /home/tuser2/: No such file or directory 10:24 tuser2@juliet:/root i cant login via ssh also passwd is not working #ldapwhoami -h 10.121.3.10 -D "uid=user,ou=People,dc=xcl,dc=ie" ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed 10:30 root@juliet:~ #ldapwhoami -h 10.121.3.10 -D "uid=user,ou=People,dc=xcl,dc=ie" -W Enter LDAP Password: ldap_bind: Invalid credentials (49) typed password by me is correct /etc/openldap/slapd.conf access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to * by self write by users read by anonymous read access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by users read by anonymous auth access to attrs=userPassword,gecos,description,loginShell by self write access to attrs="userPassword" by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by anonymous auth by self write by * none access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by dn="uid=achmiel,ou=People,dc=xcl,dc=ie" write by * search access to attrs=userPassword by self =w by anonymous auth access to * by self write by users read database hdb suffix "dc=xcl,dc=ie" rootdn "cn=root,dc=xcl,dc=ie" rootpw "{SSHA}AM14+..." there are some parts of that conf file /etc/openldap/ldap.conf looks : BASE dc=xcl,dc=ie URI ldap://192.168.10.156/ TLS_REQCERT allow TIMELIMIT 2 so my question is what i am missing that ldap not allow me login by using password ?

    Read the article

  • The Story of secure user-authentication in squid

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry if the story is boring and messy, but most of it is real! =) /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • secure user-authentication in squid

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry for this boring and messy story! /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • secure user-authentication in squid: The Story

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry for this boring and messy story! /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • Simple NAS setup for Ubuntu

    - by Sean Houlihane
    So, I want to connect my shiny new NAS (QNAP TS-210p II) to my Ubuntu 11.10 box. I have a 2nd Ubuntu machine, but I don't use that enough to be too worried about it. Use is ideally to offload all storage except for system (which can then run off a 30GB flash drive). The main machine also runs Myth front/backends. Both are on a wired network currently. I have got a basic setup working, mounted over NFS, but have some issues, and whenever I look for answers, I seem to get unto the UbuntuServer domain, with what seems like more detail than I want in an answer. Questions I have identified so far: 1) Sharing UIDs to get file permissions correct. LDAP or something else? What is necessary to make this work? 2) Mounting an NFS device reliably. Do I just add it in fstab or is some sort of auto-mount advisable? Its a wired network, but I shouldn't need to worry about reboot after power-outages and sequencing...

    Read the article

  • NFS users getting a laggy GUI expierence

    - by elzilrac
    I am setting up a system (ubuntu 12.04) that uses ldap, pam, and autofs to load users and their home folders from a remote server. One of the options for login is sitting down at the machine and starting a GUI session. Programs such as chormium (browser) that preform many read/write operations in the ~/.cache and ~/.config files are slowing down the GUI experience as well as putting strain of the NFS server that is causing other users to have problems. Ubuntu had the handy-dandy XDG_CONFIG_HOME and XDG_CACHE_HOME variables that can be set to change the default location of .cache and .config from the home folder to somewhere else. There are several places to set them, but most of them are not optimal. /etc/environment pros: will work across all shells cons: cannot use variables like $USER so that you can't make users have different new locations for .cache and .config. Every users' new location would be the same directory. /etc/bash.bashrc pros: $USER works, so you can place them in different folders cons: only gets run for bash compatible shells ~/.pam_environment pros: works regardless of shell cons: cannot use system variables (like $USER), has it's own syntax, and has to be created for every user

    Read the article

  • Setup LDAP In WAMP

    - by Cory Dee
    I'm having a really tough time getting the LDAP extensions to work in PHP on a WAMP server. Here is what I've done: Went to C:\Program Files\Apache Software Foundation\Apache2.2\modules and made sure that mod_ldap.so exists. I've gone into C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf and made sure that this line is not commented out: LoadModule ldap_module modules/mod_ldap.so I've gone into C:\Program Files\PHP\php.ini and made sure this line is not commented out: extension=php_ldap.dll I've made sure C:\Program Files\PHP is in the Path I've made sure C:\Program Files\PHP contains libeay32.dll and ssleay32.dll Restart apache phpinfo() still doesn't show mod_ldap as being turned on. It shows util_ldap under Loaded Modules, but that's the only reference anywhere to LDAP. For a bit more background, I originally posted this on SO.

    Read the article

  • Apache2 enable .ini mod in /etc/php5/mods-available

    - by GuiTeK
    One can use the a2enmod [module] command to enable mods located in /etc/apache2/mods-available. But what about mods in /etc/php5/mods-available? When I try to enable a mod in this directory (eg. xdebug), I get the following error: ERROR: Module xdebug does not exist! Yet, /etc/php5/mods-available/xdebug.ini exists. I understand a2enmod may work only with *.load files (it makes sense since *.ini files are just configuration files) but then what's the correct way of enabling modules located in /etc/php5/mods-available?

    Read the article

  • Redmine Subversion: LDAP _and_ local auth

    - by Frank Brenner
    I need to set up a subversion repository with apache authentication against both an external LDAP server as well as the local Redmine database. That is, we have users whose accounts exist only in the LDAP directory and some users whose accounts only exist in the local Redmine db - all should be able to access the repo. I can't quite seem to get the apache config right for this. I know I saw a how-to for this at some point, I think using Redmine.pm, but I can't seem to find it anymore.. Thanks.

    Read the article

  • mod hosts file, connect to joomla on remote server

    - by Kate
    I've just acquired an account on a remote server with Joomla installed. I was instructed to add xxx.xx.xxx.xx name.ca www.name.ca to the hosts file which I found in /private/etc/ . I had to su to my admin account and use sudo to mod file and found that hosts is also found in /etc/ though it is apparently the same file. I attempted to flush the the DNS cache using dscacheutil -flushcache and then launched Safari and entered address xxx.xx.xxx.xx/administrator but got a 404 error. Joomla was set up for me by the server owner and accessed from his Windows laptop to demonstrate so I know it should work but no go here. Can anyone suggest what the problem might be?

    Read the article

  • Dumping mod_perlified variables--what's the local namespace?

    - by Kev
    I have a mod_perl script: use strict; use warnings FATAL => 'all'; use 5.010001; my $face = 'ugly'; use Data::Dump qq(pp); die pp($ModPerl::ROOT::ModPerl::Registry::C_3a_www_test_2epl::face); It dies undef at C:/www/test.pl line 8. I was expecting "ugly" at C:/www/test.pl line 8. If instead I die pp(%ModPerl::ROOT::ModPerl::Registry::C_3a_www_test_2epl::); ...after restarting the service to clear any cached variables, face is not even listed. I could have sworn this code was working the last time I used it...I wrote a whole die hook around this way of naming local variables so that I could get at certain local variables to dump debug information. What's the local namespace?

    Read the article

  • Dynamic group membership to work around no nested security group support for Active Directory

    - by Bernie White
    My problem is that I have a number of network administration applications like SAN switches that do not support nested groups from Active Directory Domain Services (AD DS). These legacy administration applications use either LDAP or LDAPS. I am fairly sure I can use Active Directory Lightweight Directory Services (AD LDS) and possibly Windows Authorization Manager to work around this issue; however I am not really sure where to start. I want to end up with: A single group that can be queried over LDAP/LDAPS for all it’s direct members LDAP proxy for user name and password credentials to AD DS Easy way to admin the group, ideally the group would aggregate the nested membership in AD DS. a native solution using freely available components from the Windows stack. If you have any suggestions or solutions that you have previously used to solve this issue please let me know.

    Read the article

  • Matplotlib and WSGI/mod_python not working on Apache.

    - by Luiz C.
    Everything works as supposed to on the Django development server. In Apache, the django app also works except when matplotlib is used. Here's the error I get: No module named multiarray. Exception Type: ImportError Exception Value: No module named multiarray Exception Location: /usr/share/pyshared/numpy/core/numerictypes.py in <module>, line 81 Python Executable: /usr/bin/python Python Version: 2.6.4 From the python shell, both statements work: import numpy.core.multiarray and import multiarray. Any ideas? Thanks As I'm looking over the numpy files, I found the multiarray module, which has an extension of 'so'. My guess, is that mod_python is not reading these files.

    Read the article

  • mod_php / mod_suphp / FastCGI | Which do you recommend and why.

    - by Saif Bechan
    I am at the point that I have to choose on what type of setup my application should run. I know there are some types available where apache runs smooth on, but they all have there downsides. System: Apache 2 / PHP 5.2 I hope you can give me some tips from firsthand experience. To give you an example of what to be covered. - Performance - Ease of setup - Security I know this does not really involve programming, but I have seen post concerning this and I know that you guys/girls here are certainly qualified to comment on this subject.

    Read the article

  • Apache mod_rewrite and multiple domains

    - by andihahn
    Hi, I'm trying to use mod_rewrite to map multiple domains to different servlets on one host. Example: www.dom1.com - 192.168.1.n/dom1 www.dom2.com - 192.168.1.n/dom2 ... I'm using the mod_rewrite and mod_proxy and directive but it seems that the reverse mapping via ProxyPassReverse doesn't work as I expected. ProxyPassReverse /subdomain.domain.com http://192.168.1.n/subdomain doesn't work. I've turned rewrite-logging on with RewriteLog /var/log/rewrite.log From the logs I'd say that rewriting works and the problem seems to be with reverse mapping. However I can't see any Reverse mapping entries. It seems that reverse mapping isn't logged or needs a different command to be activated. (Apache and the servlet container are on different machines but this should not matter I'd think ?)

    Read the article

  • Mixing RewriteRule and ProxyPass in Apache

    - by Taylor L
    I was working on debugging an issue today related to mixing mod_proxy and mod_rewrite together and I ended up having to use balancer://mycluster in the RewriteRule in order to stop receiving a 404 error from Apache. I have two questions: 1) Is there any other way to get the rewritten URL to go through the balancer without adding balancer://mycluster into the RewriteRule? 2) Is there a way to define all the parameters I defined in ProxyPass (stickysession=JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bytraffic nofailover=Off) in either the <Proxy> or RewriteRule? I'm concerned the requests that match the new RewriteRule won't load balance in the same fashion as those that go through ProxyPass (like /app1/something.do)? Below are the relevant sections of the httpd.conf. I am using Apache 2.2. <Proxy balancer://mycluster> Order deny,allow Allow from all BalancerMember ajp://my.domain.com:8009 route=node1 BalancerMember ajp://my.domain.com:8009 route=node2 </Proxy> ProxyPass /app1 balancer://mycluster/app1 stickysession=JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bytraffic nofailover=Off ProxyPassReverse /app1 ajp://my.domain.com:8009/app1 ... RewriteRule ^/static/cms/image/(.*)\.(.*) balancer://mycluster/app1/$1.$2 [P,L]

    Read the article

  • Configuring mod_rewrite and mod_jk for Apache 2.2 and JBoss 4.2.3

    - by The Pretender
    Hello! My problem is as follows: I have JBoss 4.2.3 application server with AJP 1.3 connector running on one host under Windows (192.168.1.2 for my test environment) and Apache 2.2.14 running on another FreeBSD box (192.168.1.10). Apache acts as a "front gate" for all requests and sends them to JBoss via mod_jk. Everything was working fine until I had to do some SEO optimizations. These optimizations include SEF urls, so i decided to use mod_rewrite for Apache to alter requests before they are sent to JBoss. Basically, I nedd to implement 2 rules: Redirect old rules like "http://hostname/directory/" to "http://hostname/" with permanent redirect Forward urls like "http://hostname/wtf/123/" to "http://hostname/wtf/view.htm?id=123" so that end user doesn't see the "ugly" URL (the actual rewrite). Here is my Apache config for test virtual host: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/usr/local/www/dummy" ServerName 192.168.1.10 <IfModule mod_rewrite.c> RewriteEngine On RewriteRule /directory/(.*) /$1 [R=permanent,L] RewriteRule ^/([^/]+)/([0-9]+)/?$ /$1/view.htm?id=$2 </IfModule> JkMount /* jsp-hostname ErrorLog "/var/log/dummy-host.example.com-error_log" CustomLog "/var/log/dummy-host.example.com-access_log" common </VirtualHost> The problem is that second rewrite rule doesn't work. Requests slip through to JBoss unchanged, so I get Tomcat 404 error. But if I add redirect flag to the second rule like RewriteRule ^/([^/]+)/([0-9]+)/?$ /$1/view.htm?id=$2 [R,L] it works like a charm. But redirect is not what I need here :) . I suspect that the problem is that requests are forwarded to the another host (192.168.1.2), but I really don't have any idea on how to make it work. Any help would be appreciated :)

    Read the article

  • Apache Rewrite & Alias combined

    - by Larry
    Hello, We have run into an issue where we have an existing Alias, and we would like to add a rewrite rule to catch all variations of case-insensitive spellings, ie: URL: http://www.example.com/example Alias /example "/var/www/html/web/example" We need a rewrite rule to catch: /ExamPle /exampLE /eXAmple etc ... If anyone could help, that would be great! We cannot seem to get the rewrite & Alias to work together. Thanks and God Bless!

    Read the article

  • Connecting to a LDAPS server

    - by Pavanred
    I am working on a development machine and I am trying to connect to my LDAP server. This is what I do - telnet ldaps- 686 then the response is - Could not open connection to the host on port 686 : connect failed But, the strange part is when I connect to my server - telnet ldap- 389 then the connection is successful. My question is, why does this happen? Do I have to install SSL certificate on the client machine where I make the call from? I do not know much about this. I know for a fact that the LDAP server is working fine because other applications are successfully using it currently.

    Read the article

  • iPlanet Authentication provider

    - by Travis
    Good day. I have stepped into project that requires a server migration that would change the means of authentication for our CAC/PKI SSL enabled website. We are using iPlanet 7 and Oracle Directory Server Enterprise 7 as our LDAP server. The situation is that the site is still CAC/PKI enabled, but at the firewall. The information we want to authenticate against is now in the http header. How do I configure iPlanet and LDAP to authenticate against the header instead of SSL? Thanks. Edit, Can this be done with IIS keeping the Directory Server EE LDAP in tact or is the ACL iPlanet only?

    Read the article

  • How do I use .htaccess to redirect to a URL containing HTTP_HOST?

    - by Jon Cram
    Problem I need to redirect some short convenience URLs to longer actual URLs. The site in question uses a set of subdomains to identify a set of development or live versions. I would like the URL to which certain requests are redirected to include the HTTP_HOST such that I don't have to create a custom .htaccess file for each host. Host-specific Example (snipped from .htaccess file) Redirect /terms http://support.dev01.example.com/articles/terms/ This example works fine for the development version running at dev01.example.com. If I use the same line in the main .htaccess file for the development version running under dev02.example.com I'd end up being redirected to the wrong place. Ideal rule (not sure of the correct syntax) Redirect /terms http://support.{HTTP_HOST}/articles/terms/ This rule does not work and merely serves as an example of what I'd like to achieve. I could then use the exact same rule under many different hosts and get the correct result. Answers? Can this be done with mod_alias or does it require the more complex mod_rewrite? How can this be achieved using mod_alias or mod_rewrite? I'd prefer a mod_alias solution if possible. Clarifications I'm not staying on the same server. I'd like: http://example.com/terms/ - http://support.example.com/articles/terms/ https://secure.example.com/terms/ - http://support.example.com/articles/terms/ http://dev.example.com/terms/ - http://support.dev.example.com/articles/terms/ https://secure.dev.example.com/terms/ - http://support.dev.example.com/articles/terms/ I'd like to be able to use the same rule in the .htaccess file on both example.com and dev.example.com. In this situation I'd need to be able to refer to the HTTP_HOST as a variable rather than specifying it literally in the URL to which requests are redirected. I'll investigate the HTTP_HOST parameter as suggested but was hoping for a working example.

    Read the article

  • Fast way to manually mod a number

    - by Nikolai Mushegian
    I need to be able to calculate (a^b) % c for very large values of a and b (which individually are pushing limit and which cause overflow errors when you try to calculate a^b). For small enough numbers, using the identity (a^b)%c = (a%c)^b%c works, but if c is too large this doesn't really help. I wrote a loop to do the mod operation manually, one a at a time: private static long no_Overflow_Mod(ulong num_base, ulong num_exponent, ulong mod) { long answer = 1; for (int x = 0; x < num_exponent; x++) { answer = (answer * num_base) % mod; } return answer; } but this takes a very long time. Is there any simple and fast way to do this operation without actually having to take a to the power of b AND without using time-consuming loops? If all else fails, I can make a bool array to represent a huge data type and figure out how to do this with bitwise operators, but there has to be a better way.

    Read the article

  • Web programming: Apache modules: mod_python vs mod_php

    - by Olivier Pons
    Hi! I've been using for more than 12 years PHP with Apache (a.k.a mod_php) for my web development work. I've recenlty discovered python and its real power (I still don't understand why this is not always the best product that becomes the most famous). I've just discovered mod_python for Apache. I've already googled but without success things like mod_python vs mod_php. I wanted to know the differences between the two mod_php and mod_python in terms of: speed productivity maintainance (I know `python is most productive and maintainable language in the world, but is it the same for Web programming with Apache) availability of features e.g, cookies and session handling, databases, protocols, etc.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >