Search Results

Search found 1428 results on 58 pages for 'pam ldap'.

Page 27/58 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • stdout, stderr, and what else? (going insane parsing slapadd output)

    - by user64204
    I am using slapadd to restore a backup. That backup contains 45k entries which takes a while to restore so I need to get some progress update from slapadd. Luckily for me there is the -v switch which gives an output similar to this one: added: "[email protected],ou=People,dc=example,dc=org" (00003d53) added: "[email protected],ou=People,dc=example,dc=org" (00003d54) added: "[email protected],ou=People,dc=example,dc=org" (00003d55) .######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s added: "[email protected],ou=People,dc=example,dc=org" (00003d56) added: "[email protected],ou=People,dc=example,dc=org" (00003d57) added: "[email protected],ou=People,dc=example,dc=org" (00003d58) added: "[email protected],ou=People,dc=example,dc=org" (00003d59) Every N entries added, slapadd writes a progress update output line (.######## 44.22% eta 05m05s elapsed ...) which I want to keep and an output line for every entry created which I want to hide because it exposes people's email address but still want to count them to know how many users were imported The way I thought about hiding emails and showing the progress update is this: $ slapadd -v ... 2>&1 | tee log.txt | grep '########' # => would give me real-time progress update $ grep "added" log.txt | wc -l # => once backup has been restored I would know how many users were added I tried different variations of the above, and whatever I try I can't grep the progress update output line. I traced slapadd as follows: sudo strace slapadd -v ... And here is what I get: write(2, "added: \"[email protected]"..., 78added: "[email protected],ou=People,dc=example,dc=org" (00000009) ) = 78 gettimeofday({1322645227, 253338}, NULL) = 0 _######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s ) = 80 write(2, "\n", 1 ) As you can see, the percentage line isn't sent to either stdout or stderr (FYI I have validated with known working and failing commands that 2 is stderr and 1 is stdout) Q1: Where is the progress update output line going? Q2: How can I grep on it while sending stderr to a file? Additional info: I'm running Openldap 2.4.21 on ubuntu server 10.04

    Read the article

  • Ubuntu Server 10.10 vs. Fedora Server 14 for Mono.NET app hosting in VM

    - by Abbas
    Ubuntu Server 10.10 vs. Fedora Server 14 I want to create a web-server running Mono, MySQL 5.5 and OpenLDAP running as a VM (on VMWare Workstation). Searching “Ubuntu Server vs. Fedora Server” mostly yields flame wars and noise. There are a few good articles available but they are either out-of-date or don’t offer very convincing arguments. I know the answer is most likely to be “it depends” but I wanted to harness the collective wisdom on ServerFault and get opinions, experiences and factual information to the extent possible. My selection criteria would be (other than what is mentioned above): Ease of use Ease of development Reliability Security

    Read the article

  • openldap make sure password does not contain username

    - by Ryan Horrisberger
    Is there a way using openldap to ensure that a user's password does not contain their name or their username? I know that you can use the ppolicy overlay pwdCheckModule by writing a C function to do password checking, but is this the best approach? It doesn't seem like many folks are doing password quality checking this way--the only example I've found is a github example which only does basic checking.

    Read the article

  • How to migrate Fedora DS (389 DS) to a new machine?

    - by zengr
    Hello, I am trying to migrate a Fedora DS (1.2.2) to a new server (1.2.7.5). The process has been painful to say the least. The old server (1.2.2) was also an upgrade from an old fedora DS setup, so it does not contain migrate-ds-admin.pl. I found this question, but the URL does not open. I am aware that I need to use migrate-ds-admin.pl, but I am clueless. How do I use it? I assume this works like this: 1. Copy migrate-ds-admin.pl from server which has 1.2.7 to 1.2.2 2. Run migrate-ds-admin.pl to export the schema+ldif from 1.2.2 3. Import the schema+ldif to 1.2.7 using migrate-ds-admin.pl. If the above is true, then what parameters are need for export and import? Note: ./ldif2db -n NetscapeRoot -i /root/NetscapeRoot.ldif ./ldif2db -n userRoot -i /root/userRoot.ldif The above two commands work like a charm, but since the schema (custom schema) is not migrated, I see alot of errors during import.

    Read the article

  • What's the appropriate way to upgrade Apache in RHEL?

    - by jldugger
    The version of Apache shipped in RHEL 5.4 is very old. A feature I need only shipped recently. It seems Apache upstream only ships tarballs, and omits binary packages. Obviously I could build from source, but what's the canonical way to upgrade a single package like this? Is it common procedure to drop a newer tarball in the existing SPEC, or does someone already do all this with an eye towards RHEL?

    Read the article

  • OSX Server - How to set environment variable on network user login

    - by tmkly3
    I have a group of users on my server, "Developers", and I would like an environment variable to be set for them whenever they login. More specifically, when anyone in this group logs in, I would like the equivalent of: setenv ANDROID_SDK_HOME /Developers/Android/User to be set at login. I can do this with a login script if necessary, but what I'm asking is: is it possible to set this type of thing in Profile Manager, Workgroup Manager, Directory Utility, etc? Thanks - I've looked everywhere but can't find anything.

    Read the article

  • Active Directory: Determining DN or OU from log in credentials [closed]

    - by Christopher Broome
    I'm updating a PHP login process to leverage active directory on a Windows server. The logging in process seems pretty straight forward via a "ldap_bind", but I also want to pull some profile information from the AD server (first name, last name, etc...) which seems to require a robust distinguished name (DN). When on the windows server I can grab this via 'dsquery user' on the command prompt, but is there a way to get the same value from just the user's login credentials in PHP? I want to avoid getting a list of hundreds of DNs when on-boarding clients and associating each with one of our users, so any means to programmatically determine this would be preferential. Otherwise, I'll know the domain and host for the request so I can at least set the DC portions of the DN, but the organizational units (OU) seem to be pretty important for querying data. If I can find some of the root level OU values associated with the user I can do a ldap_search and crawl. I browsed through the existing questions and found some similar but nothing that really addressed this, so my apologies if the obvious answer is out there. Thanks for the help.

    Read the article

  • Start TLS and 389 Directory

    - by Kyle Flavin
    I'm trying to configure Start TLS on 389 Directory server, but I'm having all sorts of issues. I've been following this doc: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/managing-certs.html which specifies that I should create a certificate for both the directory server and admin server. I've imported the CA cert on both servers. I've tried to use the same server certificate for both. It will not allow me to do so. However, the admin and directory servers reside on the same host. If I generate a new certificate it will need to use the same hostname. I'm not sure if that's valid... Has anyone out there set this up before? Any direction would be helpful. I have multmaster replication set up. From an external client, I'm attempting to do an ldapsearch -ZZ -x -h "myhost" -b "dc=example,dc=com" -D "cn=Directory Manager" -W "", and I'm getting a protocol error.

    Read the article

  • Sun Directory Server 5.2 performance

    - by tmow
    Hi all, I'm using logconv.pl (provided by Sun), to measure performance on my server. These two metrics results, are worrying me a bit: Binds: 192164 Unbinds: 111569 In fact the difference between the two it's quite big, how can I determine which are the unbound requests? As stated by Lodovic: Many applications just close the connections without sending an Unbind request. This simply can explain the difference. But the logconv.pl doesn't show details about the unbound requests, do you know any other tools or can you suggest some queries or whatever that can help me find out the root cause? Do you think anyway that the performances may improve fixing the issue?

    Read the article

  • SVN Active Directory authentication with ProxyPass redirect in the mix

    - by Jason B. Standing
    We have a BitNami SVN stack running on a Windows machine which holds our SVN repository. It's set up to authenticate against our AD server and uses authz to control rights. Everything works perfectly if Tortoise points at http://[machine name]/svn However - we need to be able to access it from http://[domain]/svn. The domain name points to a linux environment that we're decommissioning, but until we do, other systems on that box prevent us from just re-pointing the domain record. Currently, we've got a ProxyPass record on the linux machine to forward requests through to http://[machine name]/svn - it seems to work fine, and the endpoint machine asks for credentials, then authenticates: but when that happens, the access attempt is logged as coming from the linux box, rather than from the user who has authenticated. It's almost like some element of the credentials aren't being passed through to the endpoint machine. Has anyone done this before, or is there other info I can give to try to make sense of this problem, and figure out a way to solve it? Thankyou!

    Read the article

  • What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?

    - by warren
    It seems that most other filesystems handle the basic *nix permissions (ugo±rwx), with maybe an addition here or there. Or can be "made" to handle ACLs through the use of other tools on top of the system. On the wikipedia pages about filesystems (http://en.wikipedia.org/wiki/List%5Fof%5Ffile%5Fsystems & http://en.wikipedia.org/wiki/Comparison%5Fof%5Ffile%5Fsystems), it appears that while some do support extended meta-data, none support natively the level of permissioning that NTFS does. Am I wrong in this understanding?

    Read the article

  • setting up a samba PDC -error with testparm

    - by Rungano
    Hi guys I have installed a samba PDC but when I test the samba configurations file I am getting errors like these, "Invalid combination of parameters for service homes. Map system can only work if create mask includes octal 010 (S_IXGRP)." My Configuration file is as follows [homes] comment = Home Directories path = /home_srv1/%u valid users = %S read only = No create mask = 0660 directory mask = 0770 browseable = No I tried to google but with no luck, Serverfault is always my best hope. Thanks for helping out.

    Read the article

  • How to disable password change for openldap user?

    - by Keve
    Considering possible solutions for some improvements I run into this theoretical question and I couldn't find a satisfying answer. Some of you may have first-hand experience with this in practice, so here the question goes: How can I disable password changing for an OpenLDAP user? The account must stay enabled, allowed to log on to workstations and work as usual, but should not be able to change its own password. Can this be done? If so, how difficult is it to implement it? All suggestions are appreciated! For reference: Servers and workstations are to run a mixture of FreeBSD and OpenBSD. Accounts to get password disabled are student or generic workstation accounts. Environment is a school.

    Read the article

  • SharePoint LDAP filtering of People Picker users

    - by 78lro
    Hi On my WSS server I have run the following stsadm command to filter the people picker results: stsadm.exe -o setproperty -url http://myserver -pn "peoplepicker-searchadcu stomfilter" -pv "(memberOf=CN=SharePoint,OU=AccessGroups,DC=contosio,DC=local)" My WSS sites are all used by different groups of users. Whenever I create a new site collection in WSS I want to ensure that I can filter the people picker to only show he relevant users for that group - can I automate this or would I have to manually do something like the above stsadm command? All the best

    Read the article

  • Disable passwd history feature with remember=0

    - by user1915177
    PAM version - pam-0.79 Is setting 0 allowed on "remember" option in /etc/pam.d/common-passwd file of pam.d module to disable passwd history feature? With "remember=0" in /etc/pam.d/common-passwd file, I am observing a memfault when running the passwd command as a USER. When browsed the source, the function in _set_ctrl in support.c file of pam_unix module handles wrong values of remember, but currently its not robust enough to handle 0, which is a wrong value. So the valid and only option to disable history feature, is to not include the "remember" option in /etc/pam.d/common-passwd file and not to set-up /etc/security/opasswd file? Could see in the following link mention of setting "remember" to 0 has no effect to remember value in "/etc/security/opasswd" file. =https://lists.fedorahosted.org/pipermail/linux-pam-commits/2011-June/000060.html

    Read the article

  • adldap class, need to search for user in two groups

    - by Brad
    http://adldap.sourceforge.net/wiki/doku.php?id=api_user_functions#user_ingroup_username_group_recursive_null I am using the adLDAP class above to authenticate users against our ldap server. I was wondering how I could check multiple groups to see if the user belongs to either, if they belong to either. I don't know if user_ingroup($username,$group,$recursive=NULL); can handle search two different groups for the user, need help coding it to search for the user in two different groups, and as soon as it finds it in one of those, break the operation and set a variable to true. Any help is appreciated.

    Read the article

  • Get All Users in an Active Directory Group

    - by Matt Hanson
    I'm using the following code sample to get a list of all users in a specified AD group (in this case, all users in the "Domain Users" group). My listed code works great, with one exception: it won't return users who have their primary group set to "Domain Users". How can I get a list of all users in the group, including those who have it set as their primary group? Private Sub GetUsers() Dim groupSearcher As New DirectorySearcher Dim groupSearchRoot As New DirectoryEntry("LDAP://OU=Users,DC=domain,DC=com") With groupSearcher .SearchRoot = groupSearchRoot .Filter = "(&(ObjectClass=Group)(CN=Domain Users))" End With Dim members As Object members = groupSearcher.FindOne.GetDirectoryEntry.Invoke("Members", Nothing) For Each member As Object In CType(members, IEnumerable) Console.WriteLine(New DirectoryEntry(member).Name.Remove(0, 3)) Next End Sub

    Read the article

  • Active Directory public key use

    - by Chris Meadows
    I have a client who has a requirement to validate users logging into my web application against his active directory using LDAP. In trying to connect using the DirectoryEntry and DirectorySearcher .NET classes, I can connect to his AD Server but not access it. The client's AD server has an SSL Certificate for which he has given me a public key file but I don't know how to use this public key file in my C# code. When I issue the connect command through code, I see, via Wireshark, my application sending the connection request. I then see the server responding with "Server Hello, Certificate, Certificate Request, Server Hello Done". Then my application never responds after that. In using another application, written by somebody else for which I do not have code, I see the same request from the server and then see the application respond with "Certificate, Client Key Exchange" and then the application connects and runs. With that said, my question then becomes, how can I get my C# application to load and send the key file I got from the client?

    Read the article

  • Logging into oracle db as a global user

    - by kineas
    We are trying to shape up an old, 2 tier, Delphi based application. It originally uses database authentication, we'd like to transform the db user accounts to global users, so an OID server could perform the authentication instead of the database. The Delphi program can no longer log into the database if the account is a global user. I'm trying to understand the login protocol, so far without results. Similar thing happens with SQLDeveloper, I can't connect as a global user. SQLPlus however works with both kinds of users. We checked the information flow with Wireshark. When the dbserver asks back for a password, the SQLPlus sends it, while the SQLDeveloper doesn't send a password when attempting to connect as a global user. The client sends the application name too in the login request. Is it possible that we have to store the client app name in the LDAP itself?

    Read the article

  • Getting user data from Active Directory using PL/SQL

    - by David Neale
    I had a discussion today regarding an Oracle procedure I wrote some time ago. I wanted to get 7500 user email addresses from Active Directory using PL/SQL. AD will return a maximum of 1000 rows and the LDAP provider used by Oracle will not support paging. Therefore, my solution was to filter on the last two characters of the sAMAccountName (*00,*01,*02...etc.). This results in 126 queries (100 for account names ending in digits, 26 for those ending in a letter...this was sufficient for my AD setup). The person I was speaking to (it was a job interview by the way) said he could have done it a better way, but he would not tell me what that method was. Could anybody hazard a guess at what this method was?

    Read the article

  • Is this a possible way to get Drupal AD SSO?

    - by JollyRogers
    I'm currently building a Drupal website in an Active Directory environment. One of the site's requirements is Single Sign On, which to date seems to be impossible because there is no Kerberos SPNEGO/GSSAPI auth module for drupal. I've come up with an idea on how SSO could be attempted on IIS. Since IIS has the option to require Kerberos authentication, we can let IIS handle authentication and use the AUTH_USER server variable to pass the authorized user name to the an 'improved' LDAP_auth module. The LDAP_auth module would then check the user name (but not password since it doesn't know or need to know the password) against LDAP to get the user's roles. (AD groups) Does anyone know if this is possible? If so, does anyone have any ideas on how to implement this?

    Read the article

  • How to Authenticate to Active Directory Services (ADs) using .NET 3.5 / C#

    - by Ranger Pretzel
    After much struggling, I've figured out how to authenticate to my company's Active Directory using just 2 lines of code with the Domain, Username, and Password in .NET 2.0 (in C#): // set domain, username, password, and security parameters DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, username, password, AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer); // force Bind to AD server to authenticate object obj = entry.NativeObject; If the 2nd line throws an exception, then the credentials and/or parameters were bad. (Specific reason can be found in the exception.) If no exception, then the credentials are good. Trying to do this in .NET 3.5 looks like it should be easy, but has me at a roadblock instead. Specifically, I've been working with this example: PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain); using (domainContext) { return domainContext.ValidateCredentials(UserName, Password); } Unfortunately, this doesn't work for me as I don't have both ContextOptions set to Sealed/Secure and SSL (like I did above in the .NET 2.0 code.) There is an alternate constructor for PrincipalContext that allows setting the ContextOptions, but this also requires supplying a Distinguished Name (DN) of a Container Object and I don't know exactly what mine is or how I would find out. public PrincipalContext(ContextType contextType, string name, string container, ContextOptions options); // container: // The container on the store to use as the root of the context. All queries // are performed under this root, and all inserts are performed into this container. // For System.DirectoryServices.AccountManagement.ContextType.Domain and System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory // context types, this parameter is the distinguished name of a container object. Any suggestions?

    Read the article

  • Ldap_add() : Invalid Syntax

    - by Suezy
    I have a program here that uses the ldap_add, when i try to run the program, it displays an error: Warning: ldap_add() [function.ldap-add]: Add: Invalid syntax in /var/www/suey/costcenter.20090617.php on line 780 My lil' code here is: $ldapservers='ourServer'; $ds = ldap_connect($ldapservers); if ($ds){ $r = ldap_bind($ds, $ldaprootun, $ldaprootpw); $add = ldap_add($ds, "uid=$fuid, $ldapbasedn", $infonew); } ldapbasedn is set to o=ourGroup; infonew is an array of entries (person information) and am so sure that the array is not empty because i already tested it. the uid is not empty too. What could be wrong? Is it the entries(array)? or the server am trying to connect to? I tried testing the ldap_bind, and it also works well too..hmmm.. Pls help.. thanks! I found the problem.. it's in the index infonew["createdBy"] = getenv("REMOTE_USER"); it returns NULL! now, is that right?

    Read the article

  • Different approaches for finding users within Active Directory

    - by EvilDr
    I'm a newbie to AD programming, but after a couple of weeks of research have found the following three ways to search for users in Active Directory using the account name as the search parameter: Option 1 - FindByIdentity Dim ctx As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim u As UserPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, "MYDOMAIN\Administrator") If u Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn("Name=" & u.Name) Trace.Warn("DisplayName=" & u.DisplayName) Trace.Warn("DistinguishedName=" & u.DistinguishedName) Trace.Warn("EmployeeId=" & u.EmployeeId) Trace.Warn("EmailAddress=" & u.EmailAddress) End If Option 2 - DirectorySearcher Dim connPath As String = "LDAP://" & Environment.MachineName Dim de As New DirectoryEntry(connPath) Dim ds As New DirectorySearcher(de) ds.Filter = String.Format("(&(objectClass=user)(anr={0}))", Split(User.Identity.Name, "\")(1)) ds.PropertiesToLoad.Add("name") ds.PropertiesToLoad.Add("displayName") ds.PropertiesToLoad.Add("distinguishedName") ds.PropertiesToLoad.Add("employeeId") ds.PropertiesToLoad.Add("mail") Dim src As SearchResult = ds.FindOne() If src Is Nothing Then Trace.Warn("No user found.") Else For Each propertyKey As String In src.Properties.PropertyNames Dim valueCollection As ResultPropertyValueCollection = src.Properties(propertyKey) For Each propertyValue As Object In valueCollection Trace.Warn(propertyKey & "=" & propertyValue.ToString) Next Next End If Option 3 - PrincipalSearcher Dim ctx2 As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim sp As New UserPrincipal(ctx2) sp.SamAccountName = "MYDOMAIN\Administrator" Dim s As New PrincipalSearcher s.QueryFilter = sp Dim p2 As UserPrincipal = s.FindOne() If p2 Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn(p2.Name) Trace.Warn(p2.DisplayName) Trace.Warn(p2.DistinguishedName) Trace.Warn(p2.EmployeeId) Trace.Warn(p2.EmailAddress) End If All three of these methods return the same results, but I was wondering if any particular method is better or worse than the others? Option 1 or 3 seem to be the best as they provide strongly-typed property names, but I might be wrong? My overall objective is to find a single user within AD based on the user principal value passed via the web browser when using Windows Authentication on a site (e.g. "MYDOMAIN\MyUserAccountName")

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >