Search Results

Search found 5144 results on 206 pages for 'mod auth ldap'.

Page 28/206 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35 | Next Page >

Where does Django store auth's superuser / pw / e-mail data?

- by fooba

After running syncdb and creating a su, where does that get recorded? Settings.py doesn't seem to change.

Read the article
????????

- by ???02

???????????????????????????????????????????????????????????·?????????????????????????????·???????????????????????????????????????????????Oracle Directory Server Enterprise Edition?Oracle Internet Directory?Oracle Virtual Directory???3?????????·???????????????Oracle Directory Server Enterprise Edition -- ??????????????·????Oracle Directory Server Enterprise Edition(ODSEE???Sun Directory Server Enterprise Edition)????????????????????????????????????????????·????????????????????????????????????·?????????????????????????????????????????????????????????????????????????????????????????????????(1)10???????40????????????(2)???????????????????(3)Web????????????????:???????????????????????????????????(4)?????????????????????????????(CoS : Class of Service)?????????(5)????????????????????(6)??????·?????????????????????Oracle Internet Directory -- ????????????LDAP????Oracle Internet Directory (??OID )??LDAPv3 ???????????????????Oracle Database??????????????????????????????????????????????(Database Vault)????????(Transparent Data Encryption)??????????????????????????????????????????????????????????·?????????????????????????????(1)LDAP v3???????????·????(2)??????????????????????????(3)LDAP?(?????????)????????(??????)??????????????????????????????(4)ID??????????????????????????????????(5)Active Directory???ID??????????????????????????????????Oracle Virtual Directory -- ???ID?????(LDAP?DB)???????Oracle Virtual Directory (?? OVD )??LDAPv3 ?????????????Virtual (??) ???????????????????????????OVD ???????????????????? LDAP ???????????????????????????????????????????1?? LDAP ????????????????????????????LDAP ??????????????????????????????ID???????????????????????????????????????????????????????????????(1)LDAP v3???????????·????(2)???ID????????????????????????(3)????????????????????????????????????????(4)??????(SQL Server, DB2, Oracle Database)???????(Active Directory, Novel eDirectory, OID)??????????ID??????LDAP????(5)????????1???????????????????ID???????????????????? ?????? Oracle Direct

Read the article
Apache mod status is showing ..reading

- by Adelave

Recently my apache got DoS attack, it happened attacker flood SYN request to our apache, i know because at that time i have wireshark enabled. After the attack finished, i restart my apache and its all back to run normal. But the problem when i check my serverstatus from mod-status there are some threads are showing > 0-92 61968 0/0/674 R 1125 0 0.0 0.00 22.93 ? ? ..reading.. > 0-92 61968 0/0/29 R 537889 0 0.0 0.00 0.01 ? ? ..reading.. > 0-92 61968 0/0/852 R 1158 15 0.0 0.00 15.05 ? ? ..reading.. > 0-92 61968 0/0/2 R 537933 578 0.0 0.00 0.02 ? ? ..reading.. > 0-92 61968 0/0/3 R 537933 0 0.0 0.00 0.02 ? ? ..reading.. > 0-92 61968 0/0/1 R 538060 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/2 R 538060 0 0.0 0.00 0.01 ? ? ..reading.. > 0-92 61968 0/0/71 R 538146 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/31 R 538146 0 0.0 0.00 0.01 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 R 1287665833 0 0.0 0.00 0.00 ? ? ..reading.. > 0-92 61968 0/0/0 K 1287665833 0 0.0 0.00 0.00 these ..reading.. are always showing even after i restart. Do you have any idea how to remove this ? and where it comes from ?

Read the article
after enabling mod ssl apache stops listening on port 80

- by zensys

I have an ubuntu 12.04 server with zend server CE installed. I now wanted to enable https but after the first steps according to the documentation, 'a2enmod ssl' and 'apache service restart', apache does not listen on 443 but neither on 80, according to netstat -tap | grep http(s)! This is what I see in my error log, but I can't make much of it: [Fri May 25 19:52:39 2012] [notice] caught SIGTERM, shutting down [Fri May 25 19:52:41 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Fri May 25 19:52:41 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured. [Fri May 25 19:52:41 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6" [Fri May 25 19:52:41 2012] [warn] ModSecurity: Loaded APR do not match with compiled! [Fri May 25 19:52:41 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [Fri May 25 19:52:41 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Fri May 25 19:52:41 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Fri May 25 19:53:11 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured. [Fri May 25 19:53:11 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6" [Fri May 25 19:53:11 2012] [warn] ModSecurity: Loaded APR do not match with compiled! [Fri May 25 19:53:11 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [Fri May 25 19:53:11 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Fri May 25 19:53:11 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Fri May 25 19:53:12 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.8-ZS5.5.0 configured -- resuming normal operations and here is my httpd.conf: # Name based virtual hosting <virtualhost *:80> ServerName www-redirect KeepAlive Off RewriteEngine On RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </virtualhost> Alias /shared/js "/home/web/library/js" Alias /shared/image "/home/web/library/image" <IfModule mod_expires.c> <FilesMatch "\.(jpe?g|png|gif|js|css|doc|rtf|xls|pdf)$"> ExpiresActive On ExpiresDefault "access plus 1 week" </FilesMatch> </IfModule> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn <Directory /> Options FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> <Location /> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ /index.php [NC,L] </Location> netstat -tap gives: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 765/mysqld tcp 0 0 *:pop3 *:* LISTEN 744/dovecot tcp 0 0 *:imap2 *:* LISTEN 744/dovecot tcp 0 0 *:http *:* LISTEN 19861/apache2 tcp 0 0 *:smtp *:* LISTEN 30365/master tcp 0 0 *:4444 *:* LISTEN 634/sshd tcp 0 0 *:kamanda *:* LISTEN 1167/lighttpd tcp 0 0 *:imaps *:* LISTEN 744/dovecot tcp 0 0 *:amandaidx *:* LISTEN 1167/lighttpd tcp 0 0 localhost.loc:amidxtape *:* LISTEN 19861/apache2 tcp 0 0 *:pop3s *:* LISTEN 744/dovecot tcp 0 384 mail.mysite.:4444 231.214.14.37.dyn:41909 ESTABLISHED 19039/sshd: web [pr tcp 0 0 localhost.localdo:mysql localhost.localdo:48252 ESTABLISHED 765/mysqld tcp 0 0 mail.mysite.:http 231.214.14.37.dyn:54686 TIME_WAIT - tcp 0 0 mail.mysite.:4444 231.214.14.37.dyn:42419 ESTABLISHED 19372/sshd: web [pr tcp 0 0 localhost.localdo:48252 localhost.localdo:mysql ESTABLISHED 19884/auth tcp 0 0 mail.mysite.:http 231.214.14.37.dyn:54685 TIME_WAIT - tcp6 0 0 [::]:pop3 [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:smtp [::]:* LISTEN 30365/master tcp6 0 0 [::]:4444 [::]:* LISTEN 634/sshd tcp6 0 0 [::]:imaps [::]:* LISTEN 744/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN 744/dovecot Anyone knows what I am doing wrong? Perhaps I should take some additional steps to make apache listen 0n 443 but that it stops listening on 80 altogether I can't understand.

Read the article
Haskell's cabal dependency problem with happy

- by wirrbel

I have problems installing ghc-mod on my linux machine. cabal worries about "happy" not being available in versione = 1.17: $ cabal install ghc-mod Resolving dependencies... [1 of 1] Compiling Main ( /tmp/haskell-src-exts-1.14.0-1357/haskell-src-exts-1.14.0/Setup.hs, /tmp/haskell-src-exts-1.14.0-1357/haskell-src-exts-1.14.0/dist/setup/Main.o ) Linking /tmp/haskell-src-exts-1.14.0-1357/haskell-src-exts-1.14.0/dist/setup/setup ... Configuring haskell-src-exts-1.14.0... setup: The program happy version =1.17 is required but it could not be found. Failed to install haskell-src-exts-1.14.0 cabal: Error: some packages failed to install: ghc-mod-3.1.3 depends on haskell-src-exts-1.14.0 which failed to install. haskell-src-exts-1.14.0 failed during the configure step. The exception was: ExitFailure 1 hlint-1.8.53 depends on haskell-src-exts-1.14.0 which failed to install. However, it even is installed in v. 1.19, as you can see here: $ cabal install happy Resolving dependencies... [1 of 1] Compiling Main ( /tmp/happy-1.19.0-1124/happy-1.19.0/Setup.lhs, /tmp/happy-1.19.0-1124/happy-1.19.0/dist/setup/Main.o ) Linking /tmp/happy-1.19.0-1124/happy-1.19.0/dist/setup/setup ... Configuring happy-1.19.0... Building happy-1.19.0... Preprocessing executable 'happy' for happy-1.19.0... [ 1 of 18] Compiling NameSet ( src/NameSet.hs, dist/build/happy/happy-tmp/NameSet.o ) [ 2 of 18] Compiling Target ( src/Target.lhs, dist/build/happy/happy-tmp/Target.o ) [ 3 of 18] Compiling AbsSyn ( src/AbsSyn.lhs, dist/build/happy/happy-tmp/AbsSyn.o ) [ 4 of 18] Compiling ParamRules ( src/ParamRules.hs, dist/build/happy/happy-tmp/ParamRules.o ) [ 5 of 18] Compiling GenUtils ( src/GenUtils.lhs, dist/build/happy/happy-tmp/GenUtils.o ) [ 6 of 18] Compiling ParseMonad ( src/ParseMonad.lhs, dist/build/happy/happy-tmp/ParseMonad.o ) [ 7 of 18] Compiling Lexer ( src/Lexer.lhs, dist/build/happy/happy-tmp/Lexer.o ) [ 8 of 18] Compiling Parser ( dist/build/happy/happy-tmp/Parser.hs, dist/build/happy/happy-tmp/Parser.o ) [ 9 of 18] Compiling AttrGrammar ( src/AttrGrammar.lhs, dist/build/happy/happy-tmp/AttrGrammar.o ) [10 of 18] Compiling AttrGrammarParser ( dist/build/happy/happy-tmp/AttrGrammarParser.hs, dist/build/happy/happy-tmp/AttrGrammarParser.o ) [11 of 18] Compiling Grammar ( src/Grammar.lhs, dist/build/happy/happy-tmp/Grammar.o ) [12 of 18] Compiling First ( src/First.lhs, dist/build/happy/happy-tmp/First.o ) [13 of 18] Compiling LALR ( src/LALR.lhs, dist/build/happy/happy-tmp/LALR.o ) [14 of 18] Compiling Paths_happy ( dist/build/autogen/Paths_happy.hs, dist/build/happy/happy-tmp/Paths_happy.o ) [15 of 18] Compiling ProduceCode ( src/ProduceCode.lhs, dist/build/happy/happy-tmp/ProduceCode.o ) [16 of 18] Compiling ProduceGLRCode ( src/ProduceGLRCode.lhs, dist/build/happy/happy-tmp/ProduceGLRCode.o ) [17 of 18] Compiling Info ( src/Info.lhs, dist/build/happy/happy-tmp/Info.o ) [18 of 18] Compiling Main ( src/Main.lhs, dist/build/happy/happy-tmp/Main.o ) Linking dist/build/happy/happy ... Installing executable(s) in /home/hope/.cabal/bin Installed happy-1.19.0 Any ideas? cabal-install version 1.16.0.2 using version 1.16.0 of the Cabal library

Read the article
squid3 auth thru samba using ntlm to AD doesn't work

- by derty

some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

Read the article
django: caching passwords for custom authentication

- by gruszczy

I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

Read the article
Can't modify constant item in scalar assignment

- by joe

sub new { my $class = shift; my $ldap_obj = Net::LDAP->new( 'test.company.com' ) or die "$@"; my $self = { _ldap = $ldap_obj, _dn ='dc=users,dc=ldap,dc=company,dc=com', _dn_login = 'dc=login,dc=ldap,dc=company,dc=com', _description ='company', }; # Print all the values just for clarification. bless $self, $class; return $self; } what is wrong on this code : i got this error Can't modify constant item in scalar assignment at Core.pm line 12, near "$ldap_obj,"

Read the article
VsFTPd - pam_mkhomedir

- by Totor

I am trying to set up a FTP server that authenticates against an LDAP server. This part is done and works. My server is VsFTPd on Ubuntu Server 11.04. But I have to create the home directories for my LDAP users. I am trying to user the pam_mkhomedir module but it is not working: when I add its line to the /etc/pam.d/vsftpd file, my users can not login anymore to the FTP server. The problem is that I have very few information on what is wrong. VsFTPd just responds 530: login incorrect and I could not find a way to get debug or error messages from pam_mkhomedir. Here are my different configuration files. The /etc/pam.d/vsftpd file: auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session optional pam_mkhomedir.so skel=/home/skel debug The /etc/vsftpd.conf file: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem guest_enable=YES session_support=YES log_ftp_protocol=YES tcp_wrappers=YES Permissions on /home and /home/skel: root@ftp:/home# ls -al total 16 drwxrwxrwx 4 root root 4096 2011-10-11 21:19 . drwxr-xr-x 21 root root 4096 2011-09-27 13:32 .. drwxrwxrwx 2 root root 4096 2011-10-11 19:34 skel drwxrwxrwx 5 foo foo 4096 2011-10-11 21:11 foo root@ftp:/home# ls -al skel/ total 16 drwxrwxrwx 2 root root 4096 2011-10-11 19:34 . drwxrwxrwx 4 root root 4096 2011-10-11 21:19 .. -rwxrwxrwx 1 root root 3352 2011-10-11 19:34 .bashrc -rwxrwxrwx 1 root root 675 2011-10-11 19:34 .profile Yes, I know, permissions are not properly set but security is not the issue here: I first need to get it to work. So, to recapitulate: without pam_mkhomedir my LDAP users can login, but they cannot do anything because they are in an empty chrooted jail. If I add pam_mkhomedir, they cannot login anymore. If anyone has an idea why, or know how to get more information from logs, I would be very grateful, thanks.

Read the article
OpenLDAP, howto allow both secure (TLS) and unsecure (normal) connections?

- by Mikael Roos

Installed OpenLDAP 2.4 on FreeBSD 8.1. It works for ordinary connections OR for TLS connections. I can change it by (un)commenting the following lines in slapd.conf. # Enable TLS #security ssf=128 # Disable TLS security ssf=0 Is there a way to allow the clients to connect using TLS OR no-TLS? Can the ldap-server be configured to support both TLS connections and no-TLS connections? Tried to find the information in the manual, but failed: http://www.openldap.org/doc/admin24/access-control.html#Granting%20and%20Denying%20access%20based%20on%20security%20strength%20factors%20(ssf) http://www.openldap.org/doc/admin24/tls.html#Server%20Configuration Tried to read up on 'security' in manualpage for ldap.conf, didn't find the info there either. I guess I need to configure the 'secure' with some negotiation mechanism, "try to use TLS if client has it, otherwise continue using no-TLS". Connecting with a client (when slapd.conf is configure to use TLS): gm# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required gm# ldapsearch -Z -x -b '' -s base '(objectclass=*)' namingContexts (this works, -Z makes a TLS connection) So, can I have my ldap-server supporting client connections using TLS and ordinary (no-TLS) connections? Thanx in advance.

Read the article
Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)

- by Tom O'Connor

The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it. What we'd like to do is get a Windows 7 workstation to auth completely against Open Directory. We tried setting it up as an NT4 type PDC, and that doesn't work satisfactorily. We tried using pGina and the LDAP backend, which allows Authentication, but has no support for Authorization, and as a result, if we mount an NFS Share, the user has the rights to do anything they damn well please. Not ideal for security (Totally bloody unacceptable, actually). We tried using a Samba server (newer version than on the Open Directory Server) as an intermediate, so that it knows about the LDAP server on the OD Server, but uses Samba 4 instead of v3. That didn't work either. We could login, but couldn't mount, and if we did, we had the same rights as with pGina. If we right-click the mounted drive in Windows, and have a look at NFS UID, it returns -2, not the correct (mapped) UID. So the final plan I've got is to use an Active Directory, inside a Windows 2008R2 Virtual Machine. What I want to achieve is to have the Active Directory sync it's user data from OpenDirectory (read-only would be fine). That way, we'd have the ability to connect Windows 7 clients to a "virtual domain" which would actually just grab information from OD's LDAP. All the information I've found is about how to go the other way. Does anyone know how we can do this?

Read the article
Listing group members using ldapsearch

- by colemanm

Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

Read the article
Listing group members using ldapsearch

- by colemanm

Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

Read the article
Use Apache authentication + authorization to control access to Subversion subdirectories

- by Stefan Lasiewski

I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files. This works for our Staff. <Location /> DAV svn SVNParentPath /var/svn AuthType Basic AuthBasicProvider ldap # mod_authnz_ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org </Location> Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this: <Location /customerA> DAV svn SVNParentPath /var/svn # mod_authn_file AuthType Basic AuthBasicProvider file AuthUserFile /usr/local/etc/apache22/htpasswd.customerA Require user customerA </Location> I can use Firefox and curl to browse to this folder fine: curl https://svn.example.org/customerA/ --user customerA:password But I cannot use check out this SVN repository: $ svn co https://svn.example.org/customerA/ svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate And on the server logs, I get this strange error: # httpd-access.log 192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401 192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244 # httpd-error.log [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0] [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0] My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.

Read the article
Active Directory: how to be SURE users can change their own passwords?

- by Latro

Working on some project where a tool we have has to authenticate against AD connecting via LDAPS and perform password changes if required or requested. IN THEORY, the tool does that, and we have seen it work in other projects. IN PRACTICE, against this particular directory, it fails. Been driving me crazy. The particulars of the situation: Windows 2003 AD Defined a "technical user" for the LDAP connection with rights to change users passwords When password change is required - in this case, because pwdLastSet is 0 - the tool uses the technical account to go, bind to the controller and change the user password. If password change is not required but the user request it, then the bind is done with the user account. That last condition is the one that doesnt work. With the technical user the password change is possible, but with the user itself, it isnt. We get an error like this: LDAP access failed: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1: 0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) no idea what DSID-03190F00 means cause it doesnt seem to be anywhere in google :-/ Been looking at several MS documentation pages and frankly, I'm not understanding one bit of it. There is some "control access right" called User-Change-Password that may, or may not, control what objects have the right to change their own password, which may, or may not, have to do with ACE and ACLs... There is GPO. There is maybe the password policy but it is only set to ask for passwords of 6 chars or more... Can anybody explain to me in easy-to-check steps how can I go and tell the AD admin guy (who is as lost as me) what to do to ensure that users in the AD directory (objectClass top,person,organizationalPerson and user) are able to change their own passwords by themselves? Thanks in advance

Read the article
REMOTE_USER not getting set?

- by landed

I am trying to setup LDAP Authentication in Joomla using a plugin called JMapMyLDAP (in fact 4 plugins each doing a different job). I need to pull a part of a string out of the server variable REMOTE_USER and this should be visible (we see here http://timplummer.com.au/4-how-to-integrate-joomla-3-with-active-directory-using-ldap.html) in phpinfo(); The issue is that REMOTE_USER is not set or at least not appearing. A few things to note (if you don't mind) here- conceptually I am not really understanding authentication as a whole subject it appears to be vast despite my years working in websites. Yes I used asp and built php pages to check a user is who they say they are with a token(/session?) that was given to just them and then they are identified when a stateless request is made to the server. Thats my level of understanding. This sounds different to the basic authentication in apache where a password sits in a file and a username and the user needs to login to a basic form to get access to the folder/docs this is via an .htaccess file. Ok so with the LDAP to work I need to get REMOTE_USER this sounds very reasonable as how else do we know is making the request. Thank you.

Read the article
NAS for Mac OS X Server

- by SamAdmin

I'm using Mac OS X Server and want to allow the users that connect to their network accounts to store their data on a NAS drive. I want the users to connect to the Lion server as this allows for better policies and management for me and for their afp share to be located on a NAS drive. I've looked into home directories and network logins however I don't want the users to connect into a different login environment, just an authentication against their provided account on the Lion server and for their finder to take them to their own storage area - located on the NAS drive. Currently I am using FreeNAS for both authentication and storage however there are getting to be far too many people to manage each afp share and account, plus just using FreeNAS is extremely limiting for expansion and if something goes wrong with 1 entity the entire system goes down. Using the Lion server for user accounts and policies will be much better for this expanding business. I have looked into LDAP, using the Lion server as an LDAP server to authenticate against for FreeNAS however I have had issues with this and thought a different approach could be better from the other side of the situation... Providing the account with somewhere to store data rather than the afp share authenticating against an LDAP server. I am wrong to try it this way? Is it possible to logically add storage to a Mac OS X Server which can be recognised as a local drive, so can be used for network accounts?

Read the article
How to securely connect to multiple different LDAPS servers (Debian)

- by Pickle

I'm trying to connect to multiple different LDAPS servers. A lot of the documentation I've seen recommends setting TLS_REQCERT never, but that strikes me as horribly unsecure to not verify the certificate. So I've set that to demand. All the documentation I've seen says I need to update ldap.conf with a TLS_CACERT directive pointing to a .pem file. I've got that .pem file set up with the certificate from LDAP Server #1, and ldaps connections are happening fine. I've now got to communicate securely with another LDAP server in another branch of my organization, that uses a different certificate. I've seen no documentation on how to do this, except 1 page that says I can simply put multiple (not chained) certificates in the same .pem file. I've done this and everything is working hunky dorey. However, when I told a colleague what I did, he sounded like the sky was falling - putting 2 non-chained certificates into one .pem file is apparently the worst thing since ... ever. Is there a more acceptable way to do this? Or is this the only accepted way?

Read the article
openconnect on ubuntu 14.04LTS I get "XML response has no "auth" node"

- by Jas

I run openconnect to connect to juniper as following $ openconnect --version OpenConnect version v5.02 Using GnuTLS. Features present: PKCS#11, TOTP software token, DTLS (using OpenSSL) sudo openconnect -v -u=myuser --no-xmlpost --no-proxy https://myserver Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Mon, 25 Aug 2014 07:24:03 GMT x-frame-options: SAMEORIGIN Pragma: no-cache Cache-Control: no-store Expires: -1 Transfer-Encoding: chunked HTTP body chunked (-2) XML response has no "auth" node Failed to obtain WebVPN cookie can anyone help please?

Read the article
CentOS 5.5 : Postfix, Dovecot & MySQL

- by GruffTech

I'm hoping someone has seen this issue before because I'm at quite a loss. We're building a new outbound smtp server for our clients that features anti-spam scanning and virus scanning for outbound emails, something we had not previously done. So with CentOS 5.5 x64, Installed and patched completely. Postfix & Dovecot both installed via base repo. [grufftech@outgoing postfix]# rpm -qa | grep postfix postfix-2.3.3-2.1.el5_2 [grufftech@outgoing postfix]# rpm -qa | grep dovecot dovecot-1.0.7-7.el5 [grufftech@outgoing ~]# dovecot --build-options Build options: ioloop=poll notify=inotify ipv6 openssl SQL drivers: mysql postgresql Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap passwd prefetch passwd-file sql static /etc/dovecot.conf auth default { mechanisms = plain login digest-md5 cram-md5 passdb sql { args = /etc/dovecot-mysql.conf } userdb sql { args = /etc/dovecot-mysql.conf } userdb prefetch { } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = postfix group = postfix } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } All the server is doing is auth for postfix, so no reason to have imap / pop / dict. /etc/dovecot-mysql.conf driver = mysql connect = host=10.0.32.159 dbname=mail user=****** password=******** default_pass_scheme = plain user_query = select 1 password_query = select password from users where username = '%n' and domain = '%d' So drop in my configuration, (which is working on another server identical to this one.) [grufftech@outgoing ~]# /etc/init.d/dovecot start Starting Dovecot Imap: [ OK ] Sweet. Booted up nicely, thats good.... (incoming problem in 3....2....1....) May 21 08:09:01 outgoing dovecot: Dovecot v1.0.7 starting up May 21 08:09:02 outgoing dovecot: auth-worker(default): mysql: Connect failed to 10.0.32.159 (mail): Can't connect to MySQL server on '10.0.32.159' (13) - waiting for 1 seconds before retry well what the crap. went and checked permissions on my MySQL database, and its fine. [grufftech@outgoing ~]# mysql vpopmail -h 10.0.32.159 -u ****** -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 127828558 Server version: 4.1.22 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>\q So! My server can talk to my database server. but dovecot, for whatever reason, isn't able to. I've fiddled with it for the last six hours, grabbed slightly-older copies of the RPM (ones that matched our production server exactly) to test those, copied configs, searched google, searched server fault, chatted in IRC, banged my head against the table, I've done it all. Surely I'm doing something wrong or forgetting something, can anyone tell me what the elephant in the room is? This stuff is supposed to work.

Read the article
Basic Auth on DirectoryIndex Only

- by Brad

I am trying to configure basic auth for my index file, and only my index file. I have configured it like so: <Files index.htm> Order allow,deny Allow from all AuthType Basic AuthName "Some Auth" AuthUserFile "C:/path/to/my/.htpasswd" Require valid-user </Files> When I visit the page, 401 Authorization Required is returned as expected, but the browser doesn't prompt for the username/password. Some further inspection has revealed that Apache is not sending the WWW-Authenticate header. GET http://myhost/ HTTP/1.1 Host: myhost Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP/1.1 401 Authorization Required Date: Tue, 21 Jun 2011 21:36:48 GMT Server: Apache/2.2.16 (Win32) Content-Length: 401 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> Why is Apache doing this? How can I configure it to send that header appropriately? It is worth noting that this exact same set of directives work fine if I set them for a whole directory. It is only when I configure them to a directory index that they do not work. This is how I know my .htpasswd and such are fine. I am using Apache 2.2 on Windows. On another note, I found this listed as a bug in Apache 1.3. This leads me to believe that this is actually a configuration problem on my end.

Read the article
NGINX basic auth only for POST

- by hokkaido

Hello, I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over. What I want to do is to just use basic auth on POST requests, so anyone have pull access, but only authenticated users can push. I tried the following, if ($request_method = POST) { auth_basic "Restricted"; auth_basic_user_file /path/to/userfile } However it complains about "auth_basic directive is not allowed here". How can I solve this?

Read the article
Setting http auth type in phpMyAdmin on Debian

- by Daniel Hollands

I'm trying to set-up the fresh phpMyAdmin install on my Debian 6 server to use http authentication rather than the cookie based auth that is default when it is installed. To do this, I edited the $cfg['Servers'][$i]['auth_type'] line to use 'http' as its setting in /etc/phpmyadmin/config.inc.php, and restarted the server, but the setting seems to be being ignored, as when I goto phpmyadmin, it is still offering up the regular login box. I've done this twice before (once on debian and once on ubuntu), so I'm not sure why it isn't working this time. Thank you

Read the article
django auth : strange error with authenticate()

- by Rohit

I am using authenticate() to authenticating users manually. Using admin interface I can see that there is no 'last_login' attribute for Users Debug traceback is : Environment: Request Method: GET Request URL: https://localhost/login/ Django Version: 1.1.1 Python Version: 2.6.5 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'mobius.polls'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware') Traceback: File "/usr/lib/pymodules/python2.6/django/core/handlers/base.py" in get_response 92. response = callback(request, *callback_args, **callback_kwargs) File "/usr/lib/pymodules/python2.6/django/contrib/auth/__init__.py" in login 55. user.last_login = datetime.datetime.now() Exception Type: AttributeError at /login/ Exception Value: 'unicode' object has no attribute 'last_login' I cant figure out, why is there this discrepancy. Any kind of help would be appreciated. Thanks in advance!

Read the article
Kohana3 - ErrorException [ Notice ]: Undefined index: id - Error calling Auth::instance()

- by ahmet2106

Hello everybody, I've now a Problem with the newest Version of KohanaPHP (kohanaphp.com). After I've registered me and logged in into my test page, some minutes later, there is now the error: ErrorException [ Notice ]: Undefined index: id MODPATH/orm/classes/kohana/orm.php [ 1316 ] 1311 * 1312 * @return mixed primary key 1313 */ 1314 public function pk() 1315 { 1316 return $this->_object[$this->_primary_key]; 1317 } 1318 1319 /** 1320 * Returns whether or not primary key is empty 1321 * I've searched a lot in Google, but i never found an answer, the Problem now is, that I cant reloggin to get a new instance, because I've to call Auth::instance()-login() again, and Auth::instance() is not callable. Whats todo now, how can I fix it, is there already a new Version of ORM or Auth Module? Thanks everybody Ahmet

Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35 | Next Page >