Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

Page 32/135 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >

• Software Router: pfSense or Vyatta ?

  - by Kedare

  Hello, I'm rebuilding my home network and I am look to an alternative to the very expensives Cisco. So I take a lookt at the software routers, I've found Vyatta and pfSense. I have tested both and I find both great, but I don't know which one to choose. I need a router software that : Supports IPv6 (both do with pfSense 2 RC1) Allows me to join an OpenVPN Network Is free Configurable by CLI (WebGUI is a plus) After some testing, it looks like both a very featured, but Vyatta looks more CLI-centric where pfSense looks more WebGUI-centric. Which do you recommend me ? Why ? Is there any limitations on the free version of Vyatta ? I would like to run it on a small box like Soekris ones, it that possible ? (pfSense will run it, but I'm not sure with Vyatta) Thank you

  Read the article

• Inexpensive and Open replacement for Cisco Tunnel-based EasyVPN with Cisco VPN 3000 Series

  - by Shoaibi

  I have a scenario when i have to establish peer-to-peer preshared key based VPN to a vendor. This vendor uses Cisco EasyVPN with Cisco VPN 3000 as access concentrator. I check the compatibility of the type of VPN from http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure0900aecd80582078.pdf and it appears that it would only work on cisco hardware. I am looking for a less inexpensive and possibly and open replacement to this to save my cost and also recommend to them. I have tried OpenVPN and thinking about vyatta.

  Read the article

• How to set up a software VPN when moving a server to the cloud

  - by Neal L

  I work in a small company with one office in Dallas and another in Los Angeles. We run a Fedora server at our Dallas location and use a Linksys RV042 at each location to create a VPN connection between the sites. Every time the power or internet goes out in Dallas, our server is inaccessible so the entire company goes down. Because of this, we would like to use a shared server in the cloud (something like Linode) to avoid this problem. As a relative novice to VPN configurations, I would like to know if it is possible to set up a software VPN on the cloud server and connect our local networks in Dallas and LA to that VPN. I've read about openvpn and ssh vpns, but I don't know it is the best option. Could anyone with some experience point me in the right direction on the right combination of software VPN and hardware for this? We're open to new hardware to make this happen. Thanks!

  Read the article

• Route packets from one VPN to another

  - by Mike

  I have two OpenVPN servers (10.8.0.0 and 10.9.0.0) set up on my OpenSUSE server. Within one network, each computer is visible to any other one, but I'd like to make it so that computers are visible across networks. I'd like to route the packets like this: when a user (say 10.8.0.6) pings an address on the other VPN (10.9.0.6), the packets are routed to the 10.9.0.1 and then to the appropriate computer in this VPN. How do I achieve this using iptables or a different tool? I tried the commands at the end of this section with no avail.

  Read the article

• Routing only some local IPs through VPN on dd-wrt

  - by bo-inge-ostberg

  Much similar to this entry: http://serverfault.com/questions/94283/using-dd-wrt-to-connect-to-vpn-and-forward-all-traffic-of-certain-devices-through , I have set up my router with dd-wrt + OpenVPN to connect to a VPN. This works fine, and all traffic from behind the router goes through the VPN. How do I route(?) traffic in the router so that only certain IPs from the LAN will go through the VPN, while the others take the "normal" route? Is it also possible to allow traffic from certain local IPs to go ONLY through the VPN, making it impossible for them to use the regular internet connection if the VPN is down? I know this question was answered in the post I linked to, but that just doesn't seem to work for me. The routing table and rules change, but traffic still just goes through the VPN.

  Read the article

• Broadcast UDP over VPN

  - by ibmz

  I have OpenVPN configured and have 5 dd-wrt router clients. I would like the machines on those routers to be-able to UDP Broadcast across all 5 networks. I cannot bridge the interfaces(to my knowledge) because each router needs to be able to operate on its own should the VPN connection die (dhcp needs to work). currently each router has its own /24 (eg 192.168.1.x) network. Is there a way to use IPTables to mangle the udp and forward them to all VPN Clients? To summarize i need 1)to UDP broadcast to all routers and their clients 2)for all routers to be able to operate independently should the VPN go down

  Read the article

• squid3 auth thru samba using ntlm to AD doesn't work

  - by derty

  some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

  Read the article

• Allow VMWare client to connect only via VPN

  - by Frank Meulenaar

  I have a VMWare (currently using Workstation on Vista, but thinking about switching to ESX) client with Windows XP. I've installed OpenVPN in the client and it connects to the corporate VPN server. I want to make sure that all traffic from the Windows XP machine goes trough this VPN tunnel, but I can't change any settings on the corporate VPN server. Is it possible to restrict the internet connectivity of the Windows XP client in such a way that it can only send packets to the IP of the corporate VPN server? In that way it'd be impossible for packets to bypass the tunnel. I've looked at NAT configurations but couldn't see how I could make this setup.

  Read the article

• Juniper SRX1400 VPN

  - by ank

  I have been trying to set up a client VPN on a Juniper SRX1400 without much success. All documentation I found from Juniper and elsewhere does a lot of other (difficult and wonderful) things other than the simple things I want to do. We already have a VPN running on CISCO PIX hardware which we need to put to rest and we pretty much like to replicate the functionality, which is: 1) client makes a request to the outside interface of the SRX1400, 2) client gets authenticated, 3) if successful, then client is assigned all the usual DHCP stuff and becomes part of the network. What privileges this DHCP assigned network has, should be configurable of course with the usual routing/filtering methods. Am I asking for too much from the SRX for this kind of thing? Should I ditch the SRX for VPN and revert to an OpenVPN solution that I had working some time back also and was amazed at the ease of configuration, functionality and features?

  Read the article

• freeradius maximum session time problem

  - by haw3d

  hello I'm using openvpn and free-radius for control user accounts. for maximum session time for an user, free-radius has sqlcounter.conf that control that, but after a connection has disconnected that is useful and cannot destroy a connection. for control account time dynamically i need another script that do that. but should anytime that a connection has established a trigger run. is anyway to fire a custom trigger or script when a connection has established? or any way to control session time dynamically?

  Read the article

• Iptables mark incoming packet - vpn routing

  - by Tom

  I have connected my home to my workplace for out of house backup reasons through openvpn. The connection is working nicely. At work I have 5 fixed IP addresses. Now I would like to assign one of these IP addresses to be forwarded to my home machine. I have confirmed packet arrival at my home machine with tcpdump. The problem is that my default route at home is NOT the tun0 (naturally), but eth0 to my own ISP. So I created a separate routing table to route my tun0 packets back to where they belong, but do not how to mark the incoming packet which arrive through tun0 with iptables, so I can drive them back. I do not want any port restrictions, but only what comes from tun0 should leave through tun0 thanks tom

  Read the article

• How to setup a fast VPN server

  - by Saif Bechan

  I am trying to set up a VPN that has a fast download speed. The server I have is a linux server and from there I can download 2 megabytes a second. At home I can also download with 2 megabytes a second. All the downloads I do are from the same source, no different server. Now I have set up a VPN connection between my home and the server, and now I am only downloading 64 kilobytes a second! The connection I have created is a PPTP server on a debian machine. Now my question is if it is possible to optimize this connection. Should I maybe switch to OpenVPN, or change operating systems? Or are there some kind of settings to tweak to make the connection optimal. PS. The server I am running is on a XEN node. I have done the proper ip forwarding.

  Read the article

• Untangle VPN setup, how to see internal addresses?

  - by NFS user

  So Untangle is setup as the default gateway at 192.168.100.1/24, it is the authorative DHCP server issuing addresses from 192.168.100.100 to 192.168.100.200 and is successfully connected to the Internet. Untangle uses OpenVPN for remote access. Accessing the VPN gives me the address 192.168.40.5. However, I cannot ping any machines on the internal 192.168.100.x network remotely. Clearly, there is something basic that I am missing. What is it and how is it solved? Update: The VPN was not setup with the internal network. Since Untangle only allows editing the VPN setup once, the VPN had to be removed and reinstalled with the internal network exported. Now it works. The lesson is that the internal network must be setup before configuring the VPN.

  Read the article

• VPN service for 4in6

  - by Deshene

  I have a local network with internet access. But unfortunately IPv4 internet connection speed is limited to 1mbps, which is realy sad. Fortunately I have a native IPv6, and there is no connection speed limit over IPv6. So, in order to get a good internet connection I made a plan: connect to the VPN-service over IPv6, and pass all IPv4 traffic through IPv6 tunnel, or something like that, I think you get the idea. I suggested to use service like HideMyAss.com, but unfortunately they don't support IPv6. The question is: Is there any existing VPN service that will make my dreams come true, and is easy to use, which I could connect over PPTP or OpenVPN (I want to set up connection to VPN in my router settings).

  Read the article

• is it possible in this case to get two IPv6 networks to communicate over the IPv4 Internet?

  - by user239167

  I have a setup of a laptop connected to a cellular IPv4 network (3G usb dongle) and PC connected to another IPv4/IPv6 network. Both have been configured to run as IPv6 routers and each has its IPv6 network. The laptop connects to the Internet via the 3G network with IPv4 address (private one and it is mostly changing) on one interface and has the other interface on AP mode providing its own private IPv6 network (2001:db8:444::/64). The PC connects to the Internet via the organization network with both public IPv4 and IPv6 addresses on one interface and has the other interface on AP mode providing its own private IPv6 network (2001:db8:222::/64). Both running Linux Ubuntu. Is it possible to get the two IPv6 network (2001:db8:222::/64 and 2001:db8:444::/64) to communicate over the IPv4 Internet? Is openvpn of any good in this case to get IPv6 traffic over IPv4-IPv4 tunnel? Thanks for helping in advance

  Read the article

• How to deal with redirect traffic in widows2003

  - by Huiyu

  I have set up an OpenVPN server on Windows 2003, and I want to route all client traffic through the VPN, so that my clients can connect to the Internet through the VPN server. In the server configuration, I added push "redirect-gateway def1". I know the server needs to be configured to deal with the traffic somehow: for example, on Linux, I can use iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE. The problem is, I don't know how to deal with the traffic on Windows Server 2003. Is there any way to accomplish this?

  Read the article

• django: caching passwords for custom authentication

  - by gruszczy

  I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

  Read the article

• Can't modify constant item in scalar assignment

  - by joe

  sub new { my $class = shift; my $ldap_obj = Net::LDAP->new( 'test.company.com' ) or die "$@"; my $self = { _ldap = $ldap_obj, _dn ='dc=users,dc=ldap,dc=company,dc=com', _dn_login = 'dc=login,dc=ldap,dc=company,dc=com', _description ='company', }; # Print all the values just for clarification. bless $self, $class; return $self; } what is wrong on this code : i got this error Can't modify constant item in scalar assignment at Core.pm line 12, near "$ldap_obj,"

  Read the article

• VsFTPd - pam_mkhomedir

  - by Totor

  I am trying to set up a FTP server that authenticates against an LDAP server. This part is done and works. My server is VsFTPd on Ubuntu Server 11.04. But I have to create the home directories for my LDAP users. I am trying to user the pam_mkhomedir module but it is not working: when I add its line to the /etc/pam.d/vsftpd file, my users can not login anymore to the FTP server. The problem is that I have very few information on what is wrong. VsFTPd just responds 530: login incorrect and I could not find a way to get debug or error messages from pam_mkhomedir. Here are my different configuration files. The /etc/pam.d/vsftpd file: auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session optional pam_mkhomedir.so skel=/home/skel debug The /etc/vsftpd.conf file: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem guest_enable=YES session_support=YES log_ftp_protocol=YES tcp_wrappers=YES Permissions on /home and /home/skel: root@ftp:/home# ls -al total 16 drwxrwxrwx 4 root root 4096 2011-10-11 21:19 . drwxr-xr-x 21 root root 4096 2011-09-27 13:32 .. drwxrwxrwx 2 root root 4096 2011-10-11 19:34 skel drwxrwxrwx 5 foo foo 4096 2011-10-11 21:11 foo root@ftp:/home# ls -al skel/ total 16 drwxrwxrwx 2 root root 4096 2011-10-11 19:34 . drwxrwxrwx 4 root root 4096 2011-10-11 21:19 .. -rwxrwxrwx 1 root root 3352 2011-10-11 19:34 .bashrc -rwxrwxrwx 1 root root 675 2011-10-11 19:34 .profile Yes, I know, permissions are not properly set but security is not the issue here: I first need to get it to work. So, to recapitulate: without pam_mkhomedir my LDAP users can login, but they cannot do anything because they are in an empty chrooted jail. If I add pam_mkhomedir, they cannot login anymore. If anyone has an idea why, or know how to get more information from logs, I would be very grateful, thanks.

  Read the article

• OpenLDAP, howto allow both secure (TLS) and unsecure (normal) connections?

  - by Mikael Roos

  Installed OpenLDAP 2.4 on FreeBSD 8.1. It works for ordinary connections OR for TLS connections. I can change it by (un)commenting the following lines in slapd.conf. # Enable TLS #security ssf=128 # Disable TLS security ssf=0 Is there a way to allow the clients to connect using TLS OR no-TLS? Can the ldap-server be configured to support both TLS connections and no-TLS connections? Tried to find the information in the manual, but failed: http://www.openldap.org/doc/admin24/access-control.html#Granting%20and%20Denying%20access%20based%20on%20security%20strength%20factors%20(ssf) http://www.openldap.org/doc/admin24/tls.html#Server%20Configuration Tried to read up on 'security' in manualpage for ldap.conf, didn't find the info there either. I guess I need to configure the 'secure' with some negotiation mechanism, "try to use TLS if client has it, otherwise continue using no-TLS". Connecting with a client (when slapd.conf is configure to use TLS): gm# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required gm# ldapsearch -Z -x -b '' -s base '(objectclass=*)' namingContexts (this works, -Z makes a TLS connection) So, can I have my ldap-server supporting client connections using TLS and ordinary (no-TLS) connections? Thanx in advance.

  Read the article

• Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)

  - by Tom O'Connor

  The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it. What we'd like to do is get a Windows 7 workstation to auth completely against Open Directory. We tried setting it up as an NT4 type PDC, and that doesn't work satisfactorily. We tried using pGina and the LDAP backend, which allows Authentication, but has no support for Authorization, and as a result, if we mount an NFS Share, the user has the rights to do anything they damn well please. Not ideal for security (Totally bloody unacceptable, actually). We tried using a Samba server (newer version than on the Open Directory Server) as an intermediate, so that it knows about the LDAP server on the OD Server, but uses Samba 4 instead of v3. That didn't work either. We could login, but couldn't mount, and if we did, we had the same rights as with pGina. If we right-click the mounted drive in Windows, and have a look at NFS UID, it returns -2, not the correct (mapped) UID. So the final plan I've got is to use an Active Directory, inside a Windows 2008R2 Virtual Machine. What I want to achieve is to have the Active Directory sync it's user data from OpenDirectory (read-only would be fine). That way, we'd have the ability to connect Windows 7 clients to a "virtual domain" which would actually just grab information from OD's LDAP. All the information I've found is about how to go the other way. Does anyone know how we can do this?

  Read the article

• Listing group members using ldapsearch

  - by colemanm

  Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

  Read the article

• Listing group members using ldapsearch

  - by colemanm

  Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally. I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need: ldapsearch -xLLL -H ldap://server.domain.net / -b "cn=users,dc=server,dc=domain,dc=net" objectClass / uid uidNumber cn userPassword > directorycontents.ldif That gives me a list of users and properties that I can import to my remote OpenLDAP server. dn: uid=username1,cn=users,dc=server,dc=domain,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson uidNumber: 1000 uid: username1 userPassword:: (hashedpassword) cn: username1 However, when I try the same query on an OD "group" instead of a "container," the results are something like this: dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net objectClass: posixGroup objectClass: apple-group objectClass: extensibleObject objectClass: top gidNumber: 1032 cn: groupname memberUid: username1 memberUid: username2 memberUid: username3 What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

  Read the article

• Use Apache authentication + authorization to control access to Subversion subdirectories

  - by Stefan Lasiewski

  I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files. This works for our Staff. <Location /> DAV svn SVNParentPath /var/svn AuthType Basic AuthBasicProvider ldap # mod_authnz_ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org </Location> Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this: <Location /customerA> DAV svn SVNParentPath /var/svn # mod_authn_file AuthType Basic AuthBasicProvider file AuthUserFile /usr/local/etc/apache22/htpasswd.customerA Require user customerA </Location> I can use Firefox and curl to browse to this folder fine: curl https://svn.example.org/customerA/ --user customerA:password But I cannot use check out this SVN repository: $ svn co https://svn.example.org/customerA/ svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate And on the server logs, I get this strange error: # httpd-access.log 192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401 192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244 # httpd-error.log [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0] [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0] My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.

  Read the article

• Active Directory: how to be SURE users can change their own passwords?

  - by Latro

  Working on some project where a tool we have has to authenticate against AD connecting via LDAPS and perform password changes if required or requested. IN THEORY, the tool does that, and we have seen it work in other projects. IN PRACTICE, against this particular directory, it fails. Been driving me crazy. The particulars of the situation: Windows 2003 AD Defined a "technical user" for the LDAP connection with rights to change users passwords When password change is required - in this case, because pwdLastSet is 0 - the tool uses the technical account to go, bind to the controller and change the user password. If password change is not required but the user request it, then the bind is done with the user account. That last condition is the one that doesnt work. With the technical user the password change is possible, but with the user itself, it isnt. We get an error like this: LDAP access failed: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1: 0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) no idea what DSID-03190F00 means cause it doesnt seem to be anywhere in google :-/ Been looking at several MS documentation pages and frankly, I'm not understanding one bit of it. There is some "control access right" called User-Change-Password that may, or may not, control what objects have the right to change their own password, which may, or may not, have to do with ACE and ACLs... There is GPO. There is maybe the password policy but it is only set to ask for passwords of 6 chars or more... Can anybody explain to me in easy-to-check steps how can I go and tell the AD admin guy (who is as lost as me) what to do to ensure that users in the AD directory (objectClass top,person,organizationalPerson and user) are able to change their own passwords by themselves? Thanks in advance

  Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >